Jump to content

FBI Moneypak Virus - Help required to fix using FRST.exe


Recommended Posts

I've used MalwareBytes many times in the past and it has never failed me. However, this recent virus I've managed to contract has got me stumped.

I'm referring to the FBI Moneypak virus that it appears many other users have found themselves dealing with. After examining multiple threads, I've discovered that the developers of this virus are actively working to improve it's capabilities of limiting administrative usage of Windows features; such as safe mode (which automatically sets PCs into restart), and system restore (which always fails). Previously, users have been able to use either of the aforementioned methods to get rid of the FBI Moneypak virus. But as of June 15, 2013 these methods are useless.

Many helpers on these forums have been successful in assisting users in removing this virus through use of Farbar Recovery Scan Tool. (FRST64.exe) However, each user is being directed by helpers to imput a unique notepad/command prompt code. Since I'd like to advert any kinds of further damage this could cause by improperly imputing commands, I'm requesting a kind soul to give me a step-by-step walkthrough on how to get rid of this virus.

Keep in mind, I already have FRST.exe on my flashdrive, I'd just like to get further insight on how to progress from this point forward. I am running Windows 7 64-bit.

Many, many thanks in advance,

Max

Link to post
Share on other sites

Hello MPWSEA and welcome to Malwarebytes!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Hello DFB, many thanks for the speedy reply. :)

Here is a copy of what FRST has scanned:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013

Ran by SYSTEM on 15-06-2013 17:22:42

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF" [x]

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [192520 2010-10-12] (Trend Micro Inc.)

HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none" [322384 2010-09-17] (Trend Micro Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2283816 2010-08-12] (Synaptics Incorporated)

HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [92456 2010-08-12] (Synaptics Incorporated)

HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()

HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [25600 2010-09-14] (Creative Technology Ltd.)

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)

HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [43008 2011-04-08] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [84464 2011-04-01] ()

HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909312 2011-03-16] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [x]

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2255184 2013-05-15] (LogMeIn Inc.)

HKU\Administrator\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\Max\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)

HKU\Max\...\Run: [uTorrent] "C:\Users\Max\Downloads\utorrent.exe" /MINIMIZED [735608 2012-01-17] (BitTorrent, Inc.)

HKU\Max\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2009-11-15] (Alcohol Soft Development Team)

HKU\Max\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\Max\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)

HKU\Max\...\Run: [internet Security] C:\ProgramData\amsecure.exe [x]

HKU\Max\...\Run: [Madis] rundll32.exe C:\Users\Max\AppData\Local\Madis\llskthpu.dll,createactivemodel [483356 2012-12-28] () <===== ATTENTION

HKU\Max\...\Winlogon: [shell] explorer.exe,C:\Users\Max\AppData\Roaming\skype.dat [156160 2011-11-16] (EnerLine Software Int.) <==== ATTENTION

HKU\UpdatusUser\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\UpdatusUser\...\Run: [Adobe CSS5.1 Manager] C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad\decaccdaad.exe [209920 2013-06-15] () <===== ATTENTION

HKU\UpdatusUser\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad\decaccdaad.exe [209920 2013-06-15] () <===== ATTENTION

Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk

ShortcutTarget: GameRanger.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] ()

S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)

S2 FastUserSwitchingCompatibility; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S2 HiPatchService; D:\Tribes\HiPatchService.exe [8704 2012-02-20] (Hi-Rez Studios)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

S2 msagent; C:\Windows\msagent.exe [430080 2013-06-15] ()

S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)

S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-20] ()

S2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [107832 2012-07-20] ()

S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

S2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)

S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]

==================== Drivers (Whitelisted) ====================

S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)

S1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-25] (ASUS)

S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [56320 2011-04-08] (Fresco Logic)

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-05-21] (Duplex Secure Ltd.)

S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)

S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)

S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)

S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)

S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-15 16:44 - 2013-06-15 16:44 - 00000000 ____D C:\FRST

2013-06-15 14:27 - 2013-06-15 14:27 - 00003352 ____N C:\bootsqm.dat

2013-06-15 14:23 - 2013-06-15 14:23 - 00000000 __SHD C:\found.001

2013-06-15 12:33 - 2013-06-15 14:46 - 00000004 ____A C:\Users\Max\AppData\Roaming\skype.ini

2013-06-15 12:31 - 2013-06-15 12:31 - 00430080 ____A () C:\Windows\msagent.exe

2013-06-15 12:29 - 2013-06-15 14:00 - 00000344 ___AH C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

2013-06-15 12:29 - 2013-06-15 12:29 - 00156160 ____A (EnerLine Software Int.) C:\csrss.exe

2013-06-15 12:29 - 2013-06-15 12:29 - 00154112 ____A C:\conhost.exe

2013-06-15 12:29 - 2013-06-15 12:29 - 00049152 ____A C:\acrobat.exe

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer

2013-06-10 17:59 - 2013-06-10 17:59 - 00203708 ____A (Corduzon Ltd) C:\5884408.exe

2013-06-02 22:37 - 2013-06-02 22:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia

2013-06-02 22:37 - 2013-06-02 22:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe

2013-06-02 20:37 - 2013-06-15 12:29 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad

2013-05-27 11:35 - 2013-05-27 11:35 - 00184229 ____A (Mineapolis Ltd) C:\5902799.exe

2013-05-27 11:35 - 2013-05-27 11:35 - 00000000 ____D C:\Users\Max\AppData\Local\Madis

2013-05-23 05:29 - 2013-05-23 05:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-05-16 22:35 - 2013-06-06 23:04 - 00001941 ____A C:\Users\Max\Desktop\settings.hldj

2013-05-16 22:35 - 2013-05-16 22:35 - 00000000 ____D C:\Users\Max\Desktop\custom

2013-05-16 22:33 - 2013-05-16 22:33 - 00000000 ____D C:\Users\Max\Desktop\Audio

==================== One Month Modified Files and Folders =======

2013-06-15 16:44 - 2013-06-15 16:44 - 00000000 ____D C:\FRST

2013-06-15 15:41 - 2011-12-26 10:52 - 00000000 ____D C:\users\Max

2013-06-15 15:41 - 2011-10-06 11:29 - 00000000 ____D C:\ProgramData\P4G

2013-06-15 15:41 - 2011-10-06 11:27 - 00000000 ____D C:\ProgramData\Atheros

2013-06-15 15:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-06-15 14:47 - 2011-04-01 20:36 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-15 14:46 - 2013-06-15 12:33 - 00000004 ____A C:\Users\Max\AppData\Roaming\skype.ini

2013-06-15 14:46 - 2011-10-06 11:29 - 00001562 ____A C:\Windows\System32\ServiceFilter.ini

2013-06-15 14:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-15 14:45 - 2012-05-15 16:53 - 00000000 ____D C:\ProgramData\NVIDIA

2013-06-15 14:45 - 2009-07-13 20:51 - 00104170 ____A C:\Windows\setupact.log

2013-06-15 14:27 - 2013-06-15 14:27 - 00003352 ____N C:\bootsqm.dat

2013-06-15 14:23 - 2013-06-15 14:23 - 00000000 __SHD C:\found.001

2013-06-15 14:06 - 2009-07-13 21:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-06-15 14:03 - 2011-12-26 19:08 - 00000000 ____D C:\Program Files (x86)\Steam

2013-06-15 14:03 - 2011-12-26 10:54 - 00000000 ____D C:\Users\Max\Documents\Bluetooth Folder

2013-06-15 14:02 - 2013-02-26 07:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-15 14:01 - 2011-04-01 20:36 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-15 14:00 - 2013-06-15 12:29 - 00000344 ___AH C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

2013-06-15 13:58 - 2011-04-01 20:17 - 00126976 ____A C:\Windows\PFRO.log

2013-06-15 13:49 - 2011-12-26 19:57 - 00000000 ____D C:\Users\Max\AppData\Roaming\Skype

2013-06-15 12:31 - 2013-06-15 12:31 - 00430080 ____A () C:\Windows\msagent.exe

2013-06-15 12:29 - 2013-06-15 12:29 - 00156160 ____A (EnerLine Software Int.) C:\csrss.exe

2013-06-15 12:29 - 2013-06-15 12:29 - 00154112 ____A C:\conhost.exe

2013-06-15 12:29 - 2013-06-15 12:29 - 00049152 ____A C:\acrobat.exe

2013-06-15 12:29 - 2013-06-02 20:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad

2013-06-15 10:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-15 10:22 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-15 10:16 - 2012-02-20 23:32 - 00000000 ____D C:\Users\Max\AppData\Local\LogMeIn Hamachi

2013-06-14 13:56 - 2012-01-27 15:46 - 00000000 ____D C:\Users\Max\AppData\Roaming\SoftGrid Client

2013-06-14 13:55 - 2012-01-27 15:55 - 00000000 ____D C:\Users\Max\AppData\Local\TSVNCache

2013-06-14 09:26 - 2009-07-13 21:13 - 00903280 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-14 09:19 - 2011-10-06 11:32 - 00045056 ____A C:\Windows\System32\acovcnt.exe

2013-06-14 07:25 - 2012-09-14 12:34 - 00000000 ____D C:\users\Administrator

2013-06-14 07:24 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-06-11 17:05 - 2011-10-06 11:13 - 01073349 ____A C:\Windows\WindowsUpdate.log

2013-06-11 17:02 - 2013-02-26 07:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-06-11 17:02 - 2013-02-26 07:12 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer

2013-06-11 16:16 - 2013-06-11 16:16 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer

2013-06-11 14:45 - 2011-12-26 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-06-11 14:45 - 2011-12-26 19:57 - 00000000 ____D C:\ProgramData\Skype

2013-06-10 17:59 - 2013-06-10 17:59 - 00203708 ____A (Corduzon Ltd) C:\5884408.exe

2013-06-09 01:31 - 2013-02-26 07:12 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-06-09 01:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat

