Jump to content

Backdoor.Messa and stolen.data. Can't remove.

andy78

By andy78
in Resolved Malware Removal Logs

 Share

Recommended Posts

andy78

andy78

Posted
Posted

Hi

MBAM is picking up a stolen.data file and a backdoor.messa .exe. In the relevent folder the backdoor.messa is titled s.exe and has an adobe icon for some reason. There is also another one called e.exe in the same folder, but that has not come up in the MBAM scan. I've tried cleaning with MBAM but the files reappear after a reboot.

I've read the pinned topic about what to attach and paste; hopefully I've done everything right. The attach.txt and dds.txt are attached. The MBAM log is listed below. I'd really appreciate any help you can offer.

Best wishes,

Andy : )

EDIT: A server error stopped me from uploading the attacments, so I've copy and pasted them in after the MBAM log. I hope that's ok.

-------------------------------------------------

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Andy :: ANDY-PC [administrator]

16/08/2012 20:57:22

mbam-log-2012-08-17 (00-47-58).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 353063

Time elapsed: 1 hour(s), 6 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Andy\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.

C:\Users\Andy\AppData\Roaming\s.exe (Backdoor.Messa) -> No action taken.

(end)

----------------------------------------------

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 16/11/2010 01:30:47

System Uptime: 16/08/2012 20:47:29 (5 hours ago)

.

Motherboard: Dell Inc. | | 0P132H

Processor: Intel® Core™2 Duo CPU T9600 @ 2.80GHz | U2E1 | 2801/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 46 GiB total, 8.128 GiB free.

D: is FIXED (NTFS) - 158 GiB total, 41.677 GiB free.

E: is FIXED (NTFS) - 932 GiB total, 88.831 GiB free.

F: is FIXED (NTFS) - 4 GiB total, 0.917 GiB free.

G: is Removable

H: is CDROM ()

I: is FIXED (NTFS) - 24 GiB total, 6.019 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_029F1028&REV_12\4&31FC8C23&0&0BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_029F1028&REV_12\4&31FC8C23&0&0BF0

Service:

.

==== System Restore Points ===================

.

RP433: 15/08/2012 23:00:59 - Windows Update

.

==== Installed Programs ======================

.

ABBYY Screenshot Reader

Acronis Disk Director 11 Home

Acronis True Image Home 2011

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

AMD GPU Clock Tool

AMP WinOFF 5.0.1

Apple Application Support

Apple Software Update

Application Profiles

Audacity 1.3.13 (Unicode)

avast! Free Antivirus

BB FlashBack Pro 3

Bigasoft Total Video Converter 3.6.20.4501

BioShock 2

BitTorrent

Canon RAW Codec

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help English

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

CyberScrub® Privacy Suite™ 5.1

D3DX10

Dell Driver Download Manager

Dell Webcam Central

DriverMax 6

Dropbox

EndNote X3

eReg

Extension Changer

Flickr Uploadr 3.2.1

Fraps

Geiss for Winamp 2x (remove only)

Geiss2 for Winamp 2x (remove only)

Google Chrome

Google Drive

Google Earth

Google Talk (remove only)

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

iPrivo 0.55

iprivobar Toolbar

ITECIR

Java Auto Updater

Java™ 6 Update 31

K-Lite Codec Pack 8.0.0 (Basic)

KillProcess 2.44

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.62.0.1300

Media Player Classic - Home Cinema v1.5.2.3456

MediaMonkey 4.0

Memory-Map OS Edition Version 5

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Mozilla Firefox 14.0.1 (x86 en-GB)

Mozilla Maintenance Service

Mozilla Thunderbird 12.0.1 (x86 en-GB)

MSI Afterburner 2.0.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyPhoneExplorer

Native Instruments Traktor 2

Native Instruments Traktor DJ Studio 3

neroxml

NVIDIA PhysX

ObjectDock

Origin

Polipo 1.0.4.1

PunkBuster Services

QuickTime

ResearchSoft Direct Export Helper

Samsung AllShare

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

SopCast 3.5.0

SoulSeek 157 NS 13e

Spotify

Spybot - Search & Destroy

Steam

System Requirements Lab CYRI

System Requirements Lab for Intel

Tor 0.2.2.35

Ubisoft Game Launcher

Unified Remote

Uninstall Startup Inspector

Update for Html5 geolocation provider

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Veetle TV 0.9.18

Vidalia 0.2.17

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.1

Where'd My Space Go version 1.0

Windows 7 USB/DVD Download Tool

Windows Live Upload Tool

WSC Real 09

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

17/08/2012 00:46:22, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

16/08/2012 20:31:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

16/08/2012 20:31:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009f7d350, 0xfffffa8009f7d630, 0xfffff800033d7510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

16/08/2012 20:06:15, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

16/08/2012 20:06:14, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

16/08/2012 19:56:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

16/08/2012 19:50:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009f74620, 0xfffffa8009f74900, 0xfffff80003380510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081612-44351-01.

