Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Programs can't access internet
Message
<blockquote data-quote="Derek Richardson" data-source="post: 300872" data-attributes="member: 30478"><p>ComboFix 14-11-15.01 - Gaming 11/17/2014 8:44.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5354 [GMT -7:00]</p><p>Running from: d:\users\Gaming\Gaming\Downloads\ComboFix.exe</p><p>AV: Antivirus *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}</p><p>SP: Antivirus *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}</p><p>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p> * Created a new restore point</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\1385789625.bdinstall.bin</p><p>c:\programdata\1415510644.bdinstall.bin</p><p>c:\programdata\ntuser.pol</p><p>c:\users\Gaming\AppData\Roaming\SpeedRunnersLog.txt</p><p>c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}</p><p>c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico</p><p>D:\install.exe</p><p>D:\setup.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-10-17 to 2014-11-17 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-11-15 22:51 . 2014-11-15 22:51 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys</p><p>2014-11-15 22:46 . 2014-11-15 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware</p><p>2014-11-15 15:26 . 2014-11-15 15:26 -------- d-----w- c:\users\Gaming\AppData\Local\Origin</p><p>2014-11-15 03:16 . 2014-10-20 09:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E75D0FC9-3D3F-4D83-92FD-DA76911AB2B3}\mpengine.dll</p><p>2014-11-13 17:50 . 2014-11-17 15:38 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp</p><p>2014-11-13 17:28 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll</p><p>2014-11-13 14:40 . 2014-11-17 15:48 -------- d-----w- c:\users\Gaming\AppData\Local\Temp</p><p>2014-11-13 14:26 . 2014-11-13 14:38 -------- d-----w- C:\zoek_backup</p><p>2014-11-10 16:15 . 2014-11-12 06:42 -------- d-----w- C:\AdwCleaner</p><p>2014-11-09 20:21 . 2014-11-16 22:14 -------- d-----w- C:\FRST</p><p>2014-11-09 05:29 . 2014-11-09 05:29 -------- d-----w- c:\users\Gaming\AppData\Roaming\F-Secure</p><p>2014-11-09 05:28 . 2014-11-09 06:38 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys</p><p>2014-11-09 05:17 . 2014-11-09 05:28 -------- d-----w- c:\program files (x86)\F-Secure</p><p>2014-11-09 05:17 . 2014-11-09 17:06 -------- d-----w- c:\users\Gaming\AppData\Local\F-Secure</p><p>2014-11-09 05:13 . 2014-11-09 05:28 -------- d-----w- c:\programdata\F-Secure</p><p>2014-11-08 23:16 . 2014-11-08 23:16 -------- d-----w- c:\users\Gaming\AppData\Roaming\Curiolab</p><p>2014-11-08 17:19 . 2014-11-08 17:19 -------- d-s---w- c:\windows\SysWow64\Microsoft</p><p>2014-11-08 16:58 . 2014-11-08 17:04 -------- d-----w- c:\programdata\HitmanPro</p><p>2014-11-08 16:22 . 2014-11-08 16:22 -------- d-----w- c:\programdata\Licenses</p><p>2014-11-08 16:22 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL</p><p>2014-11-08 06:11 . 2014-11-08 22:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy</p><p>2014-11-08 06:11 . 2014-11-08 22:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2</p><p>2014-11-08 05:16 . 2014-11-15 22:46 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2014-11-08 05:15 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-11-08 05:15 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-11-08 05:15 . 2014-10-01 18:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-11-07 15:50 . 2014-11-08 17:21 -------- d-----w- c:\programdata\AVAST Software</p><p>2014-11-07 08:27 . 2014-11-07 08:27 -------- d-----w- c:\users\Gaming\AppData\Local\Avg2015</p><p>2014-11-05 17:45 . 2014-11-05 17:45 -------- d-----w- c:\programdata\COMODO</p><p>2014-11-05 17:45 . 2014-11-05 17:45 -------- d-----w- c:\program files (x86)\COMODO</p><p>2014-11-04 15:49 . 2014-10-30 00:56 614728 ----a-w- c:\windows\SysWow64\nvStreaming.exe</p><p>2014-10-30 05:02 . 2014-10-30 19:57 -------- d-----w- c:\programdata\WinZip</p><p>2014-10-26 03:28 . 2014-10-26 03:28 -------- d-----w- c:\users\Gaming\AppData\Roaming\NVIDIA</p><p>2014-10-24 14:23 . 2014-10-30 02:10 6880968 ----a-w- c:\windows\system32\nvcpl.dll</p><p>2014-10-24 14:23 . 2014-10-30 02:10 3533632 ----a-w- c:\windows\system32\nvsvc64.dll</p><p>2014-10-24 14:23 . 2014-10-30 02:10 935232 ----a-w- c:\windows\system32\nvvsvc.exe</p><p>2014-10-24 14:23 . 