2013-06-06 23:04 - 2013-05-16 22:35 - 00001941 ____A C:\Users\Max\Desktop\settings.hldj

2013-06-02 22:37 - 2013-06-02 22:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia

2013-06-02 22:37 - 2013-06-02 22:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe

2013-05-27 11:35 - 2013-05-27 11:35 - 00184229 ____A (Mineapolis Ltd) C:\5902799.exe

2013-05-27 11:35 - 2013-05-27 11:35 - 00000000 ____D C:\Users\Max\AppData\Local\Madis

2013-05-24 15:03 - 2012-07-07 22:21 - 00000000 ____D C:\Users\Max\AppData\Roaming\Maxthon3

2013-05-23 05:29 - 2013-05-23 05:29 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-05-20 21:32 - 2012-09-14 12:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\TSVNCache

2013-05-20 21:31 - 2012-09-14 12:36 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Folder

2013-05-19 22:19 - 2011-12-27 01:06 - 00000000 ____D C:\Users\Max\AppData\Local\CrashDumps

2013-05-18 08:58 - 2013-05-12 09:02 - 00000000 ____D C:\Users\Max\AppData\Roaming\Audacity

2013-05-16 22:35 - 2013-05-16 22:35 - 00000000 ____D C:\Users\Max\Desktop\custom

2013-05-16 22:33 - 2013-05-16 22:33 - 00000000 ____D C:\Users\Max\Desktop\Audio

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:

====================

C:\Windows\svchost.exe

ATTENTION ====> Check for partition/boot infection.

C:\Users\Max\AppData\Roaming\skype.dat

C:\Users\Max\AppData\Roaming\skype.ini

C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-15 11:49:52

==================== Memory info ===========================

Percentage of memory in use: 12%

Total physical RAM: 8169.14 MB

Available physical RAM: 7187.05 MB

Total Pagefile: 8167.29 MB

Available Pagefile: 7309.29 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:20.24 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

ATTENTION: Malware custom entry on BCD on drive c: detected.

Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:200.51 GB) NTFS (Disk=0 Partition=3)

Drive f: () (Removable) (Total:0.96 GB) (Free:0.36 GB) FAT (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AA9693FE)

Partition 00: (Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.

Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)

Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=254 GB) - (Type=OF Extended)

========================================================

Disk: 1 (Size: 988 MB) (Disk ID: 0D0C0B0A)

Partition 1: (Active) - (Size=980 MB) - (Type=0B)

LastRegBack: 2013-06-13 16:04

==================== End Of Log ============================

Regards,

Max

Link to post
Share on other sites

You have several serious infections on that computer. Let's see what we can do:

On the clean computer,

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKU\Administrator\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\Max\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\Max\...\Run: [internet Security] C:\ProgramData\amsecure.exe [x]

HKLM-x32\...\Run: [babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart [x]

HKU\Max\...\Run: [Madis] rundll32.exe C:\Users\Max\AppData\Local\Madis\llskthpu.dll,createactivemodel [483356 2012-12-28] () <===== ATTENTION

HKU\Max\...\Winlogon: [shell] explorer.exe,C:\Users\Max\AppData\Roaming\skype.dat [156160 2011-11-16] (EnerLine Software Int.) <==== ATTENTION

HKU\UpdatusUser\...\Run: [CrashDumps] rundll32 "C:\Users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll",DllRegisterServerW [638976 2013-02-16] (Microsoft Corporation) <===== ATTENTION

HKU\UpdatusUser\...\Run: [Adobe CSS5.1 Manager] C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad\decaccdaad.exe [209920 2013-06-15] () <===== ATTENTION

HKU\UpdatusUser\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad\decaccdaad.exe [209920 2013-06-15] () <===== ATTENTION

HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]

2013-06-15 12:29 - 2013-06-15 14:00 - 00000344 ___AH C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

2013-06-10 17:59 - 2013-06-10 17:59 - 00203708 ____A (Corduzon Ltd) C:\5884408.exe

2013-05-27 11:35 - 2013-05-27 11:35 - 00184229 ____A (Mineapolis Ltd) C:\5902799.exe

2013-05-27 11:35 - 2013-05-27 11:35 - 00000000 ____D C:\Users\Max\AppData\Local\Madis

2013-06-15 14:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-15 14:46 - 2013-06-15 12:33 - 00000004 ____A C:\Users\Max\AppData\Roaming\skype.ini

2013-06-15 14:47 - 2011-04-01 20:36 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-15 14:02 - 2013-02-26 07:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-15 14:01 - 2011-04-01 20:36 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-15 14:00 - 2013-06-15 12:29 - 00000344 ___AH C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

2013-06-10 17:59 - 2013-06-10 17:59 - 00203708 ____A (Corduzon Ltd) C:\5884408.exe

2013-05-27 11:35 - 2013-05-27 11:35 - 00184229 ____A (Mineapolis Ltd) C:\5902799.exe

C:\Users\Max\AppData\Roaming\skype.dat

C:\Users\Max\AppData\Roaming\skype.ini

C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job

TDL4: custom:26000022 <===== ATTENTION!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options on the infected computer.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. Afterwards, are you able to boot into Normal Mode now?

Link to post
Share on other sites

DFB,

Do not worry about the delay. Everyone needs to eat, Lol. :)

Anyways, here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-06-2013

Ran by SYSTEM at 2013-06-15 18:50:10 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\CrashDumps => Value deleted successfully.

HKU\Max\Software\Microsoft\Windows\CurrentVersion\Run\\CrashDumps => Value deleted successfully.

HKU\Max\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Babylon Client => Value deleted successfully.

HKU\Max\Software\Microsoft\Windows\CurrentVersion\Run\\Madis => Value deleted successfully.

HKU\Max\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\CrashDumps => Value deleted successfully.

HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.

HKU\UpdatusUser\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper => Value deleted successfully.

C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job => Moved successfully.

C:\5884408.exe => Moved successfully.

C:\5902799.exe => Moved successfully.

C:\Users\Max\AppData\Local\Madis => Moved successfully.

C:\Windows\Tasks\SA.DAT => Moved successfully.

C:\Users\Max\AppData\Roaming\skype.ini => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job => File/Directory not found.

C:\5884408.exe => File/Directory not found.

C:\5902799.exe => File/Directory not found.

C:\Users\Max\AppData\Roaming\skype.dat => Moved successfully.

C:\Users\Max\AppData\Roaming\skype.ini => File/Directory not found.

C:\Windows\Tasks\{C9E6951D-D683-4472-90D2-6E52CB8A33C0}.job => File/Directory not found.

The operation completed successfully.

The operation completed successfully.

Let me know what you think.

And YES, the infected computer finally does boot on the previously affected account!

What other steps must be taken from this point?

Regards,

Max

Link to post
Share on other sites

Awesome. Let's start getting rid of the rest of it:

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

Hmmm.. I seem to have run into a problem.

Upon completion of the ComboFix Scan and log creation, I am now unable to access any programs on my computer. Firefox, for example gives me a prompt upon double-click that says "Illegal operation attempted on a registry key that has been marked for deletion." Only available response is "OK" and another window comes up telling me "Cant open this item - It might have been moved, renamed or deleted. Do you want to remove this item?

Very weird because everything was working fine before this, I feel like I've taken a step back :(

Regards,

Max

Link to post
Share on other sites

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Just reboot ;).

It's getting late here so I'll call it a night. I'll check back tomorrow.

Link to post
Share on other sites

Alright, here the logs are for each step. For step 1 there were a few logs some I posted the final one produced, and for step 2 there were 3 logs and I posted the final one produced as well.

STEP 1:

19:18:45.0334 5108 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

19:18:45.0918 5108 ============================================================

19:18:45.0918 5108 Current date / time: 2013/06/15 19:18:45.0918

19:18:45.0918 5108 SystemInfo:

19:18:45.0918 5108

19:18:45.0918 5108 OS Version: 6.1.7601 ServicePack: 1.0

19:18:45.0918 5108 Product type: Workstation

19:18:45.0919 5108 ComputerName: MAX-PC

19:18:45.0919 5108 UserName: Max

19:18:45.0919 5108 Windows directory: C:\Windows

19:18:45.0919 5108 System windows directory: C:\Windows

19:18:45.0919 5108 Running under WOW64

19:18:45.0919 5108 Processor architecture: Intel x64

19:18:45.0919 5108 Number of processors: 8

19:18:45.0919 5108 Page size: 0x1000

19:18:45.0919 5108 Boot type: Normal boot

19:18:45.0919 5108 ============================================================

19:18:45.0920 5108 BG loaded

19:18:46.0808 5108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:18:46.0820 5108 ============================================================

19:18:46.0820 5108 \Device\Harddisk0\DR0:

19:18:46.0820 5108 MBR partitions:

19:18:46.0820 5108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000

19:18:48.0346 5108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800

19:18:48.0346 5108 ============================================================

19:18:48.0639 5108 C: <-> \Device\Harddisk0\DR0\Partition1

19:18:49.0295 5108 D: <-> \Device\Harddisk0\DR0\Partition2

19:18:49.0295 5108 ============================================================

19:18:49.0295 5108 Initialize success

19:18:49.0295 5108 ============================================================

19:26:27.0056 5068 Deinitialize success

STEP 2:

LOG 1:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.195000 GHz

Memory total: 8565960704, free: 6349238272

Initializing...