16/08/2012 19:42:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009403060, 0xfffffa8009403340, 0xfffff800033ca510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

16/08/2012 04:05:54, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

15/08/2012 00:05:58, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

15/08/2012 00:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

14/08/2012 21:39:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR15.

13/08/2012 19:24:22, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.

13/08/2012 02:22:15, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.

11/08/2012 20:42:22, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

11/08/2012 13:53:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

11/08/2012 03:30:04, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.

.

==== End Of File ===========================

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Andy at 1:21:46 on 2012-08-17

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6109.3761 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\netcut\services\AIPS.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

uURLSearchHooks: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

mURLSearchHooks: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

mWinlogon: Userinit=userinit.exe,

BHO: {0EEDB912-C5FA-486F-8334-57288578C627} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

uRun: [ABBYY Screenshot Reader Retail]

uRun: [camchat] C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

uRunOnce: [Privacy Suite] "C:\Program Files (x86)\Privacy Suite\CSPSeraser.exe" "/R:C:\Users\Andy\AppData\Roaming\CyberScrub\Privacy Suite"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe

StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe

uPolicies-explorer: HideSCAVolume = 0 (0x0)

uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Download with &CruxP2P - C:\Program Files (x86)\Crux P2P\RazaWebHook32.dll/3000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.100.0.1

TCP: Interfaces\{76238AAA-35D5-46CF-B7D2-3A8E4CA56B0C} : DhcpNameServer = 10.100.0.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\244584572633D2A4150585 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\3686F636F6C61647563616B656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\84162726F627679656770294E6E60243 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\84162726F6276796567794E6E613 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\F42377962756C6563737239363331323 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\F42377962756C6563737934393835353 : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: {0EEDB912-C5FA-486F-8334-57288578C627} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

BHO-X64: iprivobar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: iprivobar Toolbar: {81d24ea1-3106-46a5-a324-fa96b8178519} - C:\Program Files (x86)\iprivobar\prxtbipri.dll

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\6629k6oz.andy\

FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&rls=org.mozilla:en-US:official&client=firefox-a&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2008-10-16 759072]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-11-16 89600]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-26 3246040]

R2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2012-5-9 262144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-9-29 2139400]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-3-11 8192]

S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]

S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-6-5 2438696]

S3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]

S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VCam_WDM;Fake Webcam 7.2;C:\Windows\system32\DRIVERS\VCam_WDM.sys --> C:\Windows\system32\DRIVERS\VCam_WDM.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-14 16:51:27 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{274AF10C-2AFD-4520-8557-D1B3611BE56A}\mpengine.dll

2012-08-04 00:31:18 -------- d-----w- C:\Program Files (x86)\Intelore

2012-08-01 15:58:48 -------- d-----r- C:\Program Files (x86)\CHANNEL5

2012-07-30 21:52:13 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-26 17:11:35 -------- d-----w- C:\Program Files (x86)\MonitorBright

2012-07-24 22:18:05 -------- d-----w- C:\Users\Andy\AppData\Local\JockerSoft

2012-07-22 12:07:30 -------- d-----w- C:\Users\Andy\AppData\Roaming\Bigasoft Total Video Converter

2012-07-22 12:05:37 -------- d-----w- C:\Program Files (x86)\Bigasoft

2012-07-22 11:38:24 -------- d-----w- C:\Users\Andy\AppData\Roaming\Softplicity

2012-07-21 01:40:27 -------- d-----w- C:\EraseBEB.tmp

2012-07-20 13:39:34 -------- d-----w- C:\ProgramData\Ask

2012-07-20 13:35:49 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-07-20 13:35:49 132880 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2012-07-20 13:35:48 -------- d-----w- C:\Program Files (x86)\Common Files\Web Solution Mart

2012-07-20 13:33:58 104120 ----a-w- C:\Windows\System32\drivers\VCam_WDM.sys

2012-07-20 07:42:03 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield

2012-07-18 06:44:54 -------- d-----w- C:\Program Files (x86)\ABBYY Screenshot Reader

.

