Help, possibly infected (seeking expert advising)

wyldecard723 · May 27, 2013

Hello,

I believe my computer is infected (possibly with trackers/keyloggers or even something able to open/close my computer processes remotely) and seek expert counsel on followup course of action.

About a week ago, when following google search result links, my browser (mozilla) would redirect to a (totally unrelated and seemingly random) site instead. I had to back out of the page, often multiple times, and again try following the google link to reach the correct link. Though this seemed highly abnormal to me, my anti-virus (symantec endpoint protection) did not notify me of any infection, and a full scan brought back zero malicious item detections.

Then, yesterday while taking a practice MCAT test online, my computer opened windows media player on its own and began playing a (seemingly random) ad video about hardware tools. Upon closing the player, it would reopen a few seconds later. This continued for a few minutes before it stopped reopening.

Edit: JUST NOW, while writing the first draft of this post, my computer closed mozilla on its own. Reopening mozilla opened all the tabs/windows I had open, but still this behavior seems abnormal to me.

For reference, I downloaded MBAM just after the media player video stopped reopening yesterday. An update and both a quick and full scan later, no malicious items were detected. However, it soon after notified me of IP protection startup, and carrying out IP-block. This happened as my mouse cursor wheel began spinning, as if my computer were accessing/trying to open a program. This has again happened just this morning, which prompted me to find and peruse this forum.

I have seen and plan to followup on all the must-have software and practices listed in http://forums.malwar...?showtopic=9365, but as stated in the topic, wanted to verify or receive expert advice before attempting installations/ program changes. I might note that I did already perform a disk cleanup yesterday morning, removing my temp files (I did this before finding these forum posts advising against doing so).

I have copy/pasted my dds.txt and attach.txt contents below, as well as the lines from my MBAM logs from today and yesterday. The MBAM protection logs in particular looked strange to my untrained eye because they note that the outgoing IP-block occurred through process:iexplore.exe. I do not open IE whatsoever, aside from occasionally misclicking on the IE icon rather than the mozilla icon. I will also note that upon seeing step 12.) in http://forums.malwar...?showtopic=9365, I immediately opened IE Tools > Internet Options > Security > Internet, where I observed that activeX was already locked down as recommended in step 12.)

I am not a computer or malware expert whatsoever, and for all I know, the MBAM notifications about IP protection and IP block has already secured my computer, in which case I will immediately followup by attempting to further secure by downloading the musthave software If an expert can respond to this post after reading the below files, I would greatly appreciate it and will try to respond promptly.

Thank you,

Jason Wong

--------- MBAM protection-log-2013-05-26 --------

2013/05/26 11:12:32 -0400 JASON-PC Jason MESSAGE Starting protection

2013/05/26 11:12:32 -0400 JASON-PC Jason MESSAGE Protection started successfully

2013/05/26 11:12:32 -0400 JASON-PC Jason MESSAGE Starting IP protection

2013/05/26 11:12:39 -0400 JASON-PC Jason MESSAGE IP Protection started successfully

2013/05/26 11:12:45 -0400 JASON-PC Jason MESSAGE Starting database refresh

2013/05/26 11:12:45 -0400 JASON-PC Jason MESSAGE Stopping IP protection

2013/05/26 11:12:46 -0400 JASON-PC Jason MESSAGE IP Protection stopped successfully

2013/05/26 11:12:48 -0400 JASON-PC Jason MESSAGE Database refreshed successfully

2013/05/26 11:12:48 -0400 JASON-PC Jason MESSAGE Starting IP protection

2013/05/26 11:12:49 -0400 JASON-PC Jason MESSAGE IP Protection started successfully

2013/05/26 13:19:20 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 51939, Process: iexplore.exe)

2013/05/26 13:19:20 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 51940, Process: iexplore.exe)

2013/05/26 13:19:20 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 51941, Process: iexplore.exe)

--------- MBAM protection-log-2013-05-27 --------

2013/05/27 09:33:36 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 58418, Process: iexplore.exe)

2013/05/27 09:33:36 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 58417, Process: iexplore.exe)

2013/05/27 09:33:36 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 58419, Process: iexplore.exe)

2013/05/27 09:46:46 -0400 JASON-PC Jason MESSAGE Starting database refresh

2013/05/27 09:46:46 -0400 JASON-PC Jason MESSAGE Stopping IP protection

2013/05/27 09:46:46 -0400 JASON-PC Jason MESSAGE IP Protection stopped successfully

2013/05/27 09:46:50 -0400 JASON-PC Jason MESSAGE Database refreshed successfully

2013/05/27 09:46:50 -0400 JASON-PC Jason MESSAGE Starting IP protection

2013/05/27 09:46:53 -0400 JASON-PC Jason MESSAGE IP Protection started successfully

2013/05/27 11:02:07 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 62311, Process: iexplore.exe)

2013/05/27 11:02:07 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 62310, Process: iexplore.exe)

2013/05/27 11:02:07 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 62312, Process: iexplore.exe)

2013/05/27 11:02:07 -0400 JASON-PC Jason IP-BLOCK 69.6.27.110 (Type: outgoing, Port: 62313, Process: iexplore.exe)

---------- mbam-log-2013-05-26 (11-13-08) --------

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.26.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: JASON-PC [administrator]

Protection: Enabled

5/26/2013 11:13:08 AM

mbam-log-2013-05-26 (11-13-08).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 239002

Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---------- mbam-log-2013-05-26 (11-16-18) --------

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.26.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: JASON-PC [administrator]

Protection: Enabled

5/26/2013 11:16:18 AM

mbam-log-2013-05-26 (11-16-18).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 422421

Time elapsed: 58 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-------- dds.txt -------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2

Run by Jason at 10:27:25 on 2013-05-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.4995 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\spoolsv.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\LockKey\LockKey.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\USB Camera\VM331_STI.EXE

C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\FMAPP.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\hkcmd.exe

C:\Windows\system32\igfxpers.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\System32\regsvr32.exe

C:\Windows\SysWOW64\regsvr32.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe

C:\Users\Jason\AppData\Local\Apps\2.0\X07E9ZAP.0OP\1QYX6T8A.95H\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e04426adbac\CurseClient.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

mWinlogon: Userinit = userinit.exe

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\IPS\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [ClassesB] REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun: [intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe

mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"

mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{42B2FC5B-5044-42CA-AF8D-B14A519412F4} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{EA816A55-A479-46FE-92B6-6867989980E0} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EA816A55-A479-46FE-92B6-6867989980E0}\16474777966696 : DHCPNameServer = 192.168.128.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{EA816A55-A479-46FE-92B6-6867989980E0}\2375942554133393 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{EA816A55-A479-46FE-92B6-6867989980E0}\458494350235849445021494E472450264255454 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EA816A55-A479-46FE-92B6-6867989980E0}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [synLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\exein8q5.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

.

============= SERVICES / DRIVERS ===============

.

R0 fbfmon;fbfmon;C:\Windows\System32\drivers\fbfmon.sys [2012-7-24 57952]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-18 16152]

R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-7-24 39008]

R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-7-24 24160]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-25 30496]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\SymDS64.sys [2011-11-15 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\SymEFA64.sys [2012-2-26 932472]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130502.011\BHDrvx64.sys [2013-5-7 1390680]

R1 BPntDrv;BPntDrv;C:\Windows\System32\drivers\BPntDrv.sys [2012-7-24 13408]

R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130523.001\IDSviA64.sys [2013-5-24 513184]

R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-7-24 59488]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\Ironx64.sys [2011-11-15 171128]

R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C01044D\0191.105\x64\symnets.sys [2012-3-18 386168]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-5 659968]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-5 135952]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-24 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-24 161560]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-26 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-26 701512]

R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [2012-1-28 137208]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-24 363800]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]

R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-7-24 134696]

R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-7-24 615976]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-7-24 39976]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-29 31088]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-22 138912]

R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-12 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-18 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-18 788760]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-13 104048]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-26 25928]

R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2012-7-24 952832]

S2 CLKMSVC10_3A60B698;CyberLink Product - 2012/07/24 02:08:34;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-7-24 120160]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-5 195584]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-24 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-9 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-9 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-9 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-18 1255736]

S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-05-26 15:12:25 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes

2013-05-26 15:12:16 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-26 15:12:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-26 15:12:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-26 15:12:01 -------- d-----w- C:\Users\Jason\AppData\Local\Programs

2013-05-18 20:58:38 -------- d-----w- C:\Users\Jason\AppData\Roaming\Curse Advertising

2013-05-16 12:26:35 -------- d-----w- C:\Riot Games

2013-05-16 12:18:59 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-16 12:18:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-16 12:18:57 -------- d-----w- C:\Users\Jason\AppData\Roaming\Riot Games

2013-05-16 00:24:07 -------- d-----w- C:\Program Files (x86)\Diablo III

2013-05-15 22:11:56 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-15 21:50:11 -------- d-----w- C:\Users\Jason\AppData\Local\ClassesB

.

==================== Find3M ====================

.

2013-05-15 22:47:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 22:47:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 22:47:07 17613192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-03-25 16:01:34 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-25 16:01:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll

2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll

2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe

2013-03-15 04:16:10 76064 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll

2013-03-15 04:16:10 568608 ----a-w- C:\Windows\SysWow64\oemdspif.dll

2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll

2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll

2013-03-15 04:16:10 1016096 ----a-w- C:\Windows\System32\nv3dappshext.dll

2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin

2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe

2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

.

============= FINISH: 10:28:16.85 ===============

--------- attach.txt -----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/17/2012 1:22:53 PM

System Uptime: 5/23/2013 4:12:40 PM (90 hours ago)

.

Motherboard: LENOVO | | Product Name

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz | U3E1 | 1196/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 421 GiB total, 266.851 GiB free.