------------ Kernel report ------------

06/15/2013 19:23:39

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\84571232.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spka.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\FLxHCIc.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\akl6sed7.SYS

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\btath_bus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\MBfilt64.sys

\SystemRoot\system32\DRIVERS\FLxHCIh.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\System32\Drivers\RtsUVStor.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\psapi.dll

\Windows\System32\msctf.dll

\Windows\System32\nsi.dll

\Windows\System32\ole32.dll

\Windows\System32\shell32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\user32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\kernel32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\iertutil.dll

\Windows\System32\msvcrt.dll

\Windows\System32\advapi32.dll

\Windows\System32\wininet.dll

\Windows\System32\difxapi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\urlmon.dll

\Windows\System32\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007e95790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8007bd5050

Lower Device Driver Name: \Driver\iaStor\

IRP handler 0 of \Driver\iaStor is hooked

IRP handler 2 of \Driver\iaStor is hooked

IRP handler 14 of \Driver\iaStor is hooked

IRP handler 15 of \Driver\iaStor is hooked

IRP handler 16 of \Driver\iaStor is hooked

IRP handler 22 of \Driver\iaStor is hooked

IRP handler 23 of \Driver\iaStor is hooked

IRP handler 27 of \Driver\iaStor is hooked

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007e95790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8007bd5050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007e95790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007e952c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007e95790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bc0530, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8007bd5050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00dd78ab0, 0xfffffa8007e95790, 0xfffffa800a51a5c0

Lower DeviceData: 0xfffff8a001af7010, 0xfffffa8007bd5050, 0xfffffa800a5211e0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AA9693FE

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 52430848 Numsec = 390709248

Partition file system is NTFS

Partition is bootable

Partition 2 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 443140096 Numsec = 533630976

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Infected: c:\ProgramData\248A2AE70134EBDD0000248A0661F0D3\248A2AE70134EBDD0000248A0661F0D3.exe --> [Trojan.FakeAlert.RRE]

Infected: HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|248A2AE70134EBDD0000248A0661F0D3 --> [Trojan.FakeAlert.RRE]

Infected: c:\mstsc.exe --> [Trojan.Agent.BEWGen]

Infected: c:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\@ --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\n --> [Trojan.0Access]

Infected: c:\Windows\SysWOW64\akkc.tmp --> [Trojan.FakeMS]

Infected: c:\Windows\Temp\1708710.exe --> [Trojan.FakeAlert.RRE]

Infected: c:\Windows\Temp\883028.exe --> [Trojan.FakeSys]

Infected: c:\Windows\Temp\9D39.tmp --> [Trojan.Agent.BEWGen]

Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]

Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]

Infected: c:\Windows\svchost.exe --> [Trojan.Agent]

Infected: c:\csrss.exe --> [Trojan.Agent]

Infected: c:\winlogon.exe --> [Trojan.Agent]

Infected: c:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\U --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54\L --> [Trojan.Siredef.C]

Infected: c:\$Recycle.Bin\S-1-5-18\$80aa28bd953b0d79ac5259b01480de54 --> [Trojan.Siredef.C]

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify --> [PUM.Disabled.SecurityCenter]

Scan finished

Creating System Restore point...

Cleaning up...

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_52430848_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.195000 GHz

Memory total: 8565960704, free: 5758668800

Initializing...

------------ Kernel report ------------

06/15/2013 19:57:07

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\spsg.sys

\SystemRoot\System32\Drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\SCSIPORT.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\FLxHCIc.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbfiltr.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\System32\Drivers\arg8arbm.SYS

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\hamachi.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\btath_bus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\MBfilt64.sys

\SystemRoot\system32\DRIVERS\FLxHCIh.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\System32\Drivers\RtsUVStor.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\TurboB.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\rpcrt4.dll

\Windows\System32\Wldap32.dll

\Windows\System32\imm32.dll

\Windows\System32\advapi32.dll

\Windows\System32\normaliz.dll

\Windows\System32\imagehlp.dll

\Windows\System32\difxapi.dll

\Windows\System32\user32.dll

\Windows\System32\iertutil.dll

\Windows\System32\kernel32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\urlmon.dll

\Windows\System32\shlwapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ole32.dll

\Windows\System32\gdi32.dll

\Windows\System32\psapi.dll

\Windows\System32\lpk.dll

\Windows\System32\usp10.dll

\Windows\System32\shell32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\wininet.dll

\Windows\System32\comdlg32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\sechost.dll

\Windows\System32\nsi.dll

\Windows\System32\setupapi.dll

\Windows\System32\msctf.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007e85790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8007c28050

Lower Device Driver Name: \Driver\iaStor\

IRP handler 0 of \Driver\iaStor is hooked

IRP handler 2 of \Driver\iaStor is hooked

IRP handler 14 of \Driver\iaStor is hooked

IRP handler 15 of \Driver\iaStor is hooked

IRP handler 16 of \Driver\iaStor is hooked

IRP handler 22 of \Driver\iaStor is hooked

IRP handler 23 of \Driver\iaStor is hooked

IRP handler 27 of \Driver\iaStor is hooked

Unhooking enabled.

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007e85790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8007c28050

Lower Device Driver Name: \Driver\iaStor\

Driver name found: iaStor

Initialization returned 0x0

Load Function returned 0x0

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007e85790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007e852c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007e85790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007bfc700, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8007c28050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a00d6b80f0, 0xfffffa8007e85790, 0xfffffa800a8cd790

Lower DeviceData: 0xfffff8a00d09b3e0, 0xfffffa8007c28050, 0xfffffa8007763090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

File user open failed: C:\Windows\system32\drivers\sptd.sys (0x00000020)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: AA9693FE

Partition information:

Partition 0 type is Other (0x1c)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 52430848 Numsec = 390709248

Partition file system is NTFS

Partition is bootable

Partition 2 type is Extended with LBA (0xf)

Partition is NOT ACTIVE.

Partition starts at LBA: 443140096 Numsec = 533630976

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_52430848_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

LOG 2:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.07.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Max :: MAX-PC [administrator]

6/15/2013 7:57:10 PM

mbar-log-2013-06-15 (19-57-10).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P

Scan options disabled: PUP

Objects scanned: 295647

Time elapsed: 32 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

STEP 3:

ComboFix 13-06-15.01 - Max 06/15/2013 21:04:07.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5731 [GMT -7:00]

Running from: c:\users\Max\Downloads\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\alotappbar

c:\program files (x86)\alotappbar\alotUninst.exe

c:\program files (x86)\alotappbar\bin\alotappbar.dll

c:\program files (x86)\alotappbar\bin\alothelper.dll

c:\program files (x86)\alotappbar\bin\ALOTSettings.exe

c:\program files (x86)\alotappbar\bin\alotwidgets.exe

c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll

c:\programdata\C1C2B31237.sys

c:\users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll

c:\windows\msvcr71.dll

c:\windows\SysWow64\FastUserSwitchingCompatibilityex.dll

c:\windows\SysWow64\frapsvid.dll

D:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_msagent

.

.

((((((((((((((((((((((((( Files Created from 2013-05-16 to 2013-06-16 )))))))))))))))))))))))))))))))

.

.

2013-06-16 04:24 . 2013-06-16 04:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-16 04:24 . 2013-06-16 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-16 04:24 . 2013-06-16 04:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-06-16 02:15 . 2013-06-16 02:15 -------- d-----w- C:\TDSSKiller_Quarantine

2013-06-16 00:44 . 2013-06-16 00:44 -------- d-----w- C:\FRST

2013-06-15 22:23 . 2013-06-15 22:23 -------- d-----w- C:\found.001

2013-06-15 20:31 . 2013-06-15 20:31 430080 ----a-w- c:\windows\msagent.exe

2013-06-15 20:29 . 2013-06-15 20:29 154112 ----a-w- C:\conhost.exe

2013-06-15 20:29 . 2013-06-15 20:29 49152 ----a-w- C:\acrobat.exe

2013-06-12 00:16 . 2013-06-12 00:16 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer

2013-06-12 00:16 . 2013-06-12 00:16 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer

2013-06-03 04:37 . 2013-06-15 23:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\3881d658-ec73-4582-9996-3ac5036cd6a9ad

2013-05-23 13:29 . 2013-05-23 13:29 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-16 02:17 . 2011-10-06 19:32 45056 ----a-w- c:\windows\system32\acovcnt.exe

2013-06-12 01:02 . 2013-02-26 15:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 01:02 . 2013-02-26 15:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-09 02:54 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{037f6ebe-1b5b-438b-b4b2-9dc9f17f234d}]

2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{709F3BE5-C718-4B6D-843C-95E8BE0E5E4A}]

2012-12-06 18:04 43456 ----a-w- c:\program files (x86)\TGF Interactive\Genius Box\TGFInteractive.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2012-11-06 13:01 183112 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2012-11-06 183112]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]

"uTorrent"="c:\users\Max\Downloads\utorrent.exe" [2012-01-18 735608]

"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-04-01 84464]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]

.

c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

GameRanger.lnk - c:\users\Max\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [2013-1-19 1824928]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]

S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\tribes\HiPatchService.exe;d:\tribes\HiPatchService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RASACD

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 18:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Translate Selection - c:\program files (x86)\TGF Interactive\Translate Genius\ContextMenu.htm

IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\t2cv8qau.default\

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll

Toolbar-Locked - (no file)

Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll

Wow6432Node-HKU-Default-Run-CrashDumps - c:\users\Administrator\AppData\Local\Temp\CrashDumps\mjrcl.dll

Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

SafeBoot-05262591.sys

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe

AddRemove-Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe

AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe

AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\steam\steamapps\common\oblivion\obmm\uninstall\unins000.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22,

a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9

"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,

bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8

"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,

9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{037F6EBE-1B5B-438B-B4B2-9DC9F17F234D}"=hex:51,66,7a,6c,4c,1d,38,12,d0,6d,6c,

07,69,55,e5,06,cb,a4,de,89,f4,21,67,59

"{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}"=hex:51,66,7a,6c,4c,1d,38,12,c3,8a,99,

0a,e5,db,85,05,f2,8b,4b,7e,f2,58,2e,15

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,

2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f

"{709F3BE5-C718-4B6D-843C-95E8BE0E5E4A}"=hex:51,66,7a,6c,4c,1d,38,12,8b,38,8c,

74,2a,89,03,0e,fb,2a,d6,a8,bb,50,1a,5e

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6,

81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6

"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,

89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,

98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,

bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:f5,33,3b,06,e7,1e,ce,01

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Google\Update\GoogleUpdate.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe

.