==================== Find3M ====================

.

2012-08-16 00:10:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 00:10:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-14 23:35:51 6656 ----a-w- C:\Windows\System32\lpcio.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 02:48:18 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-25 15:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-21 10:22:34 400840 ----a-w- C:\Program Files (x86)\atomic.exe

.

============= FINISH: 1:22:04.76 ===============

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Andy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following applications:

BitTorrent

iprivobar Toolbar

SoulSeek 157 NS 13e

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

Hi Maniac; thanks for helping. It's very much appreciated.

Firstly, I've taken the action you suggested and changed my passwords etc. I've updated my bank too from a safe computer. Hopefully my bank details should be safe as I use a PIN sentry device to access online banking. There have been no suspicious entries on my nbank statements, nor have my email accounts been accessed from anywhere other than my location.

We'll try with the cleanup. If there's any problems existing after that, then I will format and reinstall my system.

I've run MBAM, remove the selected entries and restarted. Re-run the scan and the same threats are still there.

here's the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Andy :: ANDY-PC [administrator]

18/08/2012 18:40:10

mbam-log-2012-08-18 (18-43-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219413

Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Users\Andy\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.

C:\Users\Andy\AppData\Roaming\s.exe (Backdoor.Messa) -> No action taken.

(end)

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Andy at 18:54:29 on 2012-08-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6109.4170 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\netcut\services\AIPS.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {0EEDB912-C5FA-486F-8334-57288578C627} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [ABBYY Screenshot Reader Retail]

uRun: [camchat] C:\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

uRunOnce: [Privacy Suite] "C:\Program Files (x86)\Privacy Suite\CSPSeraser.exe" "/R:C:\Users\Andy\AppData\Roaming\CyberScrub\Privacy Suite"

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [AlterGeoUpdater] C:\ProgramData\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe

StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files (x86)\Dell\QuickSet\quickset.exe

uPolicies-explorer: HideSCAVolume = 0 (0x0)

uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Download with &CruxP2P - C:\Program Files (x86)\Crux P2P\RazaWebHook32.dll/3000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\244584572633D2A4150585 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\3686F636F6C61647563616B656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\84162726F627679656770294E6E60243 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\84162726F6276796567794E6E613 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\F42377962756C6563737239363331323 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}\F42377962756C6563737934393835353 : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: {0EEDB912-C5FA-486F-8334-57288578C627} - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\6629k6oz.andy\

FF - prefs.js: browser.startup.homepage - hxxps://portal.shef.ac.uk/cp/home/displaylogin

FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&rls=org.mozilla:en-US:official&client=firefox-a&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.81\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2008-10-16 759072]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-11-16 89600]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-26 3246040]

R2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\aips.exe [2012-5-9 262144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-9-29 2139400]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-16 40384]

R3 bbcap;bb_capture_driver;C:\Windows\system32\DRIVERS\bbcap.sys --> C:\Windows\system32\DRIVERS\bbcap.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 DKRtWrt;DKRtWrt;C:\Windows\system32\DRIVERS\DKRtWrt.sys --> C:\Windows\system32\DRIVERS\DKRtWrt.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-3-11 8192]

S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]

S3 AmdTools64;AMD Special Tools Driver;C:\Windows\system32\DRIVERS\AmdTools64.sys --> C:\Windows\system32\DRIVERS\AmdTools64.sys [?]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-6-5 2438696]

S3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\system32\DRIVERS\ITECIRfilter.sys --> C:\Windows\system32\DRIVERS\ITECIRfilter.sys [?]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]

S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VCam_WDM;Fake Webcam 7.2;C:\Windows\system32\DRIVERS\VCam_WDM.sys --> C:\Windows\system32\DRIVERS\VCam_WDM.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-17 12:41:58 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E3F3DCDE-E03B-48E6-B7B3-DB70A950FFEB}\mpengine.dll

2012-08-04 00:31:18 -------- d-----w- C:\Program Files (x86)\Intelore

2012-08-01 15:58:48 -------- d-----r- C:\Program Files (x86)\CHANNEL5

2012-07-30 21:52:13 103904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-26 17:11:35 -------- d-----w- C:\Program Files (x86)\MonitorBright

2012-07-24 22:18:05 -------- d-----w- C:\Users\Andy\AppData\Local\JockerSoft

2012-07-22 12:07:30 -------- d-----w- C:\Users\Andy\AppData\Roaming\Bigasoft Total Video Converter