2014-10-30 02:10 61640 ----a-w- c:\windows\system32\nvshext.dll</p><p>2014-10-24 14:23 . 2014-10-30 02:10 2558792 ----a-w- c:\windows\system32\nvsvcr.dll</p><p>2014-10-24 14:23 . 2014-10-30 02:10 385352 ----a-w- c:\windows\system32\nvmctray.dll</p><p>2014-10-24 14:23 . 2014-10-27 00:34 4066553 ----a-w- c:\windows\system32\nvcoproc.bin</p><p>2014-10-24 14:23 . 2014-10-30 04:53 73872 ----a-w- c:\windows\system32\OpenCL.dll</p><p>2014-10-24 14:23 . 2014-10-30 04:53 60744 ----a-w- c:\windows\SysWow64\OpenCL.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 987008 ----a-w- c:\windows\system32\nvumdshimx.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 3237528 ----a-w- c:\windows\system32\nvapi64.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 2849224 ----a-w- c:\windows\SysWow64\nvapi.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 20966504 ----a-w- c:\windows\system32\nvwgf2umx.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 19966856 ----a-w- c:\windows\system32\nvd3dumx.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 18497600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll</p><p>2014-10-24 14:22 . 2014-10-30 04:53 16886168 ----a-w- c:\windows\SysWow64\nvd3dum.dll</p><p>2014-10-24 14:22 . 2014-10-16 16:54 31520 ----a-w- c:\windows\system32\nvhdap64.dll</p><p>2014-10-24 14:22 . 2014-10-16 16:54 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys</p><p>2014-10-24 14:22 . 2014-10-16 16:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll</p><p>2014-10-24 14:22 . 2014-10-16 16:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll</p><p>2014-10-24 14:22 . 2014-10-16 16:54 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll</p><p>2014-10-23 04:56 . 2014-10-23 04:56 129752 ----a-w- c:\windows\system32\drivers\6B23676F.sys</p><p>2014-10-20 21:44 . 2014-10-20 21:44 -------- d-----w- c:\program files (x86)\Common Files\Java</p><p>2014-10-20 21:44 . 2014-10-20 21:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-10-20 21:44 . 2014-10-20 21:44 -------- d-----w- c:\program files (x86)\Java</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-11-17 15:38 . 2014-01-30 20:21 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys</p><p>2014-11-17 15:38 . 2013-06-24 17:15 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys</p><p>2014-11-13 17:46 . 2013-06-22 03:27 103374192 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-11-12 18:19 . 2013-06-22 16:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-11-12 18:19 . 2013-06-22 16:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-11-04 21:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe</p><p>2014-10-10 14:44 . 2014-10-10 14:44 39168 ----a-w- c:\windows\system32\drivers\ScpVBus.sys</p><p>2014-10-10 14:44 . 2014-10-10 14:44 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll</p><p>2014-10-10 14:44 . 2014-10-10 14:44 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll</p><p>2014-10-04 06:42 . 2014-06-18 16:12 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll</p><p>2014-10-04 06:42 . 2013-12-22 02:13 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll</p><p>2014-10-04 06:41 . 2014-06-18 16:12 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll</p><p>2014-10-04 06:41 . 2013-12-22 02:13 2800296 ----a-w- c:\windows\system32\nvspcap64.dll</p><p>2014-09-25 02:08 . 2014-09-30 20:35 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-09-25 01:40 . 2014-09-30 20:35 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-09 22:11 . 2014-09-24 14:54 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-09 21:47 . 2014-09-24 14:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>2014-09-05 02:11 . 2014-10-15 03:53 6584320 ----a-w- c:\windows\system32\mstscax.dll</p><p>2014-09-05 01:52 . 2014-10-15 03:53 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll</p><p>2014-09-04 19:14 . 2014-09-21 04:41 38048 ----a-w- c:\windows\system32\drivers\nvvad64v.sys</p><p>2014-09-04 19:14 . 2014-09-21 04:41 32416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll</p><p>2014-09-04 19:14 . 2013-12-22 02:11 34976 ----a-w- c:\windows\system32\nvaudcap64v.dll</p><p>2014-09-04 05:23 . 2014-10-15 03:53 424448 ----a-w- c:\windows\system32\rastls.dll</p><p>2014-09-04 05:04 . 2014-10-15 03:53 372736 ----a-w- c:\windows\SysWow64\rastls.dll</p><p>2014-08-29 02:07 . 2014-10-15 03:53 3179520 ----a-w- c:\windows\system32\rdpcorets.dll</p><p>2014-08-28 14:43 . 