**************************************************************************

.

Completion time: 2013-06-15 21:43:29 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-16 04:43

.

Pre-Run: 26,604,163,072 bytes free

Post-Run: 34,143,879,168 bytes free

.

- - End Of File - - 788904BFDEC70C281D23FFC25D214CC3

D41D8CD98F00B204E9800998ECF8427E

STEP 4:

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Trend Micro Titanium Internet Security

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

JavaFX 2.1.0

Java 6 Update 30

Java 7 Update 4

Java version out of Date!

Adobe Flash Player 11.7.700.224

Mozilla Firefox 20.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Trend Micro Titanium TiMiniService.exe

Trend Micro Titanium TiResumeSrv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Have a good night!

Regards,

Max

Link to post
Share on other sites

Hmm. For some reason the TDSSKiller log got quite truncated. Go ahead and delete your existing copy of TDSSKiller.exe.

Next, please download a new copy from here: http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe

Save it as cheese.exe. Then, run it just as before. I'll re-paste the instructions here for your convenience:

  • Double-click on cheese.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hey DFB, here is the new TDSS log.

09:07:58.0158 4996 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

09:07:58.0655 4996 ============================================================

09:07:58.0655 4996 Current date / time: 2013/06/16 09:07:58.0655

09:07:58.0655 4996 SystemInfo:

09:07:58.0655 4996

09:07:58.0780 4996 OS Version: 6.1.7601 ServicePack: 1.0

09:07:58.0780 4996 Product type: Workstation

09:07:58.0780 4996 ComputerName: MAX-PC

09:07:58.0780 4996 UserName: Max

09:07:58.0780 4996 Windows directory: C:\Windows

09:07:58.0780 4996 System windows directory: C:\Windows

09:07:58.0780 4996 Running under WOW64

09:07:58.0780 4996 Processor architecture: Intel x64

09:07:58.0780 4996 Number of processors: 8

09:07:58.0780 4996 Page size: 0x1000

09:07:58.0780 4996 Boot type: Normal boot

09:07:58.0780 4996 ============================================================

09:07:59.0933 4996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:07:59.0937 4996 ============================================================

09:07:59.0937 4996 \Device\Harddisk0\DR0:

09:07:59.0938 4996 MBR partitions:

09:07:59.0938 4996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000

09:07:59.0964 4996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800

09:07:59.0964 4996 ============================================================

09:08:00.0010 4996 C: <-> \Device\Harddisk0\DR0\Partition1

09:08:00.0093 4996 D: <-> \Device\Harddisk0\DR0\Partition2

09:08:00.0093 4996 ============================================================

09:08:00.0094 4996 Initialize success

09:08:00.0094 4996 ============================================================

09:08:14.0140 1120 ============================================================

09:08:14.0140 1120 Scan started

09:08:14.0140 1120 Mode: Manual;

09:08:14.0140 1120 ============================================================

09:08:22.0137 1120 ================ Scan system memory ========================

09:08:22.0137 1120 System memory - ok

09:08:22.0138 1120 ================ Scan services =============================

09:08:23.0363 1120 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

09:08:23.0367 1120 1394ohci - ok

09:08:23.0404 1120 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

09:08:23.0409 1120 ACPI - ok

09:08:23.0434 1120 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

09:08:23.0436 1120 AcpiPmi - ok

09:08:23.0584 1120 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:08:23.0587 1120 AdobeFlashPlayerUpdateSvc - ok

09:08:23.0716 1120 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

09:08:23.0732 1120 adp94xx - ok

09:08:23.0831 1120 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

09:08:23.0838 1120 adpahci - ok

09:08:23.0876 1120 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

09:08:23.0879 1120 adpu320 - ok

09:08:23.0986 1120 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

09:08:23.0988 1120 AeLookupSvc - ok

09:08:24.0105 1120 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe

09:08:24.0109 1120 AFBAgent - ok

09:08:24.0272 1120 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

09:08:24.0277 1120 AFD - ok

09:08:24.0327 1120 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

09:08:24.0335 1120 agp440 - ok

09:08:24.0358 1120 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

09:08:24.0360 1120 ALG - ok

09:08:24.0619 1120 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

09:08:24.0620 1120 aliide - ok

09:08:24.0625 1120 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

09:08:24.0627 1120 amdide - ok

09:08:24.0679 1120 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

09:08:24.0681 1120 AmdK8 - ok

09:08:24.0683 1120 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

09:08:24.0685 1120 AmdPPM - ok

09:08:24.0712 1120 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

09:08:24.0714 1120 amdsata - ok

09:08:24.0731 1120 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

09:08:24.0735 1120 amdsbs - ok

09:08:24.0748 1120 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

09:08:24.0750 1120 amdxata - ok

09:08:24.0913 1120 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

09:08:24.0917 1120 Amsp - ok

09:08:25.0061 1120 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

09:08:25.0065 1120 AppID - ok

09:08:25.0150 1120 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

09:08:25.0152 1120 AppIDSvc - ok

09:08:25.0184 1120 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

09:08:25.0190 1120 Appinfo - ok

09:08:25.0467 1120 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:08:25.0470 1120 Apple Mobile Device - ok

09:08:25.0557 1120 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

09:08:25.0561 1120 arc - ok

09:08:25.0564 1120 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

09:08:25.0566 1120 arcsas - ok

09:08:25.0713 1120 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

09:08:25.0715 1120 ASLDRService - ok

09:08:25.0921 1120 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:08:25.0923 1120 aspnet_state - ok

09:08:25.0959 1120 [ B6EF28ECEE73B624D56DF30AD562AE8D ] AsusUacSvc C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe

09:08:25.0961 1120 AsusUacSvc - ok

09:08:25.0996 1120 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

09:08:25.0998 1120 AsyncMac - ok

09:08:26.0033 1120 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

09:08:26.0034 1120 atapi - ok

09:08:26.0069 1120 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

09:08:26.0069 1120 AthBTPort - ok

09:08:26.0155 1120 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

09:08:26.0157 1120 Atheros Bt&Wlan Coex Agent - ok

09:08:26.0190 1120 [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

09:08:26.0193 1120 AtherosSvc - ok

09:08:26.0318 1120 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys

09:08:26.0368 1120 athr - ok

09:08:26.0465 1120 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

09:08:26.0467 1120 ATKGFNEXSrv - ok

09:08:26.0562 1120 [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO_ C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

09:08:26.0562 1120 ATKWMIACPIIO_ - ok

09:08:26.0825 1120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

09:08:26.0875 1120 AudioEndpointBuilder - ok

09:08:26.0924 1120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

09:08:26.0927 1120 AudioSrv - ok

09:08:26.0980 1120 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

09:08:26.0982 1120 AxInstSV - ok

09:08:27.0070 1120 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

09:08:27.0076 1120 b06bdrv - ok

09:08:27.0136 1120 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

09:08:27.0139 1120 b57nd60a - ok

09:08:27.0446 1120 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe

09:08:27.0449 1120 BBSvc - ok

09:08:27.0530 1120 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

09:08:27.0534 1120 BBUpdate - ok

09:08:27.0574 1120 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

09:08:27.0576 1120 BDESVC - ok

09:08:27.0600 1120 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

09:08:27.0601 1120 Beep - ok

09:08:27.0641 1120 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

09:08:27.0650 1120 BFE - ok

09:08:27.0688 1120 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

09:08:27.0797 1120 BITS - ok

09:08:27.0850 1120 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

09:08:27.0854 1120 blbdrive - ok

09:08:28.0093 1120 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

09:08:28.0098 1120 Bonjour Service - ok

09:08:28.0311 1120 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

09:08:28.0312 1120 bowser - ok

09:08:28.0576 1120 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

09:08:28.0578 1120 BrFiltLo - ok

09:08:28.0585 1120 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

09:08:28.0588 1120 BrFiltUp - ok

09:08:29.0079 1120 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

09:08:29.0086 1120 BridgeMP - ok

09:08:29.0233 1120 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

09:08:29.0237 1120 Browser - ok

09:08:29.0264 1120 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

09:08:29.0268 1120 Brserid - ok

09:08:29.0301 1120 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

09:08:29.0307 1120 BrSerWdm - ok

09:08:29.0321 1120 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

09:08:29.0322 1120 BrUsbMdm - ok

09:08:29.0326 1120 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

09:08:29.0327 1120 BrUsbSer - ok

09:08:29.0419 1120 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

09:08:29.0421 1120 BTATH_A2DP - ok

09:08:29.0645 1120 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

09:08:29.0646 1120 BTATH_BUS - ok

09:08:29.0768 1120 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

09:08:29.0769 1120 BTATH_HCRP - ok

09:08:29.0997 1120 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

09:08:29.0998 1120 BTATH_LWFLT - ok

09:08:30.0026 1120 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

09:08:30.0027 1120 BTATH_RCP - ok

09:08:30.0160 1120 [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

09:08:30.0162 1120 BtFilter - ok

09:08:30.0289 1120 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

09:08:30.0291 1120 BthEnum - ok

09:08:30.0357 1120 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

09:08:30.0360 1120 BTHMODEM - ok

09:08:30.0383 1120 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

09:08:30.0385 1120 BthPan - ok

09:08:30.0502 1120 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

09:08:30.0513 1120 BTHPORT - ok

09:08:30.0581 1120 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

09:08:30.0584 1120 bthserv - ok

09:08:30.0602 1120 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

09:08:30.0605 1120 BTHUSB - ok

09:08:30.0684 1120 catchme - ok

09:08:30.0732 1120 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

09:08:30.0734 1120 cdfs - ok

09:08:30.0837 1120 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

09:08:30.0840 1120 cdrom - ok

09:08:30.0876 1120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

09:08:30.0879 1120 CertPropSvc - ok

09:08:30.0910 1120 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

09:08:30.0913 1120 circlass - ok

09:08:30.0945 1120 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

09:08:30.0950 1120 CLFS - ok

09:08:30.0987 1120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:08:30.0989 1120 clr_optimization_v2.0.50727_32 - ok