D: is FIXED (NTFS) - 25 GiB total, 21.702 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP62: 5/18/2013 3:14:24 PM - Scheduled Checkpoint

RP63: 5/26/2013 9:00:08 AM - Scheduled Checkpoint

RP64: 5/26/2013 11:23:46 AM - Windows Modules Installer

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Bonjour

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Diablo III

Dota 2

Energy Management

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed

Intel® Rapid Storage Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® WiDi

Intel® Wireless Display

Intel® Wireless Music device driver

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

Intelligent Touchpad

iTunes

Java 7 Update 21

Java Auto Updater

JMicron Flash Media Controller Driver

Junk Mail filter update

League of Legends

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo EasyCamera

Lenovo EE Boot Optimizer

Lenovo OneKey Recovery

Lenovo PowerDVD10

Lenovo Registration

Lenovo Welcome

Lenovo YouCam

LockKey

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Nsd

NVIDIA Control Panel 314.22

NVIDIA Graphics Driver 314.22

NVIDIA Install Application

NVIDIA Optimus 1.12.12

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.12.12

NVIDIA Update Components

Onekey Theater

Pando Media Booster

Power2Go

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition

Skype™ 6.3

Steam

SugarSync Manager

Symantec Endpoint Protection

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

UserGuide

VeriFace

Windows Driver Package - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

5/26/2013 9:54:10 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

.

==== End Of File ===========================

Maurice Naggar · May 27, 2013

Hello wyldecard723 and welcome to MalwareBytes forum.

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Press Windows-key +R key on your keyboard to get RUN option.
Type in
```
explorer.exe
```
and press Enter to start Windows Explorer.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
>> from here <<
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on Scan button at upper right of screen.
Wait until the Status box shows "Scan Finished"
Click on Report and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

the contents of C:\AdwCleaner[R1].txt;
the contents of TDSSKILLER log;
the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

wyldecard723 · May 28, 2013

Hello Maurice,

Thank you for your time today. I have posted the three logs below.

-----C:\AdwCleaner[R1].txt ------

# AdwCleaner v2.301 - Logfile created 05/27/2013 at 19:46:07

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Jason - JASON-PC

# Boot Mode : Normal

# Running from : C:\Users\Jason\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\Partner

Folder Found : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\exein8q5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [884 octets] - [27/05/2013 19:46:07]

########## EOF - C:\AdwCleaner[R1].txt - [943 octets] ##########

---------TDSSKILLER log ---------

19:48:55.0477 1704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:48:55.0930 1704 ============================================================

19:48:55.0930 1704 Current date / time: 2013/05/27 19:48:55.0930

19:48:55.0930 1704 SystemInfo:

19:48:55.0930 1704

19:48:55.0931 1704 OS Version: 6.1.7601 ServicePack: 1.0

19:48:55.0931 1704 Product type: Workstation

19:48:55.0931 1704 ComputerName: JASON-PC

19:48:55.0931 1704 UserName: Jason

19:48:55.0931 1704 Windows directory: C:\Windows

19:48:55.0931 1704 System windows directory: C:\Windows

19:48:55.0931 1704 Running under WOW64

19:48:55.0931 1704 Processor architecture: Intel x64

19:48:55.0931 1704 Number of processors: 8

19:48:55.0931 1704 Page size: 0x1000

19:48:55.0931 1704 Boot type: Normal boot

19:48:55.0931 1704 ============================================================

19:48:56.0749 1704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:48:56.0766 1704 ============================================================

19:48:56.0767 1704 \Device\Harddisk0\DR0:

19:48:56.0767 1704 MBR partitions:

19:48:56.0767 1704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

19:48:56.0767 1704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000

19:48:56.0767 1704 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000

19:48:56.0767 1704 ============================================================

19:48:56.0785 1704 C: <-> \Device\Harddisk0\DR0\Partition2

19:48:56.0822 1704 D: <-> \Device\Harddisk0\DR0\Partition3

19:48:56.0822 1704 ============================================================

19:48:56.0823 1704 Initialize success

19:48:56.0823 1704 ============================================================

19:49:09.0015 14148 ============================================================

19:49:09.0015 14148 Scan started

19:49:09.0015 14148 Mode: Manual;

19:49:09.0015 14148 ============================================================

19:49:09.0580 14148 ================ Scan system memory ========================

19:49:09.0580 14148 System memory - ok

19:49:09.0581 14148 ================ Scan services =============================

19:49:09.0731 14148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

19:49:09.0736 14148 1394ohci - ok

19:49:09.0755 14148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:49:09.0762 14148 ACPI - ok

19:49:09.0773 14148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:49:09.0775 14148 AcpiPmi - ok

19:49:09.0798 14148 [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys

19:49:09.0800 14148 ACPIVPC - ok

19:49:09.0874 14148 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:49:09.0875 14148 AdobeARMservice - ok

19:49:09.0968 14148 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:49:09.0971 14148 AdobeFlashPlayerUpdateSvc - ok

19:49:10.0018 14148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

19:49:10.0026 14148 adp94xx - ok

19:49:10.0051 14148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

19:49:10.0058 14148 adpahci - ok

19:49:10.0074 14148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

19:49:10.0078 14148 adpu320 - ok

19:49:10.0110 14148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:49:10.0112 14148 AeLookupSvc - ok

19:49:10.0143 14148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:49:10.0152 14148 AFD - ok

19:49:10.0174 14148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:49:10.0177 14148 agp440 - ok

19:49:10.0187 14148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:49:10.0190 14148 ALG - ok

19:49:10.0206 14148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:49:10.0209 14148 aliide - ok

19:49:10.0219 14148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:49:10.0221 14148 amdide - ok

19:49:10.0231 14148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

19:49:10.0234 14148 AmdK8 - ok

19:49:10.0249 14148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

19:49:10.0252 14148 AmdPPM - ok

19:49:10.0269 14148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:49:10.0273 14148 amdsata - ok

19:49:10.0293 14148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

19:49:10.0298 14148 amdsbs - ok

19:49:10.0308 14148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:49:10.0309 14148 amdxata - ok

19:49:10.0345 14148 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

19:49:10.0350 14148 AMPPAL - ok

19:49:10.0357 14148 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

19:49:10.0360 14148 AMPPALP - ok

19:49:10.0429 14148 [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

19:49:10.0441 14148 AMPPALR3 - ok

19:49:10.0466 14148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:49:10.0468 14148 AppID - ok

19:49:10.0492 14148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:49:10.0495 14148 AppIDSvc - ok

19:49:10.0520 14148 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

19:49:10.0523 14148 Appinfo - ok

19:49:10.0578 14148 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:49:10.0579 14148 Apple Mobile Device - ok

19:49:10.0596 14148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

19:49:10.0599 14148 arc - ok

19:49:10.0619 14148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

19:49:10.0622 14148 arcsas - ok

19:49:10.0692 14148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:49:10.0694 14148 aspnet_state - ok

19:49:10.0708 14148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:49:10.0711 14148 AsyncMac - ok

19:49:10.0736 14148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:49:10.0737 14148 atapi - ok

19:49:10.0780 14148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:49:10.0792 14148 AudioEndpointBuilder - ok

19:49:10.0806 14148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:49:10.0813 14148 AudioSrv - ok

19:49:10.0850 14148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:49:10.0854 14148 AxInstSV - ok

19:49:10.0883 14148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

19:49:10.0893 14148 b06bdrv - ok

19:49:10.0914 14148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:49:10.0920 14148 b57nd60a - ok

19:49:10.0951 14148 [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys

19:49:10.0955 14148 bcbtums - ok

19:49:10.0986 14148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:49:10.0991 14148 BDESVC - ok

19:49:11.0004 14148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:49:11.0006 14148 Beep - ok

19:49:11.0043 14148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:49:11.0055 14148 BFE - ok

19:49:11.0185 14148 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130502.011\BHDrvx64.sys

19:49:11.0261 14148 BHDrvx64 - ok

19:49:11.0300 14148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

19:49:11.0315 14148 BITS - ok

19:49:11.0334 14148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

19:49:11.0336 14148 blbdrive - ok

19:49:11.0390 14148 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:49:11.0399 14148 Bonjour Service - ok

19:49:11.0433 14148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:49:11.0436 14148 bowser - ok

19:49:11.0469 14148 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\Windows\system32\drivers\BPntDrv.sys

19:49:11.0471 14148 BPntDrv - ok

19:49:11.0494 14148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

19:49:11.0497 14148 BrFiltLo - ok

19:49:11.0512 14148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

19:49:11.0514 14148 BrFiltUp - ok

19:49:11.0549 14148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:49:11.0553 14148 Browser - ok

19:49:11.0574 14148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:49:11.0581 14148 Brserid - ok

19:49:11.0598 14148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:49:11.0601 14148 BrSerWdm - ok

19:49:11.0617 14148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:49:11.0620 14148 BrUsbMdm - ok

19:49:11.0634 14148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:49:11.0637 14148 BrUsbSer - ok

19:49:11.0665 14148 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

19:49:11.0666 14148 BthEnum - ok

19:49:11.0686 14148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

19:49:11.0689 14148 BTHMODEM - ok

19:49:11.0706 14148 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

19:49:11.0709 14148 BthPan - ok

19:49:11.0734 14148 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

19:49:11.0745 14148 BTHPORT - ok

19:49:11.0774 14148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:49:11.0778 14148 bthserv - ok

19:49:11.0796 14148 [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

19:49:11.0800 14148 BTHSSecurityMgr - ok

19:49:11.0811 14148 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

19:49:11.0815 14148 BTHUSB - ok

19:49:11.0836 14148 [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys

19:49:11.0848 14148 btwampfl - ok

19:49:11.0861 14148 [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

19:49:11.0866 14148 btwaudio - ok

19:49:11.0881 14148 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys

19:49:11.0886 14148 btwavdt - ok

19:49:11.0938 14148 [ CE6AD9E2874D19069569F03C819B558C ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