2012-07-17 21:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2014-08-23 02:07 . 2014-08-28 14:47 404480 ----a-w- c:\windows\system32\gdi32.dll</p><p>2014-08-23 01:45 . 2014-08-28 14:47 311808 ----a-w- c:\windows\SysWow64\gdi32.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown</p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Xvid"="d:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]</p><p>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-07 7767832]</p><p>"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760]</p><p>"gs_mngr"="d:\program files (x86)\GameSave Manager v3\gs_mngr_3.exe" [2013-06-23 2813440]</p><p>"GoogleChromeAutoLaunch_80E264C459C6157EE29EA850326141FA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]</p><p>"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]</p><p>"Akamai NetSession Interface"="c:\users\Gaming\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-10-23 502328]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]</p><p>"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-06-30 526240]</p><p>"LWS"="d:\lws\Webcam Software\LWS.exe" [2012-09-13 204136]</p><p>"LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-04 3835728]</p><p>"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]</p><p>"F-Secure Hoster (666)"="c:\program files (x86)\F-Secure\fshoster32.exe" [2014-07-08 187432]</p><p>"F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2014-06-24 310312]</p><p>.</p><p>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</p><p>"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984]</p><p>.</p><p>c:\users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>GameStop Now.lnk - d:\program files (x86)\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-8-16 316416]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"SoftwareSASGeneration"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]</p><p>@=""</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]</p><p>@=""</p><p>.</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe;d:\program files (x86)\Skype\Updater\Updater.exe [x]</p><p>R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]</p><p>R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]</p><p>R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]</p><p>R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]</p><p>R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]</p><p>R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]</p><p>R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]</p><p>R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]</p><p>R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]</p><p>R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]</p><p>R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]</p><p>R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]</p><p>S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]</p><p>S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]</p><p>S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]</p><p>S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]</p><p>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]</p><p>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]</p><p>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]</p><p>S2 Ds3Service;SCP DS3 Service;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe [x]</p><p>S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe;c:\program files (x86)\F-Secure\fshoster32.exe [x]</p><p>S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [x]</p><p>S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]</p><p>S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]</p><p>S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]</p><p>S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]</p><p>S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]</p><p>S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]</p><p>S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]</p><p>S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]</p><p>S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]</p><p>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]</p><p>S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]</p><p>S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]</p><p>S3 