09:08:31.0017 1120 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:08:31.0021 1120 clr_optimization_v2.0.50727_64 - ok

09:08:31.0247 1120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:08:31.0250 1120 clr_optimization_v4.0.30319_32 - ok

09:08:31.0314 1120 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:08:31.0316 1120 clr_optimization_v4.0.30319_64 - ok

09:08:31.0372 1120 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

09:08:31.0379 1120 CmBatt - ok

09:08:31.0398 1120 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

09:08:31.0402 1120 cmdide - ok

09:08:31.0521 1120 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

09:08:31.0528 1120 CNG - ok

09:08:31.0685 1120 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

09:08:31.0688 1120 Compbatt - ok

09:08:31.0745 1120 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

09:08:31.0746 1120 CompositeBus - ok

09:08:31.0774 1120 COMSysApp - ok

09:08:31.0960 1120 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

09:08:31.0964 1120 crcdisk - ok

09:08:32.0021 1120 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

09:08:32.0022 1120 Creative ALchemy AL6 Licensing Service - ok

09:08:32.0076 1120 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

09:08:32.0078 1120 Creative Audio Engine Licensing Service - ok

09:08:32.0179 1120 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

09:08:32.0182 1120 CryptSvc - ok

09:08:32.0525 1120 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:08:32.0542 1120 cvhsvc - ok

09:08:32.0700 1120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

09:08:32.0738 1120 DcomLaunch - ok

09:08:32.0823 1120 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

09:08:32.0827 1120 defragsvc - ok

09:08:32.0865 1120 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

09:08:32.0868 1120 DfsC - ok

09:08:32.0972 1120 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

09:08:32.0980 1120 Dhcp - ok

09:08:33.0020 1120 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

09:08:33.0023 1120 discache - ok

09:08:33.0158 1120 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

09:08:33.0160 1120 Disk - ok

09:08:33.0194 1120 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

09:08:33.0197 1120 Dnscache - ok

09:08:33.0321 1120 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

09:08:33.0324 1120 dot3svc - ok

09:08:33.0360 1120 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

09:08:33.0362 1120 DPS - ok

09:08:33.0464 1120 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

09:08:33.0467 1120 drmkaud - ok

09:08:33.0756 1120 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

09:08:33.0761 1120 DXGKrnl - ok

09:08:33.0824 1120 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

09:08:33.0827 1120 EapHost - ok

09:08:34.0070 1120 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

09:08:34.0127 1120 ebdrv - ok

09:08:34.0284 1120 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

09:08:34.0288 1120 EFS - ok

09:08:34.0638 1120 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

09:08:34.0655 1120 ehRecvr - ok

09:08:34.0691 1120 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

09:08:34.0693 1120 ehSched - ok

09:08:34.0874 1120 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

09:08:34.0891 1120 elxstor - ok

09:08:34.0893 1120 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

09:08:34.0894 1120 ErrDev - ok

09:08:34.0949 1120 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

09:08:34.0970 1120 EventSystem - ok

09:08:35.0107 1120 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

09:08:35.0110 1120 exfat - ok

09:08:35.0169 1120 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

09:08:35.0172 1120 fastfat - ok

09:08:35.0460 1120 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

09:08:35.0477 1120 Fax - ok

09:08:35.0594 1120 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

09:08:35.0596 1120 fdc - ok

09:08:35.0628 1120 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

09:08:35.0641 1120 fdPHost - ok

09:08:35.0644 1120 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

09:08:35.0645 1120 FDResPub - ok

09:08:35.0695 1120 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

09:08:35.0697 1120 FileInfo - ok

09:08:35.0711 1120 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

09:08:35.0718 1120 Filetrace - ok

09:08:35.0770 1120 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

09:08:35.0775 1120 flpydisk - ok

09:08:35.0832 1120 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

09:08:35.0836 1120 FltMgr - ok

09:08:35.0899 1120 [ 7DE8A770487FC4B5E3A168AD97E1D370 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys

09:08:35.0901 1120 FLxHCIc - ok

09:08:35.0913 1120 [ 2D54A3319FC955029E4B371CDC088FF4 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys

09:08:35.0915 1120 FLxHCIh - ok

09:08:36.0198 1120 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

09:08:36.0245 1120 FontCache - ok

09:08:36.0301 1120 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:08:36.0301 1120 FontCache3.0.0.0 - ok

09:08:36.0320 1120 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

09:08:36.0322 1120 FsDepends - ok

09:08:36.0446 1120 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

09:08:36.0449 1120 fssfltr - ok

09:08:36.0792 1120 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:08:36.0825 1120 fsssvc - ok

09:08:36.0898 1120 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

09:08:36.0900 1120 Fs_Rec - ok

09:08:36.0959 1120 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

09:08:36.0962 1120 fvevol - ok

09:08:37.0012 1120 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

09:08:37.0018 1120 gagp30kx - ok

09:08:37.0091 1120 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:08:37.0091 1120 GEARAspiWDM - ok

09:08:37.0383 1120 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

09:08:37.0411 1120 gpsvc - ok

09:08:37.0504 1120 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:08:37.0506 1120 gupdate - ok

09:08:37.0528 1120 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:08:37.0529 1120 gupdatem - ok

09:08:37.0563 1120 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:08:37.0566 1120 gusvc - ok

09:08:37.0617 1120 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

09:08:37.0618 1120 hamachi - ok

09:08:37.0864 1120 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

09:08:37.0897 1120 Hamachi2Svc - ok

09:08:37.0935 1120 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

09:08:37.0943 1120 hcw85cir - ok

09:08:37.0950 1120 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

09:08:37.0956 1120 HdAudAddService - ok

09:08:38.0005 1120 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

09:08:38.0007 1120 HDAudBus - ok

09:08:38.0041 1120 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

09:08:38.0047 1120 HidBatt - ok

09:08:38.0050 1120 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

09:08:38.0052 1120 HidBth - ok

09:08:38.0079 1120 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

09:08:38.0081 1120 HidIr - ok

09:08:38.0152 1120 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

09:08:38.0153 1120 hidserv - ok

09:08:38.0208 1120 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

09:08:38.0210 1120 HidUsb - ok

09:08:38.0670 1120 [ D61F8E72032BDC43157F2B8AEA32B529 ] HiPatchService D:\Tribes\HiPatchService.exe

09:08:38.0671 1120 HiPatchService - ok

09:08:38.0838 1120 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

09:08:38.0840 1120 hkmsvc - ok

09:08:38.0866 1120 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

09:08:38.0870 1120 HomeGroupListener - ok

09:08:38.0947 1120 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

09:08:38.0950 1120 HomeGroupProvider - ok

09:08:39.0003 1120 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

09:08:39.0005 1120 HpSAMD - ok

09:08:39.0179 1120 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

09:08:39.0204 1120 HTTP - ok

09:08:39.0243 1120 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

09:08:39.0249 1120 hwpolicy - ok

09:08:39.0348 1120 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

09:08:39.0351 1120 i8042prt - ok

09:08:39.0479 1120 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

09:08:39.0482 1120 iaStor - ok

09:08:39.0590 1120 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

09:08:39.0598 1120 iaStorV - ok

09:08:39.0995 1120 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:08:40.0059 1120 idsvc - ok

09:08:40.0164 1120 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

09:08:40.0166 1120 iirsp - ok

09:08:40.0257 1120 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

09:08:40.0267 1120 IKEEXT - ok

09:08:40.0853 1120 [ 177B4E48C7A288E70779B42AB81D2D06 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

09:08:40.0865 1120 IntcAzAudAddService - ok

09:08:40.0921 1120 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

09:08:40.0923 1120 intelide - ok

09:08:40.0974 1120 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

09:08:40.0975 1120 intelppm - ok

09:08:41.0017 1120 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

09:08:41.0019 1120 IPBusEnum - ok

09:08:41.0047 1120 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:08:41.0051 1120 IpFilterDriver - ok

09:08:41.0176 1120 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

09:08:41.0190 1120 iphlpsvc - ok

09:08:41.0194 1120 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

09:08:41.0195 1120 IPMIDRV - ok

09:08:41.0303 1120 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

09:08:41.0306 1120 IPNAT - ok

09:08:41.0468 1120 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:08:41.0485 1120 iPod Service - ok

09:08:41.0544 1120 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

09:08:41.0551 1120 IRENUM - ok

09:08:41.0709 1120 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

09:08:41.0711 1120 isapnp - ok

09:08:41.0816 1120 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

09:08:41.0823 1120 iScsiPrt - ok

09:08:41.0906 1120 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

09:08:41.0907 1120 kbdclass - ok

09:08:41.0975 1120 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

09:08:41.0979 1120 kbdhid - ok

09:08:42.0044 1120 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys

09:08:42.0044 1120 kbfiltr - ok

09:08:42.0091 1120 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

09:08:42.0092 1120 KeyIso - ok

09:08:42.0172 1120 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

09:08:42.0174 1120 KSecDD - ok

09:08:42.0272 1120 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

09:08:42.0276 1120 KSecPkg - ok

09:08:42.0347 1120 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

09:08:42.0354 1120 ksthunk - ok

09:08:42.0585 1120 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

09:08:42.0589 1120 KtmRm - ok

09:08:42.0642 1120 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

09:08:42.0644 1120 L1C - ok

09:08:42.0844 1120 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

09:08:42.0848 1120 LanmanServer - ok

09:08:42.0952 1120 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

09:08:42.0955 1120 LanmanWorkstation - ok

09:08:43.0034 1120 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

09:08:43.0041 1120 lltdio - ok

09:08:43.0171 1120 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

09:08:43.0245 1120 lltdsvc - ok

09:08:43.0354 1120 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

09:08:43.0355 1120 lmhosts - ok

09:08:43.0662 1120 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:08:43.0667 1120 LMS - ok