19:49:11.0955 14148 btwdins - ok

19:49:11.0965 14148 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

19:49:11.0967 14148 btwl2cap - ok

19:49:11.0980 14148 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

19:49:11.0982 14148 btwrchid - ok

19:49:12.0010 14148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:49:12.0013 14148 cdfs - ok

19:49:12.0047 14148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:49:12.0051 14148 cdrom - ok

19:49:12.0086 14148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:49:12.0089 14148 CertPropSvc - ok

19:49:12.0100 14148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

19:49:12.0102 14148 circlass - ok

19:49:12.0125 14148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:49:12.0133 14148 CLFS - ok

19:49:12.0216 14148 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_3A60B698 C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe

19:49:12.0222 14148 CLKMSVC10_3A60B698 - ok

19:49:12.0403 14148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:49:12.0408 14148 clr_optimization_v2.0.50727_32 - ok

19:49:12.0552 14148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:49:12.0554 14148 clr_optimization_v2.0.50727_64 - ok

19:49:12.0605 14148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:49:12.0608 14148 clr_optimization_v4.0.30319_32 - ok

19:49:12.0655 14148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:49:12.0657 14148 clr_optimization_v4.0.30319_64 - ok

19:49:12.0698 14148 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys

19:49:12.0700 14148 clwvd - ok

19:49:12.0736 14148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

19:49:12.0738 14148 CmBatt - ok

19:49:12.0752 14148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:49:12.0754 14148 cmdide - ok

19:49:12.0794 14148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

19:49:12.0802 14148 CNG - ok

19:49:12.0828 14148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

19:49:12.0829 14148 Compbatt - ok

19:49:12.0852 14148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

19:49:12.0855 14148 CompositeBus - ok

19:49:12.0860 14148 COMSysApp - ok

19:49:12.0946 14148 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

19:49:12.0953 14148 cphs - ok

19:49:12.0967 14148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

19:49:12.0970 14148 crcdisk - ok

19:49:13.0008 14148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:49:13.0012 14148 CryptSvc - ok

19:49:13.0050 14148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:49:13.0061 14148 DcomLaunch - ok

19:49:13.0094 14148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:49:13.0100 14148 defragsvc - ok

19:49:13.0117 14148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:49:13.0121 14148 DfsC - ok

19:49:13.0147 14148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:49:13.0154 14148 Dhcp - ok

19:49:13.0179 14148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:49:13.0182 14148 discache - ok

19:49:13.0213 14148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

19:49:13.0216 14148 Disk - ok

19:49:13.0228 14148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:49:13.0233 14148 Dnscache - ok

19:49:13.0252 14148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:49:13.0259 14148 dot3svc - ok

19:49:13.0277 14148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:49:13.0282 14148 DPS - ok

19:49:13.0313 14148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:49:13.0316 14148 drmkaud - ok

19:49:13.0353 14148 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:49:13.0404 14148 DXGKrnl - ok

19:49:13.0422 14148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:49:13.0425 14148 EapHost - ok

19:49:13.0501 14148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

19:49:13.0727 14148 ebdrv - ok

19:49:13.0806 14148 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:49:13.0816 14148 eeCtrl - ok

19:49:13.0846 14148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:49:13.0849 14148 EFS - ok

19:49:13.0909 14148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:49:13.0922 14148 ehRecvr - ok

19:49:13.0937 14148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:49:13.0940 14148 ehSched - ok

19:49:13.0982 14148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

19:49:13.0993 14148 elxstor - ok

19:49:14.0047 14148 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:49:14.0051 14148 EraserUtilRebootDrv - ok

19:49:14.0066 14148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:49:14.0068 14148 ErrDev - ok

19:49:14.0105 14148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:49:14.0113 14148 EventSystem - ok

19:49:14.0210 14148 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

19:49:14.0221 14148 EvtEng - ok

19:49:14.0254 14148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:49:14.0259 14148 exfat - ok

19:49:14.0279 14148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:49:14.0284 14148 fastfat - ok

19:49:14.0311 14148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:49:14.0325 14148 Fax - ok

19:49:14.0348 14148 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\Windows\system32\drivers\fbfmon.sys

19:49:14.0349 14148 fbfmon - ok

19:49:14.0373 14148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

19:49:14.0375 14148 fdc - ok

19:49:14.0396 14148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:49:14.0397 14148 fdPHost - ok

19:49:14.0420 14148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:49:14.0423 14148 FDResPub - ok

19:49:14.0444 14148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:49:14.0446 14148 FileInfo - ok

19:49:14.0461 14148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:49:14.0464 14148 Filetrace - ok

19:49:14.0488 14148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

19:49:14.0491 14148 flpydisk - ok

19:49:14.0509 14148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:49:14.0516 14148 FltMgr - ok

19:49:14.0570 14148 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

19:49:14.0599 14148 FontCache - ok

19:49:14.0641 14148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:49:14.0642 14148 FontCache3.0.0.0 - ok

19:49:14.0654 14148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:49:14.0657 14148 FsDepends - ok

19:49:14.0691 14148 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

19:49:14.0694 14148 fssfltr - ok

19:49:14.0765 14148 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

19:49:14.0800 14148 fsssvc - ok

19:49:14.0832 14148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:49:14.0835 14148 Fs_Rec - ok

19:49:14.0875 14148 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:49:14.0880 14148 fvevol - ok

19:49:14.0905 14148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

19:49:14.0909 14148 gagp30kx - ok

19:49:14.0934 14148 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:49:14.0935 14148 GEARAspiWDM - ok

19:49:14.0970 14148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:49:14.0984 14148 gpsvc - ok

19:49:15.0023 14148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:49:15.0027 14148 gupdate - ok

19:49:15.0037 14148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:49:15.0039 14148 gupdatem - ok

19:49:15.0077 14148 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:49:15.0082 14148 gusvc - ok

19:49:15.0109 14148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:49:15.0111 14148 hcw85cir - ok

19:49:15.0139 14148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:49:15.0147 14148 HdAudAddService - ok

19:49:15.0180 14148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

19:49:15.0184 14148 HDAudBus - ok

19:49:15.0200 14148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

19:49:15.0203 14148 HidBatt - ok

19:49:15.0221 14148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

19:49:15.0225 14148 HidBth - ok

19:49:15.0247 14148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

19:49:15.0249 14148 HidIr - ok

19:49:15.0271 14148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

19:49:15.0274 14148 hidserv - ok

19:49:15.0294 14148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

19:49:15.0296 14148 HidUsb - ok

19:49:15.0316 14148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:49:15.0321 14148 hkmsvc - ok

19:49:15.0339 14148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:49:15.0346 14148 HomeGroupListener - ok

19:49:15.0374 14148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:49:15.0381 14148 HomeGroupProvider - ok

19:49:15.0400 14148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:49:15.0402 14148 HpSAMD - ok

19:49:15.0429 14148 [ 436819F9B8B0032791400BD5B4934FAB ] hswpan C:\Windows\system32\DRIVERS\hswpan.sys

19:49:15.0433 14148 hswpan - ok

19:49:15.0462 14148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:49:15.0477 14148 HTTP - ok

19:49:15.0495 14148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:49:15.0496 14148 hwpolicy - ok

19:49:15.0517 14148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

19:49:15.0520 14148 i8042prt - ok

19:49:15.0569 14148 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

19:49:15.0575 14148 iaStor - ok

19:49:15.0607 14148 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

19:49:15.0609 14148 IAStorDataMgrSvc - ok

19:49:15.0640 14148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:49:15.0648 14148 iaStorV - ok

19:49:15.0723 14148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:49:15.0733 14148 idsvc - ok

19:49:15.0851 14148 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130527.001\IDSvia64.sys

19:49:15.0856 14148 IDSVia64 - ok

19:49:15.0990 14148 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

19:49:16.0106 14148 igfx - ok

19:49:16.0143 14148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

19:49:16.0146 14148 iirsp - ok

19:49:16.0185 14148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:49:16.0200 14148 IKEEXT - ok

19:49:16.0225 14148 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

19:49:16.0227 14148 intaud_WaveExtensible - ok

19:49:16.0345 14148 [ D830262519DDCDFC8BE34EB7047C22DC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

19:49:16.0452 14148 IntcAzAudAddService - ok

19:49:16.0491 14148 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

19:49:16.0498 14148 IntcDAud - ok

19:49:16.0545 14148 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

19:49:16.0558 14148 Intel® Capability Licensing Service Interface - ok

19:49:16.0569 14148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:49:16.0572 14148 intelide - ok

19:49:16.0608 14148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:49:16.0611 14148 intelppm - ok

19:49:16.0644 14148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:49:16.0649 14148 IPBusEnum - ok

19:49:16.0667 14148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:49:16.0670 14148 IpFilterDriver - ok

19:49:16.0719 14148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:49:16.0731 14148 iphlpsvc - ok

19:49:16.0745 14148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:49:16.0748 14148 IPMIDRV - ok

19:49:16.0762 14148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:49:16.0766 14148 IPNAT - ok

19:49:16.0825 14148 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:49:16.0838 14148 iPod Service - ok

19:49:16.0864 14148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:49:16.0867 14148 IRENUM - ok

19:49:16.0881 14148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:49:16.0883 14148 isapnp - ok

19:49:16.0902 14148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:49:16.0909 14148 iScsiPrt - ok

19:49:16.0940 14148 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

19:49:16.0941 14148 iusb3hcs - ok

19:49:16.0956 14148 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

19:49:16.0964 14148 iusb3hub - ok

19:49:17.0004 14148 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

19:49:17.0020 14148 iusb3xhc - ok

19:49:17.0058 14148 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

19:49:17.0060 14148 iwdbus - ok

19:49:17.0108 14148 [ 09CA717536671E0896E07D239EE6740F ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

