AsterNik

Members
  • Content count

    8
  • Joined

  • Last visited

About AsterNik

  • Rank
    New Member
  1. Hi, I deleted vuze already. I also changed the usrname/pass on my ADSL router, however, not sure about how to change NAT. It is from Huawei, by the way...and all ADSL subscribers here in Serbia got same usrname/pass for the router access 192.168.1.1! Currently I am running: Malwerbyte trial PRO, Malwerbyte anti exploit beta, avast AV+firewall. Also checked with McAfee rootkit removal - all of them showing everything ok. I was also using Sophos AV suit trial for some time but removed as I didn't like it; it also reported no malware. Panda cloud cleaner scan before all that tools found suspicious/malware MEM.exe (in the ATI folder, but that's part of ATI CCC for the graphic card, so I unisntalled ATI/AMD CCC ;-(, but of course, not graphic drivers. The only problem, my steam cloud synchronization stop to work for the Skyrim game..., must be some of the tools disabled it. I didn't do any of the DLC downloads for steam games as well. I also deleted one game that was cracked. Am now using Iobit uninstaller for powerful uninstall. I checked my paypal, steam and world of tanks gaming accounts, there were no fraudulent activities, no fake posts on facebook, no email spoofing.... I will not access my banking account yet, of course! Disabled extensions and deleted history in all browsers.... Ok here is the DDS report, I disconnect from the internet, disabled avast, stop malwerbytes PRO and exploit beta... during the report tool running. And then started the tools again after the report is done. DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2 Run by NikDim at 18:50:37 on 2013-11-17 #Option Extended Search is enabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2599 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exe C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe" mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll TCP: NameServer = 192.168.1.1 0.0.0.0 TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= SSODL: WebCheck - <orphaned> x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664] R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-17 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-17 205320] R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-11-17 28184] R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-11-17 447888] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-17 1032416] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-11-17 409832] R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2013-11-16 154952] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-11-17 38984] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-17 84328] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-17 50344] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-11-17 116776] R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-16 2151744] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256] R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-11-16 62168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-17 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-17 701512] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672] S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-11-16 2012152] S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328] S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-17 25928] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944] S3 NisSrv;NisSrv;"c:\Program Files\Microsoft Security Client\NisSrv.exe" --> c:\Program Files\Microsoft Security Client\NisSrv.exe [?] S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-11-16 47632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456] S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832] S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736] S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896] S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2013-11-16 25608] . =============== Created Last 60 ================ . 2013-11-17 07:53:36 -------- d-----w- C:\Users\NikDim\AppData\Roaming\WordWeb 2013-11-17 07:36:38 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2013-11-17 07:35:58 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2013-11-17 02:43:55 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2013-11-17 02:12:18 -------- d-----w- C:\Users\NikDim\AppData\Roaming\AVAST Software 2013-11-17 02:11:25 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-11-17 02:11:25 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-11-17 02:11:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-11-17 02:11:25 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-11-17 02:11:25 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-11-17 02:11:22 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2013-11-17 02:11:16 43152 ----a-w- C:\Windows\avastSS.scr 2013-11-17 02:11:05 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys 2013-11-17 02:10:47 -------- d-----w- C:\Program Files\AVAST Software 2013-11-17 02:09:26 -------- d-----w- C:\ProgramData\AVAST Software 2013-11-17 02:05:53 -------- d-----w- C:\CCE_Quarantine 2013-11-16 23:18:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-11-16 23:18:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-16 22:45:17 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll 2013-11-16 22:45:17 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll 2013-11-16 22:45:16 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll 2013-11-16 22:45:16 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll 2013-11-16 22:45:16 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit 2013-11-16 21:35:08 47632 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys 2013-11-16 21:34:58 -------- d-----w- C:\Program Files (x86)\Panda Security 2013-11-16 19:09:53 -------- d-----w- C:\Users\NikDim\AppData\Roaming\IObit 2013-11-16 19:09:52 -------- d-----w- C:\ProgramData\IObit 2013-11-16 19:09:51 -------- d-----w- C:\ProgramData\ProductData 2013-11-16 19:09:49 -------- d-----w- C:\Program Files (x86)\IObit 2013-11-16 02:18:05 -------- d-----w- C:\Users\NikDim\AppData\Local\Sophos 2013-11-16 01:53:50 -------- d-sh--w- C:\$RECYCLE.BIN 2013-11-16 01:22:08 -------- d-----w- C:\Program Files (x86)\Common Files\Sophos 2013-11-16 01:21:49 37880 ----a-w- C:\Windows\System32\sophosboottasks.exe 2013-11-16 01:21:37 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems 2013-11-16 01:18:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys 2013-11-16 01:18:14 154952 ----a-w- C:\Windows\System32\drivers\savonaccess.sys 2013-11-16 01:18:08 -------- d-----w- C:\escw_103_sa 2013-11-16 00:10:47 -------- d-----w- C:\ProgramData\Sophos 2013-11-16 00:09:54 -------- d-----w- C:\Program Files (x86)\Sophos 2013-11-15 23:30:37 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9586FD7B-0C5C-4C1A-B01F-D255FCF75277}\mpengine.dll 2013-11-15 22:39:50 -------- d-----w- C:\Users\NikDim\Doctor Web 2013-11-15 06:02:21 -------- d-----w- C:\Windows\ERUNT 2013-11-15 02:34:50 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp 2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll 2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll 2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client 2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll 2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll 2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll 2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll 2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll 2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll 2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine 2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll 2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder 2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder 2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr 2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps 2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle 2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software 2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software 2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next 2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor 2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root 2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework 2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll 2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD 2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI 2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin 2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD 2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache 2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI 2013-10-13 00:07:45 -------- d-----w- C:\AMD 2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe 2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe 2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe 2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe 2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe 2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys . ==================== Find6M ==================== . 2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll 2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll 2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll 2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll 2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll 2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll 2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll 2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe 2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe 2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll 2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe 2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll 2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll 2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll 2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll 2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll 2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll 2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll 2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll 2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll 2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll 2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll 2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll 2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll 2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll 2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll 2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe 2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe 2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe 2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe 2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe 2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll 2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll 2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll 2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll 2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll 2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe 2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll 2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll 2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll 2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll 2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll 2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe 2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll . ============= FINISH: 18:51:14.09 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/17/2011 17:23:03 System Uptime: 11/17/2013 08:54:44 (10 hours ago) . Motherboard: FOXCONN | | 2AA9 Processor: AMD Athlon II X3 445 Processor | CPU 1 | 3100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 760 GiB total, 353.481 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.589 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP395: 11/16/2013 02:24:50 - Installed Sophos AutoUpdate RP397: 11/16/2013 18:57:48 - Removed Sophos Client Firewall