fsni;fsni;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [x]</p><p>S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]</p><p>S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]</p><p>S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]</p><p>S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]</p><p>S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]</p><p>S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]</p><p>S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]</p><p>S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]</p><p>S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]</p><p>S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]</p><p>S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]</p><p>S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]</p><p>.</p><p>.</p><p>--- Other Services/Drivers In Memory ---</p><p>.</p><p>*NewlyCreated* - NTIOLIB_1_0_3</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-10-27 21:29 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 18:19]</p><p>.</p><p>2014-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 14:23]</p><p>.</p><p>2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 14:23]</p><p>.</p><p>2014-11-17 c:\windows\Tasks\SlimDrivers Startup.job</p><p>- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 18:49]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]</p><p>"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]</p><p>"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-10-04 2800296]</p><p>"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7634648]</p><p>"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2463552]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uInternet Settings,ProxyOverride = <local>;*.local</p><p>Trusted Zone: clonewarsadventures.com</p><p>Trusted Zone: freerealms.com</p><p>Trusted Zone: soe.com</p><p>Trusted Zone: sony.com</p><p>TCP: DhcpNameServer = 192.168.1.1</p><p>FF - ProfilePath - c:\users\Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\sw5c5880.default\</p><p>FF - prefs.js: browser.search.defaulturl -</p><p>FF - prefs.js: browser.startup.homepage - hxxps://<a href="http://www.yahoo.com/" target="_blank">www.yahoo.com/</a></p><p>FF - prefs.js: network.proxy.type - 4</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - d:\program files\Bitdefender\Bitdefender\pmbxag.exe</p><p>Wow6432Node-HKU-Default-Run-Bitdefender Wallet - d:\program files\Bitdefender\Bitdefender\pwdmanui.exe</p><p>Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - d:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe</p><p>SafeBoot-54503901.sys</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)</p><p>HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe</p><p>AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins000.exe</p><p>AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe</p><p>AddRemove-{817c6bb8-ea2d-4e12-abbc-e33c3de43f64} - c:\programdata\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe</p><p>AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe</p><p>AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe</p><p>AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe</p><p>AddRemove-1365825980.<a href="http://www.paramountmovies.com" target="_blank">www.paramountmovies.com</a> - c:\program files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]</p><p>"ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="WindowsLiveMail.Email.1"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</p><p>@Denied: (2) (LocalSystem)</p><p>"Progid"="WindowsLiveMail.VCard.1"</p><p>.</p><p>[HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\SecuROM\License information*]</p><p>"datasecu"=hex:b4,6e,ff,e8,98,61,a8,7d,20,11,9e,3b,2f,56,f7,ee,63,1f,ce,b5,8b,</p><p> 11,b3,f5,19,85,b7,b4,a8,7b,17,02,c2,c1,c4,82,e1,b5,71,f8,59,3c,64,cf,50,37,\</p><p>"rkeysecu"=hex:7b,a5,68,4b,4d,b4,e4,1a,5a,5e,b5,78,09,3c,a0,6b</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.15"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]</p><p>@Denied: ) (Everyone)</p><p>"AgentIdentifier"="7c535004-f052-41e5-85e9-9fe950908a2d"</p><p>"AuthorizationCode"=""</p><p>"666_AgentIdentifier"="7c535004-f052-41e5-85e9-9fe950908a2d"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Completion time: 2014-11-17 08:50:16</p><p>ComboFix-quarantined-files.txt 2014-11-17 15:50</p><p>.</p><p>Pre-Run: 8,103,342,080 bytes free</p><p>Post-Run: 7,635,898,368 bytes free</p><p>.