19:49:17.0112 14148 jhi_service - ok

19:49:17.0145 14148 [ DD931496F49CDDF4F0B440455423E162 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

19:49:17.0147 14148 JMCR - ok

19:49:17.0174 14148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

19:49:17.0176 14148 kbdclass - ok

19:49:17.0198 14148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

19:49:17.0201 14148 kbdhid - ok

19:49:17.0222 14148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:49:17.0224 14148 KeyIso - ok

19:49:17.0258 14148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:49:17.0260 14148 KSecDD - ok

19:49:17.0287 14148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:49:17.0291 14148 KSecPkg - ok

19:49:17.0303 14148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:49:17.0306 14148 ksthunk - ok

19:49:17.0329 14148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:49:17.0339 14148 KtmRm - ok

19:49:17.0357 14148 [ FC741259B7C22379EE83257D7CF91151 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

19:49:17.0362 14148 L1C - ok

19:49:17.0384 14148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

19:49:17.0391 14148 LanmanServer - ok

19:49:17.0431 14148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:49:17.0436 14148 LanmanWorkstation - ok

19:49:17.0463 14148 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\Windows\system32\DRIVERS\LhdX64.sys

19:49:17.0465 14148 LHDmgr - ok

19:49:17.0487 14148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:49:17.0490 14148 lltdio - ok

19:49:17.0515 14148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:49:17.0523 14148 lltdsvc - ok

19:49:17.0544 14148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:49:17.0546 14148 lmhosts - ok

19:49:17.0583 14148 [ A60D56228FF3EE7EC1A56A908924680E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

19:49:17.0586 14148 LMS - ok

19:49:17.0623 14148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

19:49:17.0626 14148 LSI_FC - ok

19:49:17.0641 14148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

19:49:17.0645 14148 LSI_SAS - ok

19:49:17.0658 14148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

19:49:17.0661 14148 LSI_SAS2 - ok

19:49:17.0675 14148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

19:49:17.0679 14148 LSI_SCSI - ok

19:49:17.0700 14148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:49:17.0704 14148 luafv - ok

19:49:17.0753 14148 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

19:49:17.0754 14148 MBAMProtector - ok

19:49:17.0824 14148 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:49:17.0833 14148 MBAMScheduler - ok

19:49:17.0859 14148 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:49:17.0873 14148 MBAMService - ok

19:49:17.0900 14148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:49:17.0905 14148 Mcx2Svc - ok

19:49:17.0914 14148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

19:49:17.0917 14148 megasas - ok

19:49:17.0954 14148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

19:49:17.0961 14148 MegaSR - ok

19:49:17.0993 14148 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

19:49:17.0995 14148 MEIx64 - ok

19:49:18.0048 14148 Microsoft SharePoint Workspace Audit Service - ok

19:49:18.0082 14148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:49:18.0086 14148 MMCSS - ok

19:49:18.0099 14148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:49:18.0101 14148 Modem - ok

19:49:18.0126 14148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:49:18.0128 14148 monitor - ok

19:49:18.0153 14148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

19:49:18.0156 14148 mouclass - ok

19:49:18.0171 14148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:49:18.0174 14148 mouhid - ok

19:49:18.0197 14148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:49:18.0200 14148 mountmgr - ok

19:49:18.0223 14148 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:49:18.0224 14148 MozillaMaintenance - ok

19:49:18.0241 14148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:49:18.0245 14148 mpio - ok

19:49:18.0259 14148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:49:18.0262 14148 mpsdrv - ok

19:49:18.0288 14148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:49:18.0305 14148 MpsSvc - ok

19:49:18.0320 14148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:49:18.0324 14148 MRxDAV - ok

19:49:18.0345 14148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:49:18.0350 14148 mrxsmb - ok

19:49:18.0370 14148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:49:18.0376 14148 mrxsmb10 - ok

19:49:18.0388 14148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:49:18.0391 14148 mrxsmb20 - ok

19:49:18.0404 14148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:49:18.0405 14148 msahci - ok

19:49:18.0413 14148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:49:18.0416 14148 msdsm - ok

19:49:18.0429 14148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:49:18.0435 14148 MSDTC - ok

19:49:18.0458 14148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:49:18.0459 14148 Msfs - ok

19:49:18.0478 14148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:49:18.0480 14148 mshidkmdf - ok

19:49:18.0494 14148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:49:18.0495 14148 msisadrv - ok

19:49:18.0515 14148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:49:18.0521 14148 MSiSCSI - ok

19:49:18.0528 14148 msiserver - ok

19:49:18.0548 14148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:49:18.0550 14148 MSKSSRV - ok

19:49:18.0570 14148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:49:18.0573 14148 MSPCLOCK - ok

19:49:18.0585 14148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:49:18.0587 14148 MSPQM - ok

19:49:18.0610 14148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:49:18.0617 14148 MsRPC - ok

19:49:18.0632 14148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

19:49:18.0635 14148 mssmbios - ok

19:49:18.0646 14148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:49:18.0648 14148 MSTEE - ok

19:49:18.0663 14148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

19:49:18.0665 14148 MTConfig - ok

19:49:18.0683 14148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:49:18.0684 14148 Mup - ok

19:49:18.0724 14148 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

19:49:18.0730 14148 MyWiFiDHCPDNS - ok

19:49:18.0766 14148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:49:18.0778 14148 napagent - ok

19:49:18.0809 14148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:49:18.0816 14148 NativeWifiP - ok

19:49:18.0914 14148 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130527.004\ENG64.SYS

19:49:18.0918 14148 NAVENG - ok

19:49:18.0984 14148 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\VirusDefs\20130527.004\EX64.SYS

19:49:19.0024 14148 NAVEX15 - ok

19:49:19.0091 14148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:49:19.0108 14148 NDIS - ok

19:49:19.0132 14148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:49:19.0135 14148 NdisCap - ok

19:49:19.0163 14148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:49:19.0165 14148 NdisTapi - ok

19:49:19.0180 14148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:49:19.0183 14148 Ndisuio - ok

19:49:19.0200 14148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:49:19.0205 14148 NdisWan - ok

19:49:19.0220 14148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:49:19.0223 14148 NDProxy - ok

19:49:19.0235 14148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:49:19.0236 14148 NetBIOS - ok

19:49:19.0251 14148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:49:19.0257 14148 NetBT - ok

19:49:19.0273 14148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:49:19.0275 14148 Netlogon - ok

19:49:19.0297 14148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:49:19.0305 14148 Netman - ok

19:49:19.0358 14148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:49:19.0362 14148 NetMsmqActivator - ok

19:49:19.0367 14148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:49:19.0369 14148 NetPipeActivator - ok

19:49:19.0390 14148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:49:19.0401 14148 netprofm - ok

19:49:19.0410 14148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:49:19.0412 14148 NetTcpActivator - ok

19:49:19.0417 14148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:49:19.0419 14148 NetTcpPortSharing - ok

19:49:19.0668 14148 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

19:49:19.0898 14148 NETwNs64 - ok

19:49:19.0948 14148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

19:49:19.0950 14148 nfrd960 - ok

19:49:19.0977 14148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:49:19.0986 14148 NlaSvc - ok

19:49:19.0995 14148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:49:19.0997 14148 Npfs - ok

19:49:20.0018 14148 [ 686398C3A52EE6588948EAC0C01B126C ] NSD C:\Windows\system32\drivers\nsd.sys

19:49:20.0019 14148 NSD - ok

19:49:20.0046 14148 [ 2152DC8E58391562C9F07998C6FCCF8C ] Nsdfltr C:\Windows\system32\drivers\Nsdfltr.sys

19:49:20.0050 14148 Nsdfltr - ok

19:49:20.0074 14148 [ 486EC2BDC09FBAC5814032D38215010A ] NSDSvc C:\Windows\System32\NSDSvc.exe

19:49:20.0079 14148 NSDSvc - ok

19:49:20.0105 14148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:49:20.0108 14148 nsi - ok

19:49:20.0114 14148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:49:20.0116 14148 nsiproxy - ok

19:49:20.0182 14148 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:49:20.0231 14148 Ntfs - ok

19:49:20.0256 14148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:49:20.0258 14148 Null - ok

19:49:20.0523 14148 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:49:20.0770 14148 nvlddmkm - ok

19:49:20.0807 14148 [ 7067753FA8B75A3BDBA5633B4D2A5D0A ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

19:49:20.0808 14148 nvpciflt - ok

19:49:20.0836 14148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:49:20.0840 14148 nvraid - ok

19:49:20.0859 14148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:49:20.0863 14148 nvstor - ok

19:49:20.0898 14148 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe

19:49:20.0913 14148 nvsvc - ok

19:49:20.0978 14148 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

19:49:20.0990 14148 nvUpdatusService - ok

19:49:21.0009 14148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:49:21.0013 14148 nv_agp - ok

19:49:21.0042 14148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:49:21.0045 14148 ohci1394 - ok

19:49:21.0106 14148 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:49:21.0111 14148 ose64 - ok

19:49:21.0250 14148 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:49:21.0359 14148 osppsvc - ok

19:49:21.0394 14148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:49:21.0403 14148 p2pimsvc - ok

19:49:21.0423 14148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:49:21.0433 14148 p2psvc - ok

19:49:21.0455 14148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

19:49:21.0458 14148 Parport - ok

19:49:21.0482 14148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:49:21.0484 14148 partmgr - ok

19:49:21.0502 14148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:49:21.0508 14148 PcaSvc - ok

19:49:21.0538 14148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:49:21.0542 14148 pci - ok

19:49:21.0557 14148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:49:21.0560 14148 pciide - ok

19:49:21.0577 14148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

19:49:21.0583 14148 pcmcia - ok

19:49:21.0600 14148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:49:21.0602 14148 pcw - ok