RP399: 11/16/2013 19:08:00 - Removed Sophos AutoUpdate RP401: 11/16/2013 19:09:47 - Removed Sophos Anti-Virus RP403: 11/16/2013 19:10:42 - Removed Sophos Virus Removal Tool. RP405: 11/16/2013 19:15:38 - Removed Sophos Anti-Virus RP407: 11/16/2013 19:30:57 - Removed Sophos Anti-Virus RP409: 11/16/2013 19:52:32 - Removed Sophos Anti-Virus RP411: 11/16/2013 20:05:14 - Removed Sophos Anti-Virus RP413: 11/16/2013 20:07:01 - Removed Sophos Anti-Virus RP415: 11/16/2013 20:12:28 - Removed Sophos Anti-Virus RP417: 11/16/2013 23:30:39 - Removed Microsoft .NET Framework 1.1 RP419: 11/16/2013 23:36:47 - Windows Update RP420: 11/17/2013 03:10:34 - avast! antivirus system restore point . ==== Installed Programs ====================== . ???? ??? Windows Live ???? Windows Live Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.05) Adobe Shockwave Player 12.0 AMD Accelerated Video Transcoding AMD Catalyst Install Manager AMD Media Foundation Decoders avast! Internet Security Catalyst Control Center InstallProxy Cisco WebEx Meetings Citrix Online Launcher Counter-Strike: Source CPUID CPU-Z 1.58 CPUID HWMonitor 1.23 D3DX10 Football Manager 2014 Demo Genius PDF Google Chrome Google Earth Google Update Helper GoToMeeting 5.5.0.1132 Heroes of Might and Magic IV: Winds of War Hewlett-Packard ACLM.NET v1.1.1.0 HP Auto HP Client Services HP Customer Experience Enhancements HP Laser Gaming Mouse with VoodooDNA HP Odometer HP Product Detection HP Support Information IObit Uninstaller IrfanView (remove only) Java 7 Update 45 Java Auto Updater Junk Mail filter update LabelPrint Lightworks Malwarebytes Anti-Exploit version 0.09.4.2000 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4.5 Microsoft Application Error Reporting Microsoft Security Client Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 Might & Magic Heroes VI Mozilla Maintenance Service Mozilla Thunderbird 24.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) NVIDIA 3D Vision Controller Driver OpenAL OpenOffice.org 3.3 Opera Next 18.0.1284.26 Panda Cloud Cleaner PlayReady PC Runtime amd64 Power2Go PowerDirector Realtek High Definition Audio Driver Recovery Manager Security Update for Microsoft .NET Framework 4.5 (KB2737083) Security Update for Microsoft .NET Framework 4.5 (KB2742613) Security Update for Microsoft .NET Framework 4.5 (KB2789648) Security Update for Microsoft .NET Framework 4.5 (KB2833957) Security Update for Microsoft .NET Framework 4.5 (KB2840642v2) Security Update for Microsoft .NET Framework 4.5 (KB2861208) Skype™ 6.7 Steam swMSM The Elder Scrolls V: Skyrim Total Commander (Remove or Repair) Update for Microsoft .NET Framework 4.5 (KB2750147) Update for Microsoft .NET Framework 4.5 (KB2805221) Update for Microsoft .NET Framework 4.5 (KB2805226) VLC media player 2.1.0 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.00 (64-bit) WordWeb . ==== Event Viewer Messages From Past Week ======== . 11/17/2013 08:55:02, Error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%-2147024894 11/17/2013 08:50:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 11/17/2013 08:48:29, Error: mbamchameleon [61440] - 11/17/2013 03:50:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 11/17/2013 03:50:45, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/17/2013 03:11:23, Error: Service Control Manager [7030] - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/17/2013 03:07:11, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 11/16/2013 22:35:08, Error: Application Popup [1060] - \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 11/16/2013 04:21:36, Error: Service Control Manager [7030] - The Sophos Client Firewall service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/16/2013 04:21:36, Error: Service Control Manager [7030] - The Sophos Client Firewall Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/16/2013 03:06:14, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Sophos Anti-Virus service, but this action failed with the following error: An instance of the service is already running. 11/16/2013 03:06:13, Error: Service Control Manager [7031] - The Sophos Anti-Virus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service. 11/15/2013 21:45:37, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{744D42D3-299D-466D-A4E3-615465D08EAF}' was corrupted and it has been recovered. Some data might have been lost. 11/15/2013 21:43:57, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C6216B34-F045-4D27-ADE5-0E0A91FE39FD}' was corrupted and it has been recovered. Some data might have been lost. 11/15/2013 21:42:18, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{2A4FA1F8-B9E3-443C-8347-02CC5A268A69}' was corrupted and it has been recovered. Some data might have been lost. 11/15/2013 21:40:34, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D0F5E94D-9BB1-483D-9CAC-769C16E33812}' was corrupted and it has been recovered. Some data might have been lost. 11/15/2013 21:34:15, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{e19dc3a3-21de-11e0-a346-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F8563A94-9B77-4469-BD76-852F78B99B98}' was corrupted and it has been recovered. Some data might have been lost. . ==== End Of File ===========================
  2. Hi, Yes I agree. Can we proceed to the disinfection phase please. Nik
  3. Hi Borislav, zdravo i sve najbolje zelim! I have tried to post reply with antimalware various tools executed on my PC after mbar trojan 0accesss detection and deletion, But somehow I can't see it in the forum, Can you please analyse this files for me, attached after all the steps taken from forum advices? They are zipped (securely!) and attached as my previous post with text copy of all of them somehow didn't show up in forum post. For any pay professional services, please contact me on nidza72@gmail.com in case I would need it it from your company. I am an telecom engineer, so full 'geek' analysis of attached files are very welcomed! BR, Nik P.S. - please do not advise about FDISK/reinstalll! I really want to kill the pests, not just deleting everything! ComboFix.zip DDS.zip mbar.zip RKreport0_S_11142013_212815.zip TDSS.zip