</p><p>- - End Of File - - 6A555D2594B85D4BA32CD00E578F091D</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="Derek Richardson, post: 300872, member: 30478"] ComboFix 14-11-15.01 - Gaming 11/17/2014 8:44.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.5354 [GMT -7:00] Running from: d:\users\Gaming\Gaming\Downloads\ComboFix.exe AV: Antivirus *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: Antivirus *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1385789625.bdinstall.bin c:\programdata\1415510644.bdinstall.bin c:\programdata\ntuser.pol c:\users\Gaming\AppData\Roaming\SpeedRunnersLog.txt c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico D:\install.exe D:\setup.exe . . ((((((((((((((((((((((((( Files Created from 2014-10-17 to 2014-11-17 ))))))))))))))))))))))))))))))) . . 2014-11-15 22:51 . 2014-11-15 22:51 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys 2014-11-15 22:46 . 2014-11-15 22:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-11-15 15:26 . 2014-11-15 15:26 -------- d-----w- c:\users\Gaming\AppData\Local\Origin 2014-11-15 03:16 . 2014-10-20 09:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E75D0FC9-3D3F-4D83-92FD-DA76911AB2B3}\mpengine.dll 2014-11-13 17:50 . 2014-11-17 15:38 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp 2014-11-13 17:28 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll 2014-11-13 14:40 . 2014-11-17 15:48 -------- d-----w- c:\users\Gaming\AppData\Local\Temp 2014-11-13 14:26 . 2014-11-13 14:38 -------- d-----w- C:\zoek_backup 2014-11-10 16:15 . 2014-11-12 06:42 -------- d-----w- C:\AdwCleaner 2014-11-09 20:21 . 2014-11-16 22:14 -------- d-----w- C:\FRST 2014-11-09 05:29 . 2014-11-09 05:29 -------- d-----w- c:\users\Gaming\AppData\Roaming\F-Secure 2014-11-09 05:28 . 2014-11-09 06:38 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys 2014-11-09 05:17 . 2014-11-09 05:28 -------- d-----w- c:\program files (x86)\F-Secure 2014-11-09 05:17 . 2014-11-09 17:06 -------- d-----w- c:\users\Gaming\AppData\Local\F-Secure 2014-11-09 05:13 . 2014-11-09 05:28 -------- d-----w- c:\programdata\F-Secure 2014-11-08 23:16 . 2014-11-08 23:16 -------- d-----w- c:\users\Gaming\AppData\Roaming\Curiolab 2014-11-08 17:19 . 2014-11-08 17:19 -------- d-s---w- c:\windows\SysWow64\Microsoft 2014-11-08 16:58 . 2014-11-08 17:04 -------- d-----w- c:\programdata\HitmanPro 2014-11-08 16:22 . 2014-11-08 16:22 -------- d-----w- c:\programdata\Licenses 2014-11-08 16:22 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2014-11-08 06:11 . 2014-11-08 22:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-11-08 06:11 . 2014-11-08 22:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-11-08 05:16 . 2014-11-15 22:46 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-11-08 05:15 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-08 05:15 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-08 05:15 . 2014-10-01 18:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-07 15:50 . 2014-11-08 17:21 -------- d-----w- c:\programdata\AVAST Software 2014-11-07 08:27 . 2014-11-07 08:27 -------- d-----w- c:\users\Gaming\AppData\Local\Avg2015 2014-11-05 17:45 . 2014-11-05 17:45 -------- d-----w- c:\programdata\COMODO 2014-11-05 17:45 . 2014-11-05 17:45 -------- d-----w- c:\program files (x86)\COMODO 2014-11-04 15:49 . 2014-10-30 00:56 614728 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-10-30 05:02 . 2014-10-30 19:57 -------- d-----w- c:\programdata\WinZip 2014-10-26 03:28 . 2014-10-26 03:28 -------- d-----w- c:\users\Gaming\AppData\Roaming\NVIDIA 2014-10-24 14:23 . 2014-10-30 02:10 6880968 ----a-w- c:\windows\system32\nvcpl.dll 2014-10-24 14:23 . 2014-10-30 02:10 3533632 ----a-w- c:\windows\system32\nvsvc64.dll 2014-10-24 14:23 . 2014-10-30 02:10 935232 ----a-w- c:\windows\system32\nvvsvc.exe 2014-10-24 14:23 . 2014-10-30 02:10 61640 ----a-w- c:\windows\system32\nvshext.dll 2014-10-24 14:23 . 2014-10-30 02:10 2558792 ----a-w- c:\windows\system32\nvsvcr.dll 2014-10-24 14:23 . 2014-10-30 02:10 385352 ----a-w- c:\windows\system32\nvmctray.dll 2014-10-24 14:23 . 2014-10-27 00:34 4066553 ----a-w- c:\windows\system32\nvcoproc.bin 2014-10-24 14:23 . 2014-10-30 04:53 73872 ----a-w- c:\windows\system32\OpenCL.dll 2014-10-24 14:23 . 2014-10-30 04:53 60744 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-10-24 14:22 . 