19:49:21.0624 14148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:49:21.0636 14148 PEAUTH - ok

19:49:21.0724 14148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:49:21.0727 14148 PerfHost - ok

19:49:21.0786 14148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:49:21.0819 14148 pla - ok

19:49:21.0860 14148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:49:21.0870 14148 PlugPlay - ok

19:49:21.0881 14148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:49:21.0885 14148 PNRPAutoReg - ok

19:49:21.0905 14148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:49:21.0910 14148 PNRPsvc - ok

19:49:21.0946 14148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:49:21.0956 14148 PolicyAgent - ok

19:49:21.0977 14148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:49:21.0983 14148 Power - ok

19:49:22.0015 14148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:49:22.0018 14148 PptpMiniport - ok

19:49:22.0031 14148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

19:49:22.0034 14148 Processor - ok

19:49:22.0058 14148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:49:22.0065 14148 ProfSvc - ok

19:49:22.0081 14148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:49:22.0083 14148 ProtectedStorage - ok

19:49:22.0099 14148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:49:22.0103 14148 Psched - ok

19:49:22.0153 14148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

19:49:22.0187 14148 ql2300 - ok

19:49:22.0209 14148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

19:49:22.0214 14148 ql40xx - ok

19:49:22.0238 14148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:49:22.0245 14148 QWAVE - ok

19:49:22.0259 14148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:49:22.0262 14148 QWAVEdrv - ok

19:49:22.0273 14148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:49:22.0275 14148 RasAcd - ok

19:49:22.0310 14148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:49:22.0313 14148 RasAgileVpn - ok

19:49:22.0329 14148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:49:22.0335 14148 RasAuto - ok

19:49:22.0353 14148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:49:22.0357 14148 Rasl2tp - ok

19:49:22.0371 14148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:49:22.0380 14148 RasMan - ok

19:49:22.0397 14148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:49:22.0401 14148 RasPppoe - ok

19:49:22.0412 14148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:49:22.0416 14148 RasSstp - ok

19:49:22.0433 14148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:49:22.0439 14148 rdbss - ok

19:49:22.0454 14148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

19:49:22.0456 14148 rdpbus - ok

19:49:22.0480 14148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:49:22.0483 14148 RDPCDD - ok

19:49:22.0495 14148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:49:22.0497 14148 RDPENCDD - ok

19:49:22.0514 14148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:49:22.0517 14148 RDPREFMP - ok

19:49:22.0552 14148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

19:49:22.0555 14148 RdpVideoMiniport - ok

19:49:22.0585 14148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:49:22.0590 14148 RDPWD - ok

19:49:22.0612 14148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:49:22.0618 14148 rdyboost - ok

19:49:22.0664 14148 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

19:49:22.0668 14148 RegSrvc - ok

19:49:22.0689 14148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:49:22.0694 14148 RemoteAccess - ok

19:49:22.0715 14148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:49:22.0722 14148 RemoteRegistry - ok

19:49:22.0743 14148 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

19:49:22.0748 14148 RFCOMM - ok

19:49:22.0765 14148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:49:22.0769 14148 RpcEptMapper - ok

19:49:22.0789 14148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:49:22.0792 14148 RpcLocator - ok

19:49:22.0816 14148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:49:22.0823 14148 RpcSs - ok

19:49:22.0857 14148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:49:22.0861 14148 rspndr - ok

19:49:22.0888 14148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:49:22.0890 14148 SamSs - ok

19:49:22.0910 14148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:49:22.0913 14148 sbp2port - ok

19:49:22.0933 14148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:49:22.0941 14148 SCardSvr - ok

19:49:22.0953 14148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:49:22.0955 14148 scfilter - ok

19:49:22.0988 14148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:49:23.0017 14148 Schedule - ok

19:49:23.0038 14148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:49:23.0039 14148 SCPolicySvc - ok

19:49:23.0069 14148 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

19:49:23.0073 14148 sdbus - ok

19:49:23.0099 14148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:49:23.0106 14148 SDRSVC - ok

19:49:23.0133 14148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:49:23.0135 14148 secdrv - ok

19:49:23.0141 14148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:49:23.0145 14148 seclogon - ok

19:49:23.0158 14148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

19:49:23.0163 14148 SENS - ok

19:49:23.0191 14148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:49:23.0196 14148 SensrSvc - ok

19:49:23.0247 14148 [ 423624F5AEE2EA03250C2E79CEFF1A76 ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe

19:49:23.0249 14148 SepMasterService - ok

19:49:23.0262 14148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

19:49:23.0265 14148 Serenum - ok

19:49:23.0291 14148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

19:49:23.0294 14148 Serial - ok

19:49:23.0323 14148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

19:49:23.0327 14148 sermouse - ok

19:49:23.0353 14148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:49:23.0359 14148 SessionEnv - ok

19:49:23.0371 14148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:49:23.0373 14148 sffdisk - ok

19:49:23.0389 14148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:49:23.0392 14148 sffp_mmc - ok

19:49:23.0403 14148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:49:23.0406 14148 sffp_sd - ok

19:49:23.0419 14148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

19:49:23.0422 14148 sfloppy - ok

19:49:23.0453 14148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:49:23.0462 14148 SharedAccess - ok

19:49:23.0478 14148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:49:23.0486 14148 ShellHWDetection - ok

19:49:23.0504 14148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

19:49:23.0507 14148 SiSRaid2 - ok

19:49:23.0522 14148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

19:49:23.0525 14148 SiSRaid4 - ok

19:49:23.0571 14148 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:49:23.0575 14148 SkypeUpdate - ok

19:49:23.0605 14148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:49:23.0608 14148 Smb - ok

19:49:23.0737 14148 [ E5A45D39ADB19FB4120A67F847421CEE ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe

19:49:23.0761 14148 SmcService - ok

19:49:23.0803 14148 [ 3D0861F150FAA6B47CFE776949F24343 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\snac64.exe

19:49:23.0806 14148 SNAC - ok

19:49:23.0837 14148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:49:23.0841 14148 SNMPTRAP - ok

19:49:23.0869 14148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:49:23.0870 14148 spldr - ok

19:49:23.0906 14148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:49:23.0917 14148 Spooler - ok

19:49:23.0990 14148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:49:24.0066 14148 sppsvc - ok

19:49:24.0079 14148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:49:24.0084 14148 sppuinotify - ok

19:49:24.0146 14148 [ 0198A89DF4FF353B2CB079ED042BCAB8 ] SRTSP C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SRTSP64.SYS

19:49:24.0157 14148 SRTSP - ok

19:49:24.0174 14148 [ 0ABD22111E5C78D594F5948F59A3E17A ] SRTSPX C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SRTSPX64.SYS

19:49:24.0176 14148 SRTSPX - ok

19:49:24.0196 14148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:49:24.0205 14148 srv - ok

19:49:24.0228 14148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:49:24.0235 14148 srv2 - ok

19:49:24.0250 14148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:49:24.0254 14148 srvnet - ok

19:49:24.0289 14148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:49:24.0296 14148 SSDPSRV - ok

19:49:24.0311 14148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:49:24.0316 14148 SstpSvc - ok

19:49:24.0360 14148 Steam Client Service - ok

19:49:24.0376 14148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

19:49:24.0379 14148 stexstor - ok

19:49:24.0419 14148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:49:24.0432 14148 stisvc - ok

19:49:24.0443 14148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

19:49:24.0446 14148 swenum - ok

19:49:24.0472 14148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:49:24.0483 14148 swprv - ok

19:49:24.0519 14148 [ F017987B177F7BBC989318D59309D091 ] SymDS C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS

19:49:24.0527 14148 SymDS - ok

19:49:24.0556 14148 [ EAC78F0CDE20A4A143CFD0F3A0663A20 ] SymEFA C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS

19:49:24.0571 14148 SymEFA - ok

19:49:24.0615 14148 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

19:49:24.0620 14148 SymEvent - ok

19:49:24.0658 14148 [ 1611FA7A95A48387DF22757FA81B46A9 ] SymIRON C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS

19:49:24.0662 14148 SymIRON - ok

19:49:24.0682 14148 [ A35C8E13ACD8E9425448DF7C524F9788 ] SYMNETS C:\Windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS

19:49:24.0690 14148 SYMNETS - ok

19:49:24.0736 14148 [ E6A9BD45EF10EFA2EB2D380A32FBA7B6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

19:49:24.0745 14148 SynTP - ok

19:49:24.0798 14148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:49:24.0840 14148 SysMain - ok

19:49:24.0857 14148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:49:24.0863 14148 TabletInputService - ok

19:49:24.0883 14148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:49:24.0893 14148 TapiSrv - ok

19:49:24.0905 14148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:49:24.0908 14148 TBS - ok

19:49:24.0982 14148 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:49:25.0024 14148 Tcpip - ok

19:49:25.0081 14148 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:49:25.0099 14148 TCPIP6 - ok

19:49:25.0143 14148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:49:25.0146 14148 tcpipreg - ok

19:49:25.0170 14148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:49:25.0173 14148 TDPIPE - ok

19:49:25.0193 14148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:49:25.0196 14148 TDTCP - ok

19:49:25.0209 14148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:49:25.0213 14148 tdx - ok

19:49:25.0227 14148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

19:49:25.0230 14148 TermDD - ok

19:49:25.0265 14148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:49:25.0279 14148 TermService - ok

19:49:25.0295 14148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:49:25.0300 14148 Themes - ok

19:49:25.0321 14148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:49:25.0324 14148 THREADORDER - ok

19:49:25.0349 14148 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys

19:49:25.0352 14148 TPM - ok

19:49:25.0368 14148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:49:25.0373 14148 TrkWks - ok

19:49:25.0413 14148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:49:25.0417 14148 TrustedInstaller - ok

19:49:25.0430 14148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:49:25.0433 14148 tssecsrv - ok