2012-07-22 12:05:37 -------- d-----w- C:\Program Files (x86)\Bigasoft

2012-07-22 11:38:24 -------- d-----w- C:\Users\Andy\AppData\Roaming\Softplicity

2012-07-21 01:40:27 -------- d-----w- C:\EraseBEB.tmp

2012-07-20 13:39:34 -------- d-----w- C:\ProgramData\Ask

2012-07-20 13:35:49 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2012-07-20 13:35:49 132880 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2012-07-20 13:35:48 -------- d-----w- C:\Program Files (x86)\Common Files\Web Solution Mart

2012-07-20 13:33:58 104120 ----a-w- C:\Windows\System32\drivers\VCam_WDM.sys

2012-07-20 07:42:03 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield

.

==================== Find3M ====================

.

2012-08-16 00:10:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-16 00:10:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-14 23:35:51 6656 ----a-w- C:\Windows\System32\lpcio.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-10 02:48:18 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-25 15:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-21 10:22:34 400840 ----a-w- C:\Program Files (x86)\atomic.exe

.

============= FINISH: 18:54:46.09 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 16/11/2010 01:30:47

System Uptime: 18/08/2012 18:33:20 (0 hours ago)

.

Motherboard: Dell Inc. | | 0P132H

Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | U2E1 | 2801/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 46 GiB total, 7.534 GiB free.

D: is FIXED (NTFS) - 158 GiB total, 41.675 GiB free.

F: is FIXED (NTFS) - 4 GiB total, 0.917 GiB free.

H: is CDROM ()

I: is FIXED (NTFS) - 24 GiB total, 6.019 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_029F1028&REV_12\4&31FC8C23&0&0BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_029F1028&REV_12\4&31FC8C23&0&0BF0

Service:

.

==== System Restore Points ===================

.

RP433: 15/08/2012 23:00:59 - Windows Update

.

==== Installed Programs ======================

.

ABBYY Screenshot Reader

Acronis Disk Director 11 Home

Acronis True Image Home 2011

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

AMD GPU Clock Tool

AMP WinOFF 5.0.1

Apple Application Support

Apple Software Update

Application Profiles

Audacity 1.3.13 (Unicode)

avast! Free Antivirus

BB FlashBack Pro 3

Bigasoft Total Video Converter 3.6.20.4501

BioShock 2

Canon RAW Codec

Canon Utilities Digital Photo Professional 3.8

Canon Utilities EOS Utility

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help English

Corel Graphics - Windows Shell Extension

CorelDRAW Graphics Suite X5

CorelDRAW Graphics Suite X5 - Capture

CorelDRAW Graphics Suite X5 - Common

CorelDRAW Graphics Suite X5 - Connect

CorelDRAW Graphics Suite X5 - Custom Data

CorelDRAW Graphics Suite X5 - Draw

CorelDRAW Graphics Suite X5 - EN

CorelDRAW Graphics Suite X5 - Filters

CorelDRAW Graphics Suite X5 - FontNav

CorelDRAW Graphics Suite X5 - IPM

CorelDRAW Graphics Suite X5 - PHOTO-PAINT

CorelDRAW Graphics Suite X5 - Photozoom Plugin

CorelDRAW Graphics Suite X5 - Redist

CorelDRAW Graphics Suite X5 - Setup Files

CorelDRAW Graphics Suite X5 - VBA

CorelDRAW Graphics Suite X5 - VideoBrowser

CorelDRAW Graphics Suite X5 - VSTA

CorelDRAW Graphics Suite X5 - WT

CorelDRAW® Graphics Suite X5

CyberScrub® Privacy Suite™ 5.1

D3DX10

Dell Driver Download Manager

Dell Webcam Central

DriverMax 6

Dropbox

EndNote X3

eReg

Extension Changer

Flickr Uploadr 3.2.1

Fraps

Geiss for Winamp 2x (remove only)

Geiss2 for Winamp 2x (remove only)

Google Chrome

Google Drive

Google Earth

Google Talk (remove only)

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

ITECIR

Java Auto Updater

Java 6 Update 31

K-Lite Codec Pack 8.0.0 (Basic)

KillProcess 2.44

LAME v3.98.3 for Audacity

Malwarebytes Anti-Malware version 1.62.0.1300

Media Player Classic - Home Cinema v1.5.2.3456

MediaMonkey 4.0

Memory-Map OS Edition Version 5

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Mozilla Firefox 14.0.1 (x86 en-GB)