09:08:43.0766 1120 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

09:08:43.0768 1120 LSI_FC - ok

09:08:43.0833 1120 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

09:08:43.0836 1120 LSI_SAS - ok

09:08:43.0922 1120 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

09:08:43.0924 1120 LSI_SAS2 - ok

09:08:43.0951 1120 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

09:08:43.0954 1120 LSI_SCSI - ok

09:08:43.0989 1120 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

09:08:43.0990 1120 luafv - ok

09:08:44.0113 1120 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

09:08:44.0114 1120 MBAMProtector - ok

09:08:44.0362 1120 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

09:08:44.0367 1120 MBAMScheduler - ok

09:08:44.0537 1120 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:08:44.0602 1120 MBAMService - ok

09:08:44.0661 1120 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys

09:08:44.0662 1120 MBfilt - ok

09:08:44.0978 1120 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

09:08:44.0981 1120 McComponentHostService - ok

09:08:45.0034 1120 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

09:08:45.0037 1120 Mcx2Svc - ok

09:08:45.0074 1120 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

09:08:45.0080 1120 megasas - ok

09:08:45.0123 1120 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

09:08:45.0129 1120 MegaSR - ok

09:08:45.0172 1120 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

09:08:45.0173 1120 MEIx64 - ok

09:08:45.0238 1120 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

09:08:45.0244 1120 MMCSS - ok

09:08:45.0269 1120 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

09:08:45.0273 1120 Modem - ok

09:08:45.0309 1120 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

09:08:45.0310 1120 monitor - ok

09:08:45.0358 1120 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

09:08:45.0359 1120 mouclass - ok

09:08:45.0480 1120 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

09:08:45.0483 1120 mouhid - ok

09:08:45.0545 1120 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

09:08:45.0548 1120 mountmgr - ok

09:08:45.0754 1120 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:08:45.0756 1120 MozillaMaintenance - ok

09:08:45.0852 1120 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

09:08:45.0855 1120 mpio - ok

09:08:45.0867 1120 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

09:08:45.0869 1120 mpsdrv - ok

09:08:46.0158 1120 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

09:08:46.0192 1120 MpsSvc - ok

09:08:46.0210 1120 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

09:08:46.0221 1120 MRxDAV - ok

09:08:46.0249 1120 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

09:08:46.0251 1120 mrxsmb - ok

09:08:46.0351 1120 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:08:46.0356 1120 mrxsmb10 - ok

09:08:46.0359 1120 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:08:46.0361 1120 mrxsmb20 - ok

09:08:46.0434 1120 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

09:08:46.0441 1120 msahci - ok

09:08:46.0456 1120 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

09:08:46.0458 1120 msdsm - ok

09:08:46.0497 1120 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

09:08:46.0500 1120 MSDTC - ok

09:08:46.0530 1120 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

09:08:46.0532 1120 Msfs - ok

09:08:46.0556 1120 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

09:08:46.0557 1120 mshidkmdf - ok

09:08:46.0567 1120 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

09:08:46.0569 1120 msisadrv - ok

09:08:46.0592 1120 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

09:08:46.0597 1120 MSiSCSI - ok

09:08:46.0599 1120 msiserver - ok

09:08:46.0608 1120 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

09:08:46.0609 1120 MSKSSRV - ok

09:08:46.0622 1120 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

09:08:46.0624 1120 MSPCLOCK - ok

09:08:46.0634 1120 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

09:08:46.0636 1120 MSPQM - ok

09:08:46.0654 1120 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

09:08:46.0659 1120 MsRPC - ok

09:08:46.0674 1120 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

09:08:46.0674 1120 mssmbios - ok

09:08:46.0722 1120 MSSQL$SQLEXPRESS - ok

09:08:46.0801 1120 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

09:08:46.0803 1120 MSSQLServerADHelper100 - ok

09:08:46.0831 1120 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

09:08:46.0838 1120 MSTEE - ok

09:08:46.0994 1120 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

09:08:46.0997 1120 MTConfig - ok

09:08:47.0094 1120 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

09:08:47.0101 1120 Mup - ok

09:08:47.0210 1120 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

09:08:47.0216 1120 napagent - ok

09:08:47.0287 1120 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

09:08:47.0291 1120 NativeWifiP - ok

09:08:47.0774 1120 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

09:08:47.0845 1120 NDIS - ok

09:08:47.0975 1120 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

09:08:47.0977 1120 NdisCap - ok

09:08:48.0033 1120 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

09:08:48.0034 1120 NdisTapi - ok

09:08:48.0110 1120 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

09:08:48.0113 1120 Ndisuio - ok

09:08:48.0174 1120 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

09:08:48.0178 1120 NdisWan - ok

09:08:48.0216 1120 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

09:08:48.0225 1120 NDProxy - ok

09:08:48.0274 1120 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

09:08:48.0279 1120 NetBIOS - ok

09:08:48.0299 1120 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

09:08:48.0301 1120 NetBT - ok

09:08:48.0350 1120 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

09:08:48.0351 1120 Netlogon - ok

09:08:48.0540 1120 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

09:08:48.0564 1120 Netman - ok

09:08:49.0315 1120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:08:49.0317 1120 NetMsmqActivator - ok

09:08:49.0320 1120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:08:49.0321 1120 NetPipeActivator - ok

09:08:49.0346 1120 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

09:08:49.0352 1120 netprofm - ok

09:08:49.0355 1120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:08:49.0356 1120 NetTcpActivator - ok

09:08:49.0359 1120 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:08:49.0360 1120 NetTcpPortSharing - ok

09:08:49.0392 1120 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

09:08:49.0395 1120 nfrd960 - ok

09:08:49.0425 1120 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

09:08:49.0430 1120 NlaSvc - ok

09:08:49.0438 1120 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

09:08:49.0440 1120 Npfs - ok

09:08:49.0458 1120 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

09:08:49.0460 1120 nsi - ok

09:08:49.0471 1120 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

09:08:49.0473 1120 nsiproxy - ok

09:08:49.0756 1120 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

09:08:49.0947 1120 Ntfs - ok

09:08:50.0074 1120 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

09:08:50.0078 1120 Null - ok

09:08:50.0183 1120 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

09:08:50.0184 1120 NVHDA - ok

09:08:52.0752 1120 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

09:08:52.0809 1120 nvlddmkm - ok

09:08:52.0871 1120 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

09:08:52.0873 1120 nvraid - ok

09:08:52.0953 1120 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

09:08:52.0959 1120 nvstor - ok

09:08:53.0546 1120 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe

09:08:53.0579 1120 nvsvc - ok

09:08:53.0912 1120 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

09:08:53.0948 1120 nvUpdatusService - ok

09:08:53.0984 1120 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

09:08:53.0989 1120 nv_agp - ok

09:08:54.0004 1120 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

09:08:54.0006 1120 ohci1394 - ok

09:08:54.0112 1120 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:08:54.0114 1120 ose - ok

09:08:54.0277 1120 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:08:54.0405 1120 osppsvc - ok