  4. Many thanks, stay in touch, let's see this pest go away...
  5. Thanks, and by the way, very cute dog. I posted my issue and files in recommended forum section - just for professional curiosity I would like to have some reply. I will check your suggested links as well. However, I'm slightly getting impression that ZA is a new kind of breed of stuxnet.... and I'm afraid, there's nothing we can do about it,,,,, .
  6. Dear experts, Recently, the mbar anti rootkit scan detected 0access trojan: Folders Detected: 1C:\Windows\system64 (Trojan.0Access) -> Delete on reboot. Going through the forum here and applying various advices, tools antiviruses etc, it seems to be infection clean now... However, I will attach files from TDSSkiller, combofix, DDS etc for your kind analysis of my computer current security status. I will appreciate an expert's advice if it's now safe to use for on-line banking, etc, as zeroaccess might be quite nasty. Thank you in advance for your help - I am an telecom engineer, so I would appreciate geeky analysis of attached files ;-) Nik P.S. From DDS I will juxt copy below, and reports from other tools are attached zipped. DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by NikDim at 21:20:42 on 2013-11-14#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2573 [GMT 1:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\alg.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exeC:\Program Files (x86)\WordWeb\wweb32.exeC:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllmRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startupmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 192.168.1.1 0.0.0.0TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264].=============== Created Last 60 ================.2013-11-14 19:47:07 -------- d-sh--w- C:\$RECYCLE.BIN2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp2013-11-14 15:55:09 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFFEB2B9-112A-4B7B-918B-114E1AA8C182}\mpengine.dll2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll2013-11-14 03:12:38 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll2013-11-13 02:01:50 98816 ----a-w- C:\Windows\sed.exe2013-11-13 02:01:50 256000 ----a-w- C:\Windows\PEV.exe2013-11-13 02:01:50 208896 ----a-w- C:\Windows\MBR.exe2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine2013-11-12 23:00:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2013-11-12 22:37:16 -------- d-----w- C:\AdwCleaner2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies2013-10-13 00:17:59 -------- d-----w- C:\Program Files (x86)\ATI Technologies2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI2013-10-13 00:08:56 -------- d-----w- C:\Program Files\ATI Technologies2013-10-13 00:07:45 -------- d-----w- C:\AMD2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-09-15 23:28:01 -------- d-----w- C:\Users\NikDim\AppData\Local\tmd2.==================== Find6M ====================.2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll.============= FINISH: 21:21:01.01 =============== Attach.txt: DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/17/2011 17:23:03System Uptime: 11/14/2013 20:53:39 (1 hours ago).Motherboard: FOXCONN | | 2AA9 Processor: AMD Athlon™ II X3 445 Processor | CPU 1 | 3100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 760 GiB total, 321.513 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.589 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP365: 11/13/2013 00:17:20 - Malwarebytes Anti-Rootkit Restore PointRP367: 11/13/2013 02:20:32 - Installed Microsoft Fix it 50267RP369: 11/13/2013 06:25:38 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053RP371: 11/13/2013 06:26:06 - Removed Microsoft Visual C++ 2005 RedistributableRP372: 11/13/2013 06:29:33 - Removed Ubisoft Game LauncherRP374: 11/13/2013 09:48:27 - Removed Microsoft Visual C++ 2005 Redistributable (x64)RP376: 11/13/2013 09:48:54 - Removed Microsoft Visual C++ 2005 RedistributableRP378: 11/13/2013 09:49:28 - Removed Microsoft Visual C++ 2005 RedistributableRP380: 11/13/2013 10:42:47 - Windows UpdateRP382: 11/14/2013 04:01:58 - Windows UpdateRP384: 11/14/2013 05:20:06 - Windows UpdateRP385: 11/14/2013 16:57:47 - SiSoftware Sandra Lite.