19:49:25.0457 14148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:49:25.0460 14148 TsUsbFlt - ok

19:49:25.0489 14148 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

19:49:25.0491 14148 TsUsbGD - ok

19:49:25.0534 14148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:49:25.0538 14148 tunnel - ok

19:49:25.0555 14148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

19:49:25.0558 14148 uagp35 - ok

19:49:25.0579 14148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:49:25.0586 14148 udfs - ok

19:49:25.0614 14148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:49:25.0618 14148 UI0Detect - ok

19:49:25.0645 14148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:49:25.0648 14148 uliagpkx - ok

19:49:25.0668 14148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

19:49:25.0670 14148 umbus - ok

19:49:25.0685 14148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

19:49:25.0687 14148 UmPass - ok

19:49:25.0754 14148 [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

19:49:25.0757 14148 UNS - ok

19:49:25.0773 14148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:49:25.0782 14148 upnphost - ok

19:49:25.0813 14148 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

19:49:25.0815 14148 USBAAPL64 - ok

19:49:25.0831 14148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:49:25.0834 14148 usbccgp - ok

19:49:25.0853 14148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:49:25.0857 14148 usbcir - ok

19:49:25.0869 14148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

19:49:25.0871 14148 usbehci - ok

19:49:25.0893 14148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:49:25.0900 14148 usbhub - ok

19:49:25.0910 14148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

19:49:25.0913 14148 usbohci - ok

19:49:25.0925 14148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

19:49:25.0927 14148 usbprint - ok

19:49:25.0939 14148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:49:25.0943 14148 USBSTOR - ok

19:49:25.0954 14148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

19:49:25.0956 14148 usbuhci - ok

19:49:25.0988 14148 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

19:49:25.0993 14148 usbvideo - ok

19:49:26.0012 14148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:49:26.0017 14148 UxSms - ok

19:49:26.0034 14148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:49:26.0036 14148 VaultSvc - ok

19:49:26.0056 14148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:49:26.0058 14148 vdrvroot - ok

19:49:26.0081 14148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:49:26.0095 14148 vds - ok

19:49:26.0106 14148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:49:26.0108 14148 vga - ok

19:49:26.0126 14148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:49:26.0130 14148 VgaSave - ok

19:49:26.0139 14148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

19:49:26.0143 14148 vhdmp - ok

19:49:26.0161 14148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:49:26.0164 14148 viaide - ok

19:49:26.0207 14148 [ 8793B8146F58D54D07245CE5F722DA93 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys

19:49:26.0224 14148 vm331avs - ok

19:49:26.0252 14148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:49:26.0255 14148 volmgr - ok

19:49:26.0274 14148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:49:26.0282 14148 volmgrx - ok

19:49:26.0300 14148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:49:26.0307 14148 volsnap - ok

19:49:26.0329 14148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

19:49:26.0334 14148 vsmraid - ok

19:49:26.0390 14148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:49:26.0426 14148 VSS - ok

19:49:26.0437 14148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

19:49:26.0440 14148 vwifibus - ok

19:49:26.0476 14148 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

19:49:26.0478 14148 vwififlt - ok

19:49:26.0494 14148 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

19:49:26.0496 14148 vwifimp - ok

19:49:26.0529 14148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:49:26.0539 14148 W32Time - ok

19:49:26.0553 14148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

19:49:26.0556 14148 WacomPen - ok

19:49:26.0580 14148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:49:26.0584 14148 WANARP - ok

19:49:26.0590 14148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:49:26.0591 14148 Wanarpv6 - ok

19:49:26.0640 14148 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

19:49:26.0673 14148 WatAdminSvc - ok

19:49:26.0712 14148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:49:26.0747 14148 wbengine - ok

19:49:26.0766 14148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:49:26.0773 14148 WbioSrvc - ok

19:49:26.0791 14148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:49:26.0801 14148 wcncsvc - ok

19:49:26.0816 14148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:49:26.0821 14148 WcsPlugInService - ok

19:49:26.0845 14148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

19:49:26.0848 14148 Wd - ok

19:49:26.0885 14148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:49:26.0899 14148 Wdf01000 - ok

19:49:26.0910 14148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:49:26.0915 14148 WdiServiceHost - ok

19:49:26.0920 14148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:49:26.0924 14148 WdiSystemHost - ok

19:49:26.0940 14148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:49:26.0948 14148 WebClient - ok

19:49:26.0967 14148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:49:26.0975 14148 Wecsvc - ok

19:49:26.0992 14148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:49:26.0998 14148 wercplsupport - ok

19:49:27.0015 14148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:49:27.0020 14148 WerSvc - ok

19:49:27.0043 14148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:49:27.0045 14148 WfpLwf - ok

19:49:27.0061 14148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:49:27.0063 14148 WIMMount - ok

19:49:27.0076 14148 WinDefend - ok

19:49:27.0086 14148 WinHttpAutoProxySvc - ok

19:49:27.0135 14148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:49:27.0140 14148 Winmgmt - ok

19:49:27.0201 14148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:49:27.0243 14148 WinRM - ok

19:49:27.0289 14148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:49:27.0315 14148 Wlansvc - ok

19:49:27.0364 14148 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:49:27.0366 14148 wlcrasvc - ok

19:49:27.0449 14148 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:49:27.0500 14148 wlidsvc - ok

19:49:27.0535 14148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

19:49:27.0537 14148 WmiAcpi - ok

19:49:27.0573 14148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:49:27.0578 14148 wmiApSrv - ok

19:49:27.0587 14148 WMPNetworkSvc - ok

19:49:27.0612 14148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:49:27.0617 14148 WPCSvc - ok

19:49:27.0629 14148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:49:27.0635 14148 WPDBusEnum - ok

19:49:27.0649 14148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:49:27.0652 14148 ws2ifsl - ok

19:49:27.0666 14148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

19:49:27.0671 14148 wscsvc - ok

19:49:27.0677 14148 WSearch - ok

19:49:27.0707 14148 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys

19:49:27.0711 14148 wsvd - ok

19:49:27.0773 14148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:49:27.0823 14148 wuauserv - ok

19:49:27.0856 14148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:49:27.0859 14148 WudfPf - ok

19:49:27.0889 14148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:49:27.0894 14148 WUDFRd - ok

19:49:27.0914 14148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:49:27.0920 14148 wudfsvc - ok

19:49:27.0943 14148 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

19:49:27.0951 14148 WwanSvc - ok

19:49:28.0028 14148 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

19:49:28.0039 14148 ZeroConfigService - ok

19:49:28.0067 14148 ================ Scan global ===============================

19:49:28.0083 14148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:49:28.0116 14148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:49:28.0130 14148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:49:28.0153 14148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:49:28.0184 14148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:49:28.0192 14148 [Global] - ok

19:49:28.0193 14148 ================ Scan MBR ==================================

19:49:28.0201 14148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

19:49:28.0370 14148 \Device\Harddisk0\DR0 - ok

19:49:28.0370 14148 ================ Scan VBR ==================================

19:49:28.0375 14148 [ A7ACA660BEBE7F9FCDE8795CC6A1289E ] \Device\Harddisk0\DR0\Partition1

19:49:28.0378 14148 \Device\Harddisk0\DR0\Partition1 - ok

19:49:28.0393 14148 [ AC891C774C0F6B7CF30FDCFCEB9F58DB ] \Device\Harddisk0\DR0\Partition2

19:49:28.0396 14148 \Device\Harddisk0\DR0\Partition2 - ok

19:49:28.0428 14148 [ 5550198FB16538DC664AC3E3827923F9 ] \Device\Harddisk0\DR0\Partition3

19:49:28.0431 14148 \Device\Harddisk0\DR0\Partition3 - ok

19:49:28.0432 14148 ============================================================

19:49:28.0432 14148 Scan finished

19:49:28.0432 14148 ============================================================

19:49:28.0444 15292 Detected object count: 0

19:49:28.0444 15292 Actual detected object count: 0

------------------RKReport log------------------

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jason [Admin rights]

Mode : Scan -- Date : 05/27/2013 19:55:23

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] CurseClient.exe -- C:\Users\Jason\AppData\Local\Apps\2.0\X07E9ZAP.0OP\1QYX6T8A.95H\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e04426adbac\CurseClient.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-818046763-326399461-3087523236-1001[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND

[TASK][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++

--- User ---

[MBR] 3c1a2ada85208627ec8b7717077ff03e

[bSP] 19cd35e1a49d83c5c5b1ad91bcaf85de : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 430658 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 882399232 | Size: 26080 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 935811072 | Size: 20001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05272013_02d1955.txt >>

RKreport[1]_S_05272013_02d1955.txt

Maurice Naggar · May 28, 2013

Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Please disconnect any USB or external storage drives from the computer before you run this scan!
For Vista or Windows 7 / 8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
For Windows XP, double-click to start.
Wait until Prescan finishes.
On the RogueKiller console, click the Registry tab.
Put a check next to all of these and uncheck the rest: (if found)
[RUN][sUSP PATH] HKCU\[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-818046763-326399461-3087523236-1001[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND
[TASK][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND

UN-check any -other - lines shown on your screen that are not listed in the above list.
Then click on Delete on the right hand column under Options.
When done, logoff & Restart the system.
The log will be found as RKreport
Copy & Paste the contents into next reply.

Task 2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Task 3

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

wyldecard723 · May 28, 2013

Hello Maurice,

When I was following your instructions:

On the RogueKiller console, click the Registry tab.

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-818046763-326399461-3087523236-1001[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> FOUND

[TASK][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND

Upon only selecting these three and clicking Delete, the followup report stated that only two of the three were deleted, and did not mention the third in the report. A subsequent scan did not find any of the three susp paths.

[RUN][sUSP PATH] HKCU\[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> DELETED

[TASK][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> DELETED

The full report is pasted below.