09:08:54.0520 1120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

09:08:54.0527 1120 p2pimsvc - ok

09:08:54.0633 1120 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

09:08:54.0640 1120 p2psvc - ok

09:08:54.0658 1120 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

09:08:54.0661 1120 Parport - ok

09:08:54.0712 1120 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

09:08:54.0714 1120 partmgr - ok

09:08:54.0755 1120 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

09:08:54.0761 1120 PcaSvc - ok

09:08:54.0794 1120 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

09:08:54.0798 1120 pci - ok

09:08:54.0883 1120 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

09:08:54.0886 1120 pciide - ok

09:08:54.0939 1120 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

09:08:54.0943 1120 pcmcia - ok

09:08:54.0961 1120 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

09:08:54.0967 1120 pcw - ok

09:08:55.0069 1120 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

09:08:55.0094 1120 PEAUTH - ok

09:08:55.0865 1120 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

09:08:55.0873 1120 PerfHost - ok

09:08:56.0472 1120 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

09:08:56.0521 1120 pla - ok

09:08:56.0615 1120 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

09:08:56.0621 1120 PlugPlay - ok

09:08:56.0687 1120 PnkBstrA - ok

09:08:56.0712 1120 PnkBstrB - ok

09:08:56.0726 1120 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

09:08:56.0730 1120 PNRPAutoReg - ok

09:08:56.0805 1120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

09:08:56.0807 1120 PNRPsvc - ok

09:08:56.0876 1120 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

09:08:56.0881 1120 PolicyAgent - ok

09:08:57.0033 1120 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

09:08:57.0035 1120 Power - ok

09:08:57.0124 1120 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

09:08:57.0128 1120 PptpMiniport - ok

09:08:57.0173 1120 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

09:08:57.0175 1120 Processor - ok

09:08:57.0254 1120 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

09:08:57.0258 1120 ProfSvc - ok

09:08:57.0318 1120 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

09:08:57.0319 1120 ProtectedStorage - ok

09:08:57.0372 1120 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

09:08:57.0374 1120 Psched - ok

09:08:57.0446 1120 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

09:08:57.0449 1120 PxHlpa64 - ok

09:08:57.0649 1120 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

09:08:57.0691 1120 ql2300 - ok

09:08:57.0741 1120 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

09:08:57.0742 1120 ql40xx - ok

09:08:57.0771 1120 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

09:08:57.0776 1120 QWAVE - ok

09:08:57.0814 1120 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

09:08:57.0816 1120 QWAVEdrv - ok

09:08:57.0852 1120 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

09:08:57.0858 1120 RasAcd - ok

09:08:57.0928 1120 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

09:08:57.0933 1120 RasAgileVpn - ok

09:08:57.0962 1120 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

09:08:57.0964 1120 RasAuto - ok

09:08:57.0994 1120 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

09:08:57.0996 1120 Rasl2tp - ok

09:08:58.0025 1120 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

09:08:58.0030 1120 RasMan - ok

09:08:58.0045 1120 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

09:08:58.0048 1120 RasPppoe - ok

09:08:58.0119 1120 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

09:08:58.0122 1120 RasSstp - ok

09:08:58.0275 1120 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

09:08:58.0279 1120 rdbss - ok

09:08:58.0351 1120 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

09:08:58.0353 1120 rdpbus - ok

09:08:58.0842 1120 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

09:08:58.0844 1120 RDPCDD - ok

09:08:58.0977 1120 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

09:08:58.0979 1120 RDPENCDD - ok

09:08:58.0988 1120 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

09:08:58.0994 1120 RDPREFMP - ok

09:08:59.0054 1120 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

09:08:59.0057 1120 RDPWD - ok

09:08:59.0132 1120 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

09:08:59.0140 1120 rdyboost - ok

09:08:59.0187 1120 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

09:08:59.0190 1120 RemoteAccess - ok

09:08:59.0217 1120 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

09:08:59.0220 1120 RemoteRegistry - ok

09:08:59.0336 1120 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

09:08:59.0339 1120 RFCOMM - ok

09:08:59.0355 1120 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

09:08:59.0360 1120 RpcEptMapper - ok

09:08:59.0401 1120 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

09:08:59.0407 1120 RpcLocator - ok

09:08:59.0458 1120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

09:08:59.0461 1120 RpcSs - ok

09:08:59.0556 1120 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys

09:08:59.0560 1120 RsFx0103 - ok

09:08:59.0615 1120 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

09:08:59.0617 1120 rspndr - ok

09:08:59.0795 1120 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys

09:08:59.0796 1120 RSUSBVSTOR - ok

09:08:59.0895 1120 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

09:08:59.0898 1120 RTL8167 - ok

09:08:59.0928 1120 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

09:08:59.0929 1120 SamSs - ok

09:08:59.0944 1120 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

09:08:59.0945 1120 sbp2port - ok

09:08:59.0983 1120 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

09:08:59.0986 1120 SCardSvr - ok

09:09:00.0037 1120 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

09:09:00.0044 1120 scfilter - ok

09:09:00.0135 1120 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

09:09:00.0158 1120 Schedule - ok

09:09:00.0218 1120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

09:09:00.0219 1120 SCPolicySvc - ok

09:09:00.0288 1120 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

09:09:00.0291 1120 SDRSVC - ok

09:09:00.0327 1120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

09:09:00.0328 1120 secdrv - ok

09:09:00.0357 1120 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

09:09:00.0365 1120 seclogon - ok

09:09:00.0404 1120 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

09:09:00.0408 1120 SENS - ok

09:09:00.0548 1120 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

09:09:00.0553 1120 SensrSvc - ok

09:09:00.0597 1120 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

09:09:00.0601 1120 Serenum - ok

09:09:00.0623 1120 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

09:09:00.0624 1120 Serial - ok

09:09:00.0683 1120 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

09:09:00.0689 1120 sermouse - ok

09:09:00.0710 1120 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

09:09:00.0716 1120 SessionEnv - ok

09:09:00.0718 1120 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

09:09:00.0719 1120 sffdisk - ok

09:09:00.0722 1120 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

09:09:00.0724 1120 sffp_mmc - ok

09:09:00.0727 1120 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

09:09:00.0727 1120 sffp_sd - ok

09:09:00.0749 1120 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

09:09:00.0750 1120 sfloppy - ok

09:09:00.0793 1120 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

09:09:00.0796 1120 Sftfs - ok

09:09:00.0827 1120 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

09:09:00.0834 1120 sftlist - ok

09:09:00.0882 1120 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

09:09:00.0884 1120 Sftplay - ok

09:09:00.0892 1120 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

09:09:00.0893 1120 Sftredir - ok

09:09:00.0898 1120 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

09:09:00.0899 1120 Sftvol - ok

09:09:00.0945 1120 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

09:09:00.0948 1120 sftvsa - ok

09:09:00.0989 1120 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

09:09:00.0993 1120 SharedAccess - ok

09:09:01.0049 1120 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

09:09:01.0054 1120 ShellHWDetection - ok

09:09:01.0113 1120 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys

09:09:01.0115 1120 SiSGbeLH - ok

09:09:01.0140 1120 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

09:09:01.0142 1120 SiSRaid2 - ok

09:09:01.0156 1120 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

09:09:01.0158 1120 SiSRaid4 - ok

09:09:01.0259 1120 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

09:09:01.0268 1120 SkypeUpdate - ok

09:09:01.0322 1120 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

09:09:01.0324 1120 Smb - ok

09:09:01.0362 1120 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

09:09:01.0364 1120 SNMPTRAP - ok

09:09:01.0376 1120 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

09:09:01.0379 1120 spldr - ok

09:09:01.0468 1120 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

09:09:01.0501 1120 Spooler - ok

09:09:01.0591 1120 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

09:09:01.0642 1120 sppsvc - ok

09:09:01.0683 1120 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

09:09:01.0688 1120 sppuinotify - ok

09:09:01.0871 1120 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

09:09:01.0871 1120 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

09:09:01.0883 1120 sptd ( LockedFile.Multi.Generic ) - warning

09:09:01.0883 1120 sptd - detected LockedFile.Multi.Generic (1)

09:09:01.0996 1120 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

09:09:02.0005 1120 SQLAgent$SQLEXPRESS - ok

09:09:02.0152 1120 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

09:09:02.0155 1120 SQLBrowser - ok

09:09:02.0246 1120 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

09:09:02.0248 1120 SQLWriter - ok

09:09:02.0333 1120 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

09:09:02.0339 1120 srv - ok

09:09:02.0422 1120 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

09:09:02.0431 1120 srv2 - ok

09:09:02.0478 1120 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

09:09:02.0484 1120 srvnet - ok

09:09:02.0779 1120 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

09:09:02.0785 1120 SSDPSRV - ok

09:09:02.0808 1120 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

09:09:02.0813 1120 SstpSvc - ok

09:09:03.0165 1120 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

09:09:03.0172 1120 StarWindServiceAE - ok

09:09:03.0232 1120 Steam Client Service - ok

09:09:03.0485 1120 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

09:09:03.0489 1120 Stereo Service - ok

09:09:03.0554 1120 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

09:09:03.0558 1120 stexstor - ok

09:09:03.0772 1120 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

09:09:03.0797 1120 stisvc - ok

09:09:03.0866 1120 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

09:09:03.0867 1120 swenum - ok

09:09:03.0947 1120 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

09:09:03.0953 1120 swprv - ok

09:09:04.0011 1120 [ 420BFFA74350020E0AD6F22E73CB63B6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

09:09:04.0017 1120 SynTP - ok

09:09:04.0257 1120 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

09:09:04.0295 1120 SysMain - ok

09:09:04.0327 1120 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

09:09:04.0332 1120 TabletInputService - ok

09:09:04.0360 1120 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

09:09:04.0364 1120 TapiSrv - ok

09:09:04.0421 1120 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

09:09:04.0423 1120 TBS - ok

09:09:05.0301 1120 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

09:09:05.0345 1120 Tcpip - ok

09:09:05.0551 1120 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

09:09:05.0559 1120 TCPIP6 - ok

09:09:05.0793 1120 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

09:09:05.0798 1120 tcpipreg - ok

09:09:05.0880 1120 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

09:09:05.0882 1120 TDPIPE - ok

09:09:05.0963 1120 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

09:09:05.0966 1120 TDTCP - ok

09:09:05.0991 1120 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

09:09:05.0992 1120 tdx - ok

09:09:06.0080 1120 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

09:09:06.0081 1120 TermDD - ok

09:09:06.0164 1120 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

09:09:06.0197 1120 TermService - ok

09:09:06.0213 1120 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

09:09:06.0221 1120 Themes - ok

09:09:06.0246 1120 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

09:09:06.0247 1120 THREADORDER - ok

09:09:06.0338 1120 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

09:09:06.0341 1120 TiMiniService - ok

09:09:06.0411 1120 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys

09:09:06.0412 1120 tmactmon - ok

09:09:06.0537 1120 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys

09:09:06.0538 1120 tmcomm - ok

09:09:06.0552 1120 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys

09:09:06.0553 1120 tmevtmgr - ok

09:09:06.0599 1120 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys

09:09:06.0599 1120 tmtdi - ok

09:09:06.0629 1120 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

09:09:06.0631 1120 TrkWks - ok

09:09:06.0714 1120 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

09:09:06.0722 1120 TrustedInstaller - ok

09:09:06.0790 1120 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

09:09:06.0797 1120 tssecsrv - ok

09:09:06.0855 1120 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

09:09:06.0859 1120 TsUsbFlt - ok

09:09:06.0880 1120 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

09:09:06.0881 1120 TsUsbGD - ok

09:09:06.0919 1120 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

09:09:06.0923 1120 tunnel - ok

09:09:07.0017 1120 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

09:09:07.0017 1120 TurboB - ok

09:09:07.0072 1120 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

09:09:07.0081 1120 TurboBoost - ok

09:09:07.0122 1120 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

09:09:07.0128 1120 uagp35 - ok

09:09:07.0192 1120 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

09:09:07.0196 1120 udfs - ok

09:09:07.0253 1120 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

09:09:07.0259 1120 UI0Detect - ok

09:09:07.0343 1120 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

09:09:07.0348 1120 uliagpkx - ok

09:09:07.0441 1120 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

09:09:07.0448 1120 umbus - ok

09:09:07.0533 1120 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

09:09:07.0539 1120 UmPass - ok

09:09:08.0267 1120 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:09:08.0340 1120 UNS - ok