2014-10-30 04:53 987008 ----a-w- c:\windows\system32\nvumdshimx.dll 2014-10-24 14:22 . 2014-10-30 04:53 3237528 ----a-w- c:\windows\system32\nvapi64.dll 2014-10-24 14:22 . 2014-10-30 04:53 2849224 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-10-24 14:22 . 2014-10-30 04:53 20966504 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-10-24 14:22 . 2014-10-30 04:53 19966856 ----a-w- c:\windows\system32\nvd3dumx.dll 2014-10-24 14:22 . 2014-10-30 04:53 18497600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-10-24 14:22 . 2014-10-30 04:53 16886168 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-10-24 14:22 . 2014-10-16 16:54 31520 ----a-w- c:\windows\system32\nvhdap64.dll 2014-10-24 14:22 . 2014-10-16 16:54 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2014-10-24 14:22 . 2014-10-16 16:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll 2014-10-24 14:22 . 2014-10-16 16:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll 2014-10-24 14:22 . 2014-10-16 16:54 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2014-10-23 04:56 . 2014-10-23 04:56 129752 ----a-w- c:\windows\system32\drivers\6B23676F.sys 2014-10-20 21:44 . 2014-10-20 21:44 -------- d-----w- c:\program files (x86)\Common Files\Java 2014-10-20 21:44 . 2014-10-20 21:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-10-20 21:44 . 2014-10-20 21:44 -------- d-----w- c:\program files (x86)\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-17 15:38 . 2014-01-30 20:21 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2014-11-17 15:38 . 2013-06-24 17:15 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-11-13 17:46 . 2013-06-22 03:27 103374192 ----a-w- c:\windows\system32\MRT.exe 2014-11-12 18:19 . 2013-06-22 16:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-11-12 18:19 . 2013-06-22 16:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-11-04 21:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-10 14:44 . 2014-10-10 14:44 39168 ----a-w- c:\windows\system32\drivers\ScpVBus.sys 2014-10-10 14:44 . 2014-10-10 14:44 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2014-10-10 14:44 . 2014-10-10 14:44 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll 2014-10-04 06:42 . 2014-06-18 16:12 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll 2014-10-04 06:42 . 2013-12-22 02:13 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll 2014-10-04 06:41 . 2014-06-18 16:12 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll 2014-10-04 06:41 . 2013-12-22 02:13 2800296 ----a-w- c:\windows\system32\nvspcap64.dll 2014-09-25 02:08 . 2014-09-30 20:35 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-09-30 20:35 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-09 22:11 . 2014-09-24 14:54 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 14:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-05 02:11 . 2014-10-15 03:53 6584320 ----a-w- c:\windows\system32\mstscax.dll 2014-09-05 01:52 . 2014-10-15 03:53 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-09-04 19:14 . 2014-09-21 04:41 38048 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2014-09-04 19:14 . 2014-09-21 04:41 32416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2014-09-04 19:14 . 2013-12-22 02:11 34976 ----a-w- c:\windows\system32\nvaudcap64v.dll 2014-09-04 05:23 . 2014-10-15 03:53 424448 ----a-w- c:\windows\system32\rastls.dll 2014-09-04 05:04 . 2014-10-15 03:53 372736 ----a-w- c:\windows\SysWow64\rastls.dll 2014-08-29 02:07 . 2014-10-15 03:53 3179520 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-28 14:43 . 2012-07-17 21:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-23 02:07 . 2014-08-28 14:47 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 14:47 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xvid"="d:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-07 7767832] "Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2014-10-01 22065760] "gs_mngr"="d:\program files (x86)\GameSave Manager v3\gs_mngr_3.exe" [2013-06-23 2813440] "GoogleChromeAutoLaunch_80E264C459C6157EE29EA850326141FA"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984] "Akamai NetSession Interface"="c:\users\Gaming\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-10-23 502328] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744] "NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-06-30 526240] "LWS"="d:\lws\Webcam Software\LWS.exe" [2012-09-13 