I did not receive any errors upon running DeFogger.

Also, the aswMBR.exe, upon completion of scan, did NOT enable the Fix button.

-----------RKreport -------------

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jason [Admin rights]

Mode : Remove -- Date : 05/27/2013 21:24:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : ClassesB (REGSVR32.EXE C:\Users\Jason\AppData\Local\ClassesB\avhbqtwq.dll) [-] -> DELETED

[TASK][sUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

--------- aswMBR.txt --------

Run date: 2013-05-27 21:36:12

-----------------------------

21:36:12.710 OS Version: Windows x64 6.1.7601 Service Pack 1

21:36:12.711 Number of processors: 8 586 0x3A09

21:36:12.712 ComputerName: JASON-PC UserName: Jason

21:36:13.492 Initialize success

21:36:34.988 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:36:34.992 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3

21:36:35.181 Disk 0 MBR read successfully

21:36:35.185 Disk 0 MBR scan

21:36:35.189 Disk 0 Windows 7 default MBR code

21:36:35.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048

21:36:35.215 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430658 MB offset 411648

21:36:35.250 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26080 MB offset 882399232

21:36:35.314 Disk 0 Partition 4 00 12 Compaq diag NTFS 20001 MB offset 935811072

21:36:35.595 Disk 0 scanning C:\Windows\system32\drivers

21:36:43.769 Service scanning

21:37:02.591 Modules scanning

21:37:02.604 Scan finished successfully

21:37:14.338 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\MBR.dat"

21:37:14.339 The log file has been saved successfully to "C:\Users\Jason\Desktop\aswMBR.txt"

Maurice Naggar · May 28, 2013

Close any open documents/programs & all internet browsers you have running.
Please start AdwCleaner
Click on Delete button.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[s1]

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

wyldecard723 · May 28, 2013

Hello again,

The adwcleaner log is pasted below. Also, the MBAR scan came up with no cleanup required. However, I just tried a search on Google and am still occasionally being redirected. Is there something else I need to do, such as checking DNS settings?

Thanks for your time,

Jason

---------AdwCleaner[s1].txt-------------

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\exein8q5.default\prefs.js

C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\exein8q5.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1007 octets] - [27/05/2013 19:46:07]

AdwCleaner[s1].txt - [1050 octets] - [28/05/2013 07:36:08]

########## EOF - C:\AdwCleaner[s1].txt - [1110 octets] ##########

Maurice Naggar · May 28, 2013

Please refrain from websurfing or doing web searches. Do the following.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member wyldecard723 only. If you are a casual viewer, do NOT try this on your system!

If you are not wyldecard723 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Task 1

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
The tool will open and display information and disclaimer in a Command prompt window.
I'd suggest you close all internet browsers at this point.
Press a key on keyboard to start scanning your system.
Please be very patient as this will take several minutes to complete, depending on your system's specifications.
There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
Please post the contents of JRT.txt into a new reply.
Re-enable your security software.

Task 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Task 3

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log

and tell me, How is the system now

Re-enable your antivirus program.

wyldecard723 · May 28, 2013

I just tried going to Tools ->Options > Advanced > Network > Settings in Mozilla, then selecting no proxy. It was on Manual proxy before, don't know if that changes anything.

Maurice Naggar · May 28, 2013

Noted. It probably had nothing to do with the problem. But irregardless, please do all the Tasks I had just outlined.

Post logs as you go along.

Proceed forward.

wyldecard723 · May 28, 2013

Upon following instructions, ComboFix did not do a restart, so manually restarted computer. I have not noticed any computer problems the past couple hours, but I have not tried any browsing or google searches since last post. Is now the time to test?

-------JRT.txt--------

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Jason on Tue 05/28/2013 at 8:37:47.02