==== Installed Programs ======================.???? ??? Windows Live???? Windows LiveAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Adobe Shockwave Player 12.0AMD Accelerated Video TranscodingAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco WebEx MeetingsCitrix Online LauncherCounter-Strike: SourceCPUID CPU-Z 1.58CPUID HWMonitor 1.23CutePDF Writer 2.8D3DX10Football Manager 2014 DemoFXLider MetaTraderGenius PDFGoogle ChromeGoogle EarthGoogle Update HelperGoToMeeting 5.5.0.1132Heroes of Might and Magic IV: Winds of WarHewlett-Packard ACLM.NET v1.1.1.0HP AutoHP Client ServicesHP Customer Experience EnhancementsHP Laser Gaming Mouse with VoodooDNAHP OdometerHP Product DetectionHP Support InformationINFOGRAD(Jule. 2013 ver. 1.0.1)IrfanView (remove only)Java 7 Update 45Java Auto UpdaterJunk Mail filter updateLabelPrintLightworksMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Might & Magic Heroes VIMonkey Island™ Special Edition CollectionMozilla Thunderbird 17.0.5 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA 3D Vision Controller DriverOpenALOpenOffice.org 3.3Opera Next 18.0.1284.26PlayReady PC Runtime amd64Power2GoPowerDirectorRealtek High Definition Audio DriverRecovery ManagerSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Skype™ 6.7SteamswMSMTeam Fortress 2The Elder Scrolls V: SkyrimTomb Raider Survival Edition RepackTotal Commander (Remove or Repair)Update for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)VLC media player 2.1.0VuzeWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.01 (64-bit)WordWeb.==== Event Viewer Messages From Past Week ========.11/14/2013 20:45:22, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.11/14/2013 20:44:57, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.11/14/2013 19:57:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.11/14/2013 17:55:06, Error: mbamchameleon [61440] - 11/14/2013 16:52:59, Error: NetBT [4321] - The name "HPNIKTOP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 169.254.162.198 did not allow the name to be claimed by this computer.11/14/2013 05:16:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2876331).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862330).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862152).11/13/2013 00:18:11, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.11/12/2013 23:56:54, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.11/11/2013 00:00:45, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== ComboFix.zip mbar.zip RKreport0_S_11142013_212815.zip TDSS.zip
  7. Many thanks, I will repost files in malware removal section! As telecom engineer, I hope to get some more analysis of the submitted files. So far, I have notice no damage (bank account, paypal, or in online games pay accounts ;-) ). PC is running like breeze, no slowdown... Also, my HP computer came with no windows 7 install disc, so I guess that will bring me some additional cost for buying win7 (win8 I hate :-) ). And the main question is, which data should I keep? So many various documents, pdfs, pics, movie files, etc... what if they are also infected? I can move them to external disc, but again, after FDISK+reinstall, viewing the potentially infected files from the external disc can start the whole story again :-( Nik
  8. Dear experts, Recently, the mbar anti rootkit scan detected 0access trojan: Folders Detected: 1C:\Windows\system64 (Trojan.0Access) -> Delete on reboot. Going through the forum here and applying various advices, tools antiviruses etc, it seems to be infection clean now... However, I will attach files from TDSSkiller, combofix, DDS etc for your kind analysis of my computer current security status. I will appreciate an expert's advice if it's now safe to use for on-line banking, etc, as zeroaccess might be quite nasty. Thank you in advance for your help! Nik P.S. From DDS I will juxt copy below, and reports from other tools are attached zipped. DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by NikDim at 21:20:42 on 2013-11-14#Option Extended Search is enabled.Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2573 [GMT 1:00].AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\alg.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exeC:\Program Files (x86)\WordWeb\wweb32.exeC:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\Tray.