09:09:08.0442 1120 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

09:09:08.0447 1120 upnphost - ok

09:09:08.0548 1120 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

09:09:08.0550 1120 USBAAPL64 - ok

09:09:08.0756 1120 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

09:09:08.0758 1120 usbccgp - ok

09:09:08.0815 1120 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

09:09:08.0817 1120 usbcir - ok

09:09:08.0835 1120 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

09:09:08.0836 1120 usbehci - ok

09:09:08.0893 1120 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

09:09:08.0897 1120 usbhub - ok

09:09:08.0941 1120 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

09:09:08.0943 1120 usbohci - ok

09:09:08.0961 1120 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

09:09:08.0963 1120 usbprint - ok

09:09:08.0976 1120 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:09:08.0978 1120 USBSTOR - ok

09:09:09.0007 1120 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

09:09:09.0009 1120 usbuhci - ok

09:09:09.0130 1120 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

09:09:09.0144 1120 usbvideo - ok

09:09:09.0179 1120 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

09:09:09.0186 1120 UxSms - ok

09:09:09.0201 1120 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

09:09:09.0201 1120 VaultSvc - ok

09:09:09.0246 1120 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

09:09:09.0251 1120 vdrvroot - ok

09:09:09.0298 1120 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

09:09:09.0309 1120 vds - ok

09:09:09.0372 1120 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

09:09:09.0379 1120 vga - ok

09:09:09.0382 1120 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

09:09:09.0385 1120 VgaSave - ok

09:09:09.0389 1120 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

09:09:09.0392 1120 vhdmp - ok

09:09:09.0412 1120 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

09:09:09.0414 1120 viaide - ok

09:09:09.0554 1120 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

09:09:09.0556 1120 volmgr - ok

09:09:09.0609 1120 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

09:09:09.0613 1120 volmgrx - ok

09:09:09.0711 1120 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

09:09:09.0715 1120 volsnap - ok

09:09:09.0751 1120 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

09:09:09.0754 1120 vsmraid - ok

09:09:09.0941 1120 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

09:09:09.0966 1120 VSS - ok

09:09:09.0975 1120 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

09:09:09.0977 1120 vwifibus - ok

09:09:09.0992 1120 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

09:09:09.0994 1120 vwififlt - ok

09:09:10.0028 1120 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

09:09:10.0034 1120 W32Time - ok

09:09:10.0045 1120 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

09:09:10.0047 1120 WacomPen - ok

09:09:10.0077 1120 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

09:09:10.0079 1120 WANARP - ok

09:09:10.0081 1120 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

09:09:10.0082 1120 Wanarpv6 - ok

09:09:10.0177 1120 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

09:09:10.0191 1120 WatAdminSvc - ok

09:09:10.0265 1120 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

09:09:10.0291 1120 wbengine - ok

09:09:10.0307 1120 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

09:09:10.0312 1120 WbioSrvc - ok

09:09:10.0329 1120 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

09:09:10.0336 1120 wcncsvc - ok

09:09:10.0371 1120 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

09:09:10.0375 1120 WcsPlugInService - ok

09:09:10.0402 1120 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

09:09:10.0410 1120 Wd - ok

09:09:10.0501 1120 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

09:09:10.0517 1120 Wdf01000 - ok

09:09:10.0536 1120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

09:09:10.0539 1120 WdiServiceHost - ok

09:09:10.0542 1120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

09:09:10.0544 1120 WdiSystemHost - ok

09:09:10.0593 1120 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

09:09:10.0599 1120 WebClient - ok

09:09:10.0604 1120 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

09:09:10.0609 1120 Wecsvc - ok

09:09:10.0642 1120 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

09:09:10.0644 1120 wercplsupport - ok

09:09:10.0711 1120 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

09:09:10.0713 1120 WerSvc - ok

09:09:10.0769 1120 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

09:09:10.0774 1120 WfpLwf - ok

09:09:10.0852 1120 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

09:09:10.0854 1120 WimFltr - ok

09:09:10.0870 1120 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

09:09:10.0875 1120 WIMMount - ok

09:09:11.0032 1120 WinDefend - ok

09:09:11.0036 1120 WinHttpAutoProxySvc - ok

09:09:11.0402 1120 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

09:09:11.0406 1120 Winmgmt - ok

09:09:11.0984 1120 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

09:09:12.0045 1120 WinRM - ok

09:09:12.0110 1120 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

09:09:12.0112 1120 WinUsb - ok

09:09:12.0244 1120 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

09:09:12.0274 1120 Wlansvc - ok

09:09:12.0406 1120 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:09:12.0411 1120 wlcrasvc - ok

09:09:12.0801 1120 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:09:12.0839 1120 wlidsvc - ok

09:09:12.0880 1120 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

09:09:12.0881 1120 WmiAcpi - ok

09:09:12.0916 1120 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

09:09:12.0920 1120 wmiApSrv - ok

09:09:12.0934 1120 WMPNetworkSvc - ok

09:09:12.0960 1120 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

09:09:12.0962 1120 WPCSvc - ok

09:09:12.0973 1120 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

09:09:12.0976 1120 WPDBusEnum - ok

09:09:12.0992 1120 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

09:09:12.0993 1120 ws2ifsl - ok

09:09:13.0025 1120 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

09:09:13.0028 1120 wscsvc - ok

09:09:13.0030 1120 WSearch - ok

09:09:13.0638 1120 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

09:09:13.0681 1120 wuauserv - ok

09:09:14.0174 1120 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

09:09:14.0177 1120 WudfPf - ok

09:09:14.0219 1120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

09:09:14.0227 1120 WUDFRd - ok

09:09:14.0273 1120 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

09:09:14.0275 1120 wudfsvc - ok

09:09:14.0327 1120 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

09:09:14.0331 1120 WwanSvc - ok

09:09:14.0374 1120 ================ Scan global ===============================

09:09:14.0415 1120 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

09:09:14.0490 1120 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

09:09:14.0496 1120 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

09:09:14.0516 1120 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

09:09:14.0847 1120 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

09:09:14.0852 1120 [Global] - ok

09:09:14.0852 1120 ================ Scan MBR ==================================

09:09:14.0864 1120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

09:09:17.0365 1120 \Device\Harddisk0\DR0 - ok

09:09:17.0365 1120 ================ Scan VBR ==================================

09:09:17.0381 1120 [ 1AC1A0DF5506C185B97E5E631AF78847 ] \Device\Harddisk0\DR0\Partition1

09:09:17.0384 1120 \Device\Harddisk0\DR0\Partition1 - ok

09:09:17.0400 1120 [ C70A0D9B32150A229D161F661EADFF74 ] \Device\Harddisk0\DR0\Partition2

09:09:17.0405 1120 \Device\Harddisk0\DR0\Partition2 - ok

09:09:17.0406 1120 ============================================================

09:09:17.0406 1120 Scan finished

09:09:17.0406 1120 ============================================================

09:09:17.0412 6556 Detected object count: 1

09:09:17.0412 6556 Actual detected object count: 1

09:09:42.0680 6556 sptd ( LockedFile.Multi.Generic ) - skipped by user

09:09:42.0680 6556 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Please go to http://www.virustotal.com/ , click on Browse, and upload the following file/s for analysis: You will only be able to have one file scanned at a time.

c:\conhost.exe

Then click Submit. Allow the file to be scanned, and then please copy/paste the results here for me to see.

If Jotti is busy, please go to http://virusscan.jotti.org.

--------------------

Please download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Link to post
Share on other sites

Agnitum 20130616 AhnLab-V3 Backdoor/Win32.ZAccess 20130616 AntiVir TR/Crypt.XPACK.Gen 20130616 Antiy-AVL 20130616 Avast Win32:Sirefef-BNJ [Trj] 20130616 AVG BackDoor.Generic17.SPA 20130616 BitDefender Trojan.GenericKDZ.21708 20130616 ByteHero 20130613 CAT-QuickHeal 20130616 ClamAV 20130616 Commtouch 20130616 Comodo 20130616 DrWeb 20130616 Emsisoft Trojan.GenericKDZ.21708 (B) 20130616 eSafe 20130616 ESET-NOD32 Win32/Sirefef.FU 20130616 F-Prot 20130615 F-Secure Trojan.GenericKDZ.21708 20130616 Fortinet W32/ZAccess.HYH!tr 20130616 GData Trojan.GenericKDZ.21708 20130616 Ikarus 20130616 Jiangmin 20130616 K7AntiVirus 20130614 K7GW 20130614 Kaspersky Backdoor.Win32.ZAccess.cmce 20130616 Kingsoft Win32.Troj.Generic.a.(kcloud) 20130506 Malwarebytes Rootkit.0Access 20130616 McAfee 20130616 McAfee-GW-Edition 20130616 Microsoft 20130616 MicroWorld-eScan 20130616 NANO-Antivirus 20130616 Norman 20130616 nProtect Trojan.GenericKDZ.21708 20130616 Panda Suspicious file 20130616 PCTools 20130521 Rising 20130614 Sophos 20130616 SUPERAntiSpyware 20130616 Symantec 20130616 TheHacker 20130616 TotalDefense 20130614 TrendMicro 20130616 TrendMicro-HouseCall 20130616 VBA32 20130615 VIPRE 20130616 ViRobot 20130616

Link to post
Share on other sites

Ah, should have seen that. I believe this is the correct log.

RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7

Started in : Normal mode

User : Max [Admin rights]

Mode : Scan -- Date : 06/16/2013 11:18:10

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤

[Max][sUSP PATH] GameRanger.lnk : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk @C:\Users\Max\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart [-][7][x] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++

--- User ---

[MBR] c031903ef0e94caca6428ba2553ec33d

[bSP] 2ee18edf56eb573bfe8fc4993312b762 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_06162013_111810.txt >>

Link to post
Share on other sites

Looks pretty good so far, but we have more to do .Please run the following scans to see what else needs cleaning:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

----------Step 3----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 4 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 5----------------

Please post the AdwCleaner logfile, the JRT.txt, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.