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jason\AppData\Roaming\goforfiles"

~~~ FireFox

Successfully deleted: [File] C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\exein8q5.default\extensions\ovkwqbytfk@ovkwqbytfk.org.xpi [Tracur]

Emptied folder: C:\Users\Jason\AppData\Roaming\mozilla\firefox\profiles\exein8q5.default\minidumps [170 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/28/2013 at 8:44:46.80

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------mbam-log-2013-05-28 (08-47-23).txt-----------

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.28.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: JASON-PC [administrator]

Protection: Disabled

5/28/2013 8:47:23 AM

mbam-log-2013-05-28 (08-47-23).txt

Scan type: Full scan (C:\|D:\|F:\|)

Scan options disabled: P2P

Objects scanned: 416335

Time elapsed: 1 hour(s), 9 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-------ComboFix.txt---------

ComboFix 13-05-28.02 - Jason 05/28/2013 11:43:42.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8094.5147 [GMT -4:00]

Running from: c:\users\Jason\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\Microsoft\Windows\DRM\139E.tmp

c:\programdata\Microsoft\Windows\DRM\145D.tmp

c:\programdata\Roaming

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))

.

2013-05-28 15:51 . 2013-05-28 15:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-28 15:51 . 2013-05-28 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-27 23:40 . 2013-05-27 23:40 -------- d-----w- c:\program files (x86)\ERUNT

2013-05-26 15:12 . 2013-05-26 15:12 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes

2013-05-26 15:12 . 2013-05-26 15:12 -------- d-----w- c:\programdata\Malwarebytes

2013-05-26 15:12 . 2013-05-26 15:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-26 15:12 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-26 15:12 . 2013-05-26 15:12 -------- d-----w- c:\users\Jason\AppData\Local\Programs

2013-05-18 20:58 . 2013-05-18 20:58 -------- d-----w- c:\users\Jason\AppData\Roaming\Curse Advertising

2013-05-16 12:26 . 2013-05-16 12:26 -------- d-----w- C:\Riot Games

2013-05-16 12:18 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-16 12:18 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 12:18 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-16 12:18 . 2013-05-16 12:26 -------- d-----w- c:\users\Jason\AppData\Roaming\Riot Games

2013-05-16 00:24 . 2013-05-16 01:33 -------- d-----w- c:\program files (x86)\Diablo III

2013-05-15 22:12 . 2013-05-15 22:12 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-15 22:11 . 2013-04-04 09:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-15 21:50 . 2013-05-27 15:14 -------- d-----w- c:\users\Jason\AppData\Local\ClassesB

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-18 17:27 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-16 12:27 . 2013-03-09 16:09 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-15 22:47 . 2012-08-22 23:57 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 22:47 . 2012-08-22 23:57 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 22:47 . 2013-03-12 20:47 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-04-13 05:49 . 2013-05-15 16:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 16:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 16:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 16:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 16:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 16:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 13:56 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-25 16:01 . 2012-09-07 12:18 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-25 16:01 . 2012-09-07 12:18 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-19 06:04 . 2013-04-10 20:58 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 20:58 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 20:58 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 20:58 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 20:58 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 20:58 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-15 05:53 . 2013-03-25 16:05 968408 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2013-03-15 05:53 . 2013-03-25 16:05 9414456 ----a-w- c:\windows\system32\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 16:05 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll

2013-03-15 05:53 . 2013-03-25 16:05 7573816 ----a-w- c:\windows\system32\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 16:05 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll

2013-03-15 05:53 . 2013-03-25 16:05 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll

2013-03-15 05:53 . 2013-03-25 16:05 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll

2013-03-15 05:53 . 2013-03-25 16:05 30496 ----a-w- c:\windows\system32\drivers\nvpciflt.sys

2013-03-15 05:53 . 2013-03-25 16:05 2913056 ----a-w- c:\windows\system32\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 16:05 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2013-03-15 05:53 . 2013-03-25 16:05 26956576 ----a-w- c:\windows\system32\nvoglv64.dll

2013-03-15 05:53 . 2013-03-25 16:05 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-03-15 05:53 . 2013-03-25 16:05 25256736 ----a-w- c:\windows\system32\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 16:05 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 16:05 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-03-15 05:53 . 2013-03-25 16:05 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2013-03-15 05:53 . 2013-03-25 16:05 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll

2013-03-15 05:53 . 2013-03-25 16:05 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll

2013-03-15 05:53 . 2013-03-25 16:05 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2013-03-15 05:53 . 2013-03-25 16:05 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-03-15 05:53 . 2013-03-25 16:05 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll

2013-03-15 05:53 . 2013-03-25 16:05 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-03-15 05:53 . 2013-03-25 16:05 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2013-03-15 05:53 . 2013-03-25 16:05 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-03-15 05:53 . 2012-07-24 08:29 2864144 ----a-w- c:\windows\system32\nvapi64.dll

2013-03-15 05:53 . 2012-07-24 08:29 250504 ----a-w- c:\windows\system32\nvinitx.dll

2013-03-15 05:53 . 2012-07-24 08:29 205184 ----a-w- c:\windows\SysWow64\nvinit.dll

2013-03-15 05:53 . 2012-07-24 08:29 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll

2013-03-15 04:16 . 2012-07-24 08:29 3477280 ----a-w- c:\windows\system32\nvsvc64.dll

2013-03-15 04:16 . 2012-07-24 08:29 6398240 ----a-w- c:\windows\system32\nvcpl.dll

2013-03-15 04:16 . 2012-07-24 08:29 877856 ----a-w- c:\windows\system32\nvvsvc.exe

2013-03-15 04:16 . 2012-07-24 08:29 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll

2013-03-15 04:16 . 2012-07-24 08:29 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-03-15 04:16 . 2012-07-24 08:29 568608 ----a-w- c:\windows\SysWow64\oemdspif.dll

2013-03-15 04:16 . 2012-07-24 08:29 2555680 ----a-w- c:\windows\system32\nvsvcr.dll

2013-03-15 04:16 . 2012-07-24 08:29 237856 ----a-w- c:\windows\system32\nvmctray.dll

2013-03-15 04:16 . 2012-07-24 08:29 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll

2013-03-13 16:24 . 2012-07-24 08:29 3065455 ----a-w- c:\windows\system32\nvcoproc.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-24 39408]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-14 1597864]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-12 291608]

"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2011-11-24 548864]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]

"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]

"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]

"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-07-24 329056]

"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-8-30 0]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 CLKMSVC10_3A60B698;CyberLink Product - 2012/07/24 02:08;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe [2011-12-24 120160]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-12-05 195584]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-01-27 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-18 1255736]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-07-24 57952]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-12 16152]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-07-24 39008]

S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys [2011-12-24 24160]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]

S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMDS64.SYS [2011-11-16 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMEFA64.SYS [2012-02-27 932472]

S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20130502.011\BHDrvx64.sys [2013-04-12 1390680]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-07-24 13408]

S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20130527.001\IDSvia64.sys [2012-09-01 513184]

S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys [2011-12-22 59488]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\Ironx64.SYS [2011-11-16 171128]

S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x64\SYMNETS.SYS [2012-03-19 386168]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-05 659968]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-05 135952]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [2012-01-28 137208]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-28 363800]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-07-24 30816]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-05 195584]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]

S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-22 138912]

S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys [2012-01-27 109056]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-12 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-12 788760]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-01-27 25496]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-08-25 173656]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2011-12-06 952832]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_3A60B698

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 22:47]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 09:08]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 09:08]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2012-07-24 09:07 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-07-24 789856]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-07-24 8079408]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-07-24 6202416]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-07-24 206176]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\exein8q5.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]

"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]

"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin64\Smc.exe\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-28 11:54:22

ComboFix-quarantined-files.txt 2013-05-28 15:54

.

Pre-Run: 284,622,737,408 bytes free

Post-Run: 284,958,658,560 bytes free

.

- - End Of File - - 5E2BD87F3D9426382C19DB132AD7506A

wyldecard723 · May 28, 2013

I will also note that the computer seems a little... choppy... if that's the correct term. It seemed to undergo a few mini-lock ups while trying to access mozilla and then this forum thread. It also MAY be running a bit warmer than usual.

Maurice Naggar · May 28, 2013

Be very vigilant about any "overheating", as that can be a danger to your hardware and to the health of your o.s.

Tell me if this is a desktop system or tower system, or, if it is a notebook/laptop !!

Make sure that there is sufficient free/clear space around the system, especially around the power supply vent.

Make sure the vent is not covered with dust or debri.

Tell me exactly where you feel the "warmer" thing.

The current first priority is to cure any overheating.

The lag or slow issue is not unexpected but it is usually due to factors other than malware.

To Reset Firefox to its default state:

Start Firefox

in the address bar, type in

about:support

Click on the Reset Firefox button at top right of screen.

While in Firefox, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Still in Firefox, on main menu, choose Tools >>> Options

click the General tab

Under the Downloads block

IF the SAVE files to is selected, then Click on (to select) Always ask me where to save files

Then press OK button

Close Firefox.

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Close IE.

Close any programs you have started, saving and closing any open work documents.

Download TFC by OldTimer and SAVE it to your desktop

Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

A: If you decide to keep Java:
The Java runtime components are typically located at
C:\Program Files (x86)\Java\jre7\bin
Locate javacpl.exe the Java control panel.
Right click and select Open
Click on the Update tab
Put a checkmark at "Check for updates automatically"
On the General tab, under Temporary Internet Files, click the Settings button.
Next, click on the Delete Files button
Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Temporary Files Window
Click on the Advanced tab
Expand Miscellaneous:
Un-check "place Java icon in system tray"
Un-check "Java quick starter"
Exit/close
You need to remove older versions of Java runtime. Do this:
Download & Save to your Desktop or a new folder Javara.zip
Extract the contents of the zip file. Then double click Javara.exe to run it.
JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).
B: If you want to disable Java in your browser:
How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse
Also see No, Seriously, Just Disable Java in Your Browser Right Now

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Also see How to protect your computer against dangerous Java Applets

wyldecard723 · May 28, 2013

The computer is a Lenovo ideapad Y480 laptop. It was mainly heating up near where the palm rests when typing, and underneath the laptop. I noted the heat because, while this is a shared laptop that my siblings use for computer games often, it usually only notably heated up while playing the games, whereas when I noted the heat I was only in a Mozilla browser. Since resetting Mozilla and IE and clearing cache/temp files, the browsing speed seems notably smoother/faster. I also ran TFC and rebooted. Also, I have tentatively uninstalled Java entirely. This laptop is less than a year old, and may have come with Java installed (or siblings may have installed), as I don't recall installing it or using it in browser. If the need arises I will reinstall it at that point. I tried a few test google searches and also did not encounter the redirecting problem.

wyldecard723 · May 28, 2013

I should also note that it seems to have cooled back down to a slightly warm touch.

Maurice Naggar · May 28, 2013

You may want to consider buying a notebook cooler (such as one by Targus). They are not terribly expensive. If you do some shopping, you can get one around $20

Look at Newegg, Tigerdirect, or Buy(dot)com

I have one by Targus, which is used with my notebook. It's got a couple of fans inside & the unit goes under the notebook. Powered via USB connection.

The "heat" you are sensing is most likely from the internal hard drive. You may want to check with Lenovo support website and see if they have a temperature monitor utility.

Before we consider closing this topic, I'd like for you to do an antivirus check.

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Turn off any other add-on security app {if you have them} like MBAM File System Protection.
If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
You will see a screen similar to this:

Click the checkbox to participate, and then click on Continue button.
Next

Click on Select onjects for scanning
Next

Put a checkmark by clicking on the boxes as shown.
Do not select Temporary files or System Restore points.
Then click on Start scanning button
The scan in progress will be shown like this
IF something is detected, you will see a screen similar to this

For each item "detected", click on the Action column down arrow, like this

Your options will be Cure or Ignore
IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
Typically, you will keep the Cure default.
Then click on the Neutralize button.
When the actions are completed, you will see this
Click on the green Open Report line. It will pop-up the report in NOTEPAD.
Save the report to your desktop. The report will be called Cureit.log
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

wyldecard723 · May 29, 2013

I just finished the CureIt scan, there were no threats detected and I did not see any report given. I rebooted the computer afterwards as well.

Maurice Naggar · May 29, 2013

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Task 2

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

The safety scanner log should be called msert.txt

It should be located in the same folder as where you had msert.exe

If not there, then look for it under c:\windows

Then, tell me, How is the system now as compared to your original IP block issue?

If no problems are found, I think we can proceed to cleanups & closure of this case (I'll give you directions then).

wyldecard723 · June 2, 2013

Hello Maurice,

I apologize for taking a few days to respond to last post. I was away from my family house and was unable to use the computer. During the last few days thought, I asked my sibling to refrain from browser usage if possible until I could confirm the safety of the computer. From my limited usage of it today I did not observe any of the previously described issues, including google search redirect or MBAM informing me of IP block. My sibling also did report any issues with his computer usage since Wednesday. I just followed your recent instructions to use Stinger and MS Safety Scanner but had some difficulty. For the stinger instructions:

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

I was unable to find the preferences setting for "Heuristic network check for suspicious files" so was unable to select High.

Also I was unsure what kind of scan you wanted (quick versus full) so I went with a quick scan. I also could not find a File menu or a stinger.txt report. I have listed the contents from log path file:///C:/Users/Jason/Desktop/Stinger_01062013_202852.html below, though it didn't seem too informative to me. Furthermore for the MS Safety Scanner I also did not find any msert.txt log or similar log file on my desktop, in the folder containing msert.exe, or in c:\windows. However, I can report that both scans upon completion came up with zero infections/problems. I am not sure how else to convey the scan reports to you.

wyldecard723 · June 2, 2013

Contents of log path file file:///C:/Users/Jason/Desktop/Stinger_01062013_202852.html

Quick Scan Report File

Virus Scan Information

McAfee® Labs Stinger™ Version 11.0.0.323 built on May 31 2013 at 12:25:50

Virus data file v1000.0 created on May 31, 2013

Ready to scan for 6247 Viruses, Trojans and variants.

Scan initiated on Saturday, June 01, 2013 20:28:52

Rootkit scan result : Not Scanned.

Scan completed on Saturday, June 01, 2013 20:30:54

Maurice Naggar · June 2, 2013

The Stinger gui was changed since I last put together my directions. Sorry about that.

But the main thing is that -nothing was detected-. And that is very good.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\Jason\Desktop\ComboFix.exe /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

Once downloaded, double-click on the DeFogger icon to start the tool.
The application window will appear.
You should now click on the Enable button to re-enable your CD Emulation drivers.
When it prompts you whether or not you want to continue, please click on the Yes button to continue.
When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Delete the following if still present:

adwcleaner.exe

tdsskiller.exe

roguekiller.exe

mbar.exe

jrt.exe

Dr Web Cure-It

stinger.exe

MS safety scanner

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

Print out and Save the Safer Practices for your future reference.

Safer practices & malware prevention

Have a hardware router between the incoming internet-modem and your computer.
Use a Standard user account rather than an administrator-rights account when "surfing" the web.
Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Important Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Get notified when the MVPS HOSTS file is updated
http://winhelp2002.mvps.org/updates.htm
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
How to create a Windows system image in Windows 7 and Windows 8
http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
Consider using Web of Trust WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on
Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
Don't plug in an unknown flash/thumb drive into your PC.
IF you must do so, hold down the SHIFT-key when you insert the drive.
Scan any file with your Antivirus prior to opening or using.
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:

ESET Online Scanner
BitDefender Quickscan
Trend Micro Housecall
F-Secure Online Scanner
Microsoft Safety Scanner
Panda ActiveScan
See Six tips to help you stay safer online
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

Maurice Naggar · June 7, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Help, possibly infected (seeking expert advising)

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information