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\NikDim\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllmRun: [HP VoodooDNA Mouse] "C:\Program Files (x86)\HP Laser Gaming Mouse with VoodooDNA\hid.exe"mRun: [WordWeb] "C:\Program Files (x86)\WordWeb\wweb32.exe" -startupmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: NameServer = 192.168.1.1 0.0.0.0TCP: Interfaces\{AA163233-FB76-46E7-A286-29B31805DBCF} : DHCPNameServer = 192.168.1.1 0.0.0.0Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll.INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option..x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-12 14456]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-8-30 344064]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]R3 GamingMsFltr;HP HDX Mouse;C:\Windows\System32\drivers\gamingms.sys [2009-12-7 11520]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-17 349800]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-1-17 38456]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 Abyssus;Razer Abyssus;C:\Windows\System32\drivers\Abyssus.sys [2011-6-18 10880]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-12 39504]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-14 111616]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192cu.sys [2011-6-18 627744]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]S3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-17 1255736]S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264].=============== Created Last 60 ================.2013-11-14 19:47:07 -------- d-sh--w- C:\$RECYCLE.BIN2013-11-14 19:47:04 -------- d-----w- C:\Users\NikDim\AppData\Local\temp2013-11-14 15:55:09 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFFEB2B9-112A-4B7B-918B-114E1AA8C182}\mpengine.dll2013-11-14 03:12:42 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB5B0126-4438-4F2F-AE90-5ECE0FB53868}\gapaengine.dll2013-11-14 03:12:38 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-14 03:07:04 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe2013-11-14 03:07:04 194048 ----a-w- C:\Windows\SysWow64\elshyph.dll2013-11-14 03:05:29 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll2013-11-14 03:04:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-11-14 03:04:37 -------- d-----w- C:\Program Files\Microsoft Security Client2013-11-14 03:01:18 197120 ----a-w- C:\Windows\System32\credui.dll2013-11-14 03:01:18 1930752 ----a-w- C:\Windows\System32\authui.dll2013-11-14 03:01:18 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-11-14 03:01:18 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-11-14 03:01:18 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-11-14 03:01:18 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-11-13 09:42:13 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-11-13 09:41:57 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll2013-11-13 09:41:57 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll2013-11-13 02:01:50 98816 ----a-w- C:\Windows\sed.exe2013-11-13 02:01:50 256000 ----a-w- C:\Windows\PEV.exe2013-11-13 02:01:50 208896 ----a-w- C:\Windows\MBR.exe2013-11-13 01:51:52 -------- d-----w- C:\TDSSKiller_Quarantine2013-11-12 23:00:12 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2013-11-12 22:37:16 -------- d-----w- C:\AdwCleaner2013-11-07 05:04:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll2013-11-03 02:04:08 -------- d-----w- C:\Users\NikDim\AppData\Local\WarThunder2013-11-03 02:04:08 -------- d-----w- C:\ProgramData\WarThunder2013-10-29 23:57:30 -------- d-----w- C:\Users\NikDim\openvr2013-10-21 03:02:10 -------- d-----w- C:\Users\NikDim\AppData\Local\Apps2013-10-18 17:58:46 -------- d-----w- C:\ProgramData\Oracle2013-10-18 17:58:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-17 19:52:21 -------- d-----w- C:\Users\NikDim\AppData\Local\Opera Software2013-10-17 19:52:20 -------- d-----w- C:\Users\NikDim\AppData\Roaming\Opera Software2013-10-17 19:52:17 -------- d-----w- C:\Program Files (x86)\Opera Next2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root\OpenHardwareMonitor2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework\root2013-10-16 01:21:49 -------- d-----w- C:\Windows\System32\wbem\Framework2013-10-13 00:58:39 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6E90B08-DC8F-45FB-BEA3-D5AB3138D0D4}\mpengine.dll2013-10-13 00:36:48 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-10-13 00:34:51 461312 ----a-w- C:\Windows\System32\scavengeui.dll2013-10-13 00:23:23 -------- d-----w- C:\Users\NikDim\AppData\Local\AMD2013-10-13 00:22:50 -------- d-----w- C:\Users\NikDim\AppData\Local\ATI2013-10-13 00:22:05 0 ----a-w- C:\Windows\ativpsrm.bin2013-10-13 00:19:57 -------- d-----w- C:\Program Files (x86)\AMD AVT2013-10-13 00:19:54 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies2013-10-13 00:19:07 -------- d-----w- C:\ProgramData\AMD2013-10-13 00:18:29 -------- d-----w- C:\Program Files\Common Files\ATI Technologies2013-10-13 00:17:59 -------- d-----w- C:\Program Files (x86)\ATI Technologies2013-10-13 00:13:49 -------- d-----w- C:\ProgramData\Package Cache2013-10-13 00:13:33 -------- d-----w- C:\Program Files\ATI2013-10-13 00:08:56 -------- d-----w- C:\Program Files\ATI Technologies2013-10-13 00:07:45 -------- d-----w- C:\AMD2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\winlogon.