204136] "LogMeIn Hamachi Ui"="d:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-04 3835728] "iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "F-Secure Hoster (666)"="c:\program files (x86)\F-Secure\fshoster32.exe" [2014-07-08 187432] "F-Secure Manager"="c:\program files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2014-06-24 310312] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-07-23 688984] . c:\users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameStop Now.lnk - d:\program files (x86)\GameStop App\Now\GameStopNow.exe [2013-1-18 1963872] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-8-16 316416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe;d:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x] R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x] R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x] R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x] R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 Ds3Service;SCP DS3 Service;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe;c:\program files\Scarlet.Crush Productions\bin\ScpService.exe [x] S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\F-Secure\fshoster32.exe;c:\program files (x86)\F-Secure\fshoster32.exe [x] S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x] S3 fsni;fsni;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\F-Secure\apps\CCF_Scanning\bin\fsni64.sys [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NTIOLIB_1_0_3 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-10-27 21:29 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22 18:19] . 2014-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 14:23] . 2014-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 14:23] . 2014-11-17 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 18:49] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-10-04 2800296] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2000-01-01 7634648] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-10-04 2463552] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = <local>;*.local Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\sw5c5880.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxps://[url="http://www.yahoo.com/"]www.yahoo.com/[/url] FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - d:\program files\Bitdefender\Bitdefender\pmbxag.exe Wow6432Node-HKU-Default-Run-Bitdefender Wallet - d:\program files\Bitdefender\Bitdefender\pwdmanui.exe Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - d:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe SafeBoot-54503901.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe AddRemove-FreeFileViewer_is1 - c:\program files (x86)\FreeFileViewer\unins000.exe AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe AddRemove-{817c6bb8-ea2d-4e12-abbc-e33c3de43f64} - c:\programdata\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe AddRemove-{95716cce-fc71-413f-8ad5-56c2892d4b3a} - c:\programdata\Package Cache\{95716cce-fc71-413f-8ad5-56c2892d4b3a}\vcredist_x86.exe AddRemove-{a1909659-0a08-4554-8af1-2175904903a1} - c:\programdata\Package Cache\{a1909659-0a08-4554-8af1-2175904903a1}\vcredist_x64.exe AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe AddRemove-1365825980.[url="http://www.paramountmovies.com"]www.paramountmovies.com[/url] - c:\program files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster] "ImagePath"="\"c:\program files (x86)\F-Secure\fshoster32.exe\" -hosterid:0" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-175706665-1042143441-1973932817-1000\Software\SecuROM\License information*] "datasecu"=hex:b4,6e,ff,e8,98,61,a8,7d,20,11,9e,3b,2f,56,f7,ee,63,1f,ce,b5,8b, 11,b3,f5,19,85,b7,b4,a8,7b,17,02,c2,c1,c4,82,e1,b5,71,f8,59,3c,64,cf,50,37,\ "rkeysecu"=hex:7b,a5,68,4b,4d,b4,e4,1a,5a,5e,b5,78,09,3c,a0,6b . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected] @Denied: ) (Everyone) "AgentIdentifier"="7c535004-f052-41e5-85e9-9fe950908a2d" "AuthorizationCode"="" "666_AgentIdentifier"="7c535004-f052-41e5-85e9-9fe950908a2d" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-17 08:50:16 ComboFix-quarantined-files.txt 2014-11-17 15:50 . Pre-Run: 8,103,342,080 bytes free Post-Run: 7,635,898,368 bytes free . - - End Of File - - 6A555D2594B85D4BA32CD00E578F091D A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top