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\smss.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\services.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\lsass.exe2013-10-08 19:59:05 0 ----a-w- C:\Windows\SysWow64\csrss.exe2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys2013-09-15 23:28:01 -------- d-----w- C:\Users\NikDim\AppData\Local\tmd2.==================== Find6M ====================.2013-10-22 19:52:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-06 00:16:46 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr2013-09-06 00:04:28 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex02013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-09-01 20:04:23 12872 ----a-w- C:\Windows\System32\bootdelete.exe2013-08-31 00:14:10 156712 ----a-w- C:\Windows\System32\amdhcp64.dll2013-08-31 00:14:10 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\atimpc64.dll2013-08-31 00:14:08 78432 ----a-w- C:\Windows\System32\amdpcom64.dll2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll2013-08-31 00:14:06 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2013-08-31 00:14:00 142792 ----a-w- C:\Windows\System32\atiuxp64.dll2013-08-31 00:14:00 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2013-08-31 00:13:58 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2013-08-31 00:13:58 114488 ----a-w- C:\Windows\System32\atiu9p64.dll2013-08-31 00:13:56 1233080 ----a-w- C:\Windows\System32\aticfx64.dll2013-08-31 00:13:54 1027544 ----a-w- C:\Windows\SysWow64\aticfx32.dll2013-08-31 00:13:50 9464840 ----a-w- C:\Windows\System32\atidxx64.dll2013-08-31 00:13:46 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll2013-08-31 00:13:42 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll2013-08-31 00:13:38 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll2013-08-31 00:13:32 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll2013-08-31 00:13:30 7256496 ----a-w- C:\Windows\System32\atiumd64.dll2013-08-31 00:11:28 12528640 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2013-08-30 23:48:44 127488 ----a-w- C:\Windows\System32\coinst_13.152.dll2013-08-30 23:48:04 229376 ----a-w- C:\Windows\System32\clinfo.exe2013-08-30 23:47:50 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe2013-08-30 23:47:50 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe2013-08-30 23:47:50 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe2013-08-30 23:47:50 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe2013-08-30 23:47:46 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll2013-08-30 23:47:40 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2013-08-30 23:47:36 86528 ----a-w- C:\Windows\System32\OVDecode64.dll2013-08-30 23:47:30 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll2013-08-30 23:47:14 28192256 ----a-w- C:\Windows\System32\amdocl64.dll2013-08-30 23:45:04 23760896 ----a-w- C:\Windows\SysWow64\amdocl.dll2013-08-30 23:43:12 63488 ----a-w- C:\Windows\System32\OpenCL.dll2013-08-30 23:43:08 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll2013-08-30 23:35:00 25387520 ----a-w- C:\Windows\System32\atio6axx.dll2013-08-30 23:18:20 368640 ----a-w- C:\Windows\System32\atiapfxx.exe2013-08-30 23:18:12 62464 ----a-w- C:\Windows\System32\aticalrt64.dll2013-08-30 23:18:10 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll2013-08-30 23:18:02 55808 ----a-w- C:\Windows\System32\aticalcl64.dll2013-08-30 23:18:00 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll2013-08-30 23:17:46 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll2013-08-30 23:14:36 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll2013-08-30 23:13:58 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll2013-08-30 22:59:02 442368 ----a-w- C:\Windows\System32\atidemgy.dll2013-08-30 22:58:50 26112 ----a-w- C:\Windows\System32\atimuixx.dll2013-08-30 22:58:44 571904 ----a-w- C:\Windows\System32\atieclxx.exe2013-08-30 22:57:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe2013-08-30 22:56:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll.============= FINISH: 21:21:01.01 =============== Attach.txt: DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/17/2011 17:23:03System Uptime: 11/14/2013 20:53:39 (1 hours ago).Motherboard: FOXCONN | | 2AA9 Processor: AMD Athlon II X3 445 Processor | CPU 1 | 3100/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 760 GiB total, 321.513 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.589 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP365: 11/13/2013 00:17:20 - Malwarebytes Anti-Rootkit Restore PointRP367: 11/13/2013 02:20:32 - Installed Microsoft Fix it 50267RP369: 11/13/2013 06:25:38 - Removed Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053RP371: 11/13/2013 06:26:06 - Removed Microsoft Visual C++ 2005 RedistributableRP372: 11/13/2013 06:29:33 - Removed Ubisoft Game LauncherRP374: 11/13/2013 09:48:27 - Removed Microsoft Visual C++ 2005 Redistributable (x64)RP376: 11/13/2013 09:48:54 - Removed Microsoft Visual C++ 2005 RedistributableRP378: 11/13/2013 09:49:28 - Removed Microsoft Visual C++ 2005 RedistributableRP380: 11/13/2013 10:42:47 - Windows UpdateRP382: 11/14/2013 04:01:58 - Windows UpdateRP384: 11/14/2013 05:20:06 - Windows UpdateRP385: 11/14/2013 16:57:47 - SiSoftware Sandra Lite.==== Installed Programs ======================.???? ??? Windows Live???? Windows LiveAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Adobe Shockwave Player 12.0AMD Accelerated Video TranscodingAMD Catalyst Control CenterAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCisco WebEx MeetingsCitrix Online LauncherCounter-Strike: SourceCPUID CPU-Z 1.58CPUID HWMonitor 1.23CutePDF Writer 2.8D3DX10Football Manager 2014 DemoFXLider MetaTraderGenius PDFGoogle ChromeGoogle EarthGoogle Update HelperGoToMeeting 5.5.0.1132Heroes of Might and Magic IV: Winds of WarHewlett-Packard ACLM.NET v1.1.1.0HP AutoHP Client ServicesHP Customer Experience EnhancementsHP Laser Gaming Mouse with VoodooDNAHP OdometerHP Product DetectionHP Support InformationINFOGRAD(Jule. 2013 ver. 1.0.1)IrfanView (remove only)Java 7 Update 45Java Auto UpdaterJunk Mail filter updateLabelPrintLightworksMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 4.5Microsoft Application Error ReportingMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Might & Magic Heroes VIMonkey Island™ Special Edition CollectionMozilla Thunderbird 17.0.5 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA 3D Vision Controller DriverOpenALOpenOffice.org 3.3Opera Next 18.0.1284.26PlayReady PC Runtime amd64Power2GoPowerDirectorRealtek High Definition Audio DriverRecovery ManagerSecurity Update for Microsoft .NET Framework 4.5 (KB2737083)Security Update for Microsoft .NET Framework 4.5 (KB2742613)Security Update for Microsoft .NET Framework 4.5 (KB2789648)Security Update for Microsoft .NET Framework 4.5 (KB2833957)Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)Security Update for Microsoft .NET Framework 4.5 (KB2861208)Skype™ 6.7SteamswMSMTeam Fortress 2The Elder Scrolls V: SkyrimTomb Raider Survival Edition RepackTotal Commander (Remove or Repair)Update for Microsoft .NET Framework 4.5 (KB2750147)Update for Microsoft .NET Framework 4.5 (KB2805221)Update for Microsoft .NET Framework 4.5 (KB2805226)VLC media player 2.1.0VuzeWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.01 (64-bit)WordWeb.==== Event Viewer Messages From Past Week ========.11/14/2013 20:45:22, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.11/14/2013 20:44:57, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.11/14/2013 19:57:51, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.11/14/2013 17:55:06, Error: mbamchameleon [61440] - 11/14/2013 16:52:59, Error: NetBT [4321] - The name "HPNIKTOP :0" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 169.254.162.198 did not allow the name to be claimed by this computer.11/14/2013 05:16:10, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2876331).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862330).11/13/2013 11:17:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2862152).11/13/2013 00:18:11, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.11/12/2013 23:56:54, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.11/11/2013 00:00:45, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== ComboFix.zip mbar.zip RKreport0_S_11142013_212815.zip TDSS.zip