Mozilla Maintenance Service

Mozilla Thunderbird 12.0.1 (x86 en-GB)

MSI Afterburner 2.0.0

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

MyPhoneExplorer

Native Instruments Traktor 2

Native Instruments Traktor DJ Studio 3

neroxml

NVIDIA PhysX

ObjectDock

Origin

PunkBuster Services

QuickTime

ResearchSoft Direct Export Helper

Samsung AllShare

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

SopCast 3.5.0

Spotify

Spybot - Search & Destroy

Steam

System Requirements Lab CYRI

System Requirements Lab for Intel

Ubisoft Game Launcher

Unified Remote

Uninstall Startup Inspector

Update for Html5 geolocation provider

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Veetle TV 0.9.18

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.1

Where'd My Space Go version 1.0

Windows 7 USB/DVD Download Tool

Windows Live Upload Tool

WSC Real 09

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

18/08/2012 18:35:11, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

18/08/2012 16:58:00, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

17/08/2012 12:08:18, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

16/08/2012 20:31:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.

16/08/2012 20:31:39, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009f7d350, 0xfffffa8009f7d630, 0xfffff800033d7510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

16/08/2012 20:06:15, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

16/08/2012 20:06:14, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

16/08/2012 19:56:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

16/08/2012 19:50:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009f74620, 0xfffffa8009f74900, 0xfffff80003380510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081612-44351-01.

16/08/2012 19:42:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009403060, 0xfffffa8009403340, 0xfffff800033ca510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .

16/08/2012 04:05:54, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

15/08/2012 00:05:58, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

15/08/2012 00:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

14/08/2012 21:39:00, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR15.

13/08/2012 19:24:22, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.

13/08/2012 02:22:15, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.

11/08/2012 13:53:39, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

11/08/2012 03:30:04, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.

.

==== End Of File ===========================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

Ok, I've run the scan as instructed. It detected 5 medium risk objects, but seemingly unrelated to the backdoor file. Cure was not offered as an option, so I skipped as instructed. Here's the log:

17:30:42.0444 6428 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05

17:30:42.0660 6428 ============================================================

17:30:42.0660 6428 Current date / time: 2012/08/19 17:30:42.0660

17:30:42.0660 6428 SystemInfo:

17:30:42.0660 6428

17:30:42.0660 6428 OS Version: 6.1.7601 ServicePack: 1.0

17:30:42.0661 6428 Product type: Workstation

17:30:42.0661 6428 ComputerName: ANDY-PC

17:30:42.0661 6428 UserName: Andy

17:30:42.0661 6428 Windows directory: C:\Windows

17:30:42.0661 6428 System windows directory: C:\Windows

17:30:42.0661 6428 Running under WOW64

17:30:42.0661 6428 Processor architecture: Intel x64

17:30:42.0661 6428 Number of processors: 2

17:30:42.0661 6428 Page size: 0x1000

17:30:42.0661 6428 Boot type: Normal boot

17:30:42.0661 6428 ============================================================

17:30:43.0270 6428 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:30:43.0275 6428 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:30:50.0173 6428 ============================================================

17:30:50.0173 6428 \Device\Harddisk0\DR0:

17:30:50.0209 6428 MBR partitions:

17:30:50.0209 6428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x46992, BlocksNum 0x5C664CF

17:30:50.0232 6428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x5CACEA3, BlocksNum 0x7D043C

17:30:50.0246 6428 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x647D323, BlocksNum 0x13C7325E

17:30:50.0290 6428 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x1A0F0800, BlocksNum 0x30D3800

17:30:50.0290 6428 \Device\Harddisk1\DR1:

17:30:50.0291 6428 MBR partitions:

17:30:50.0291 6428 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

17:30:50.0291 6428 ============================================================

17:30:50.0367 6428 C: <-> \Device\Harddisk0\DR0\Partition1

17:30:50.0389 6428 G: <-> \Device\Harddisk1\DR1\Partition1

17:30:50.0706 6428 D: <-> \Device\Harddisk0\DR0\Partition3

17:30:50.0855 6428 F: <-> \Device\Harddisk0\DR0\Partition2

17:30:51.0062 6428 I: <-> \Device\Harddisk0\DR0\Partition4

17:30:51.0062 6428 ============================================================

17:30:51.0062 6428 Initialize success

17:30:51.0062 6428 ============================================================

17:33:47.0911 6928 ============================================================

17:33:47.0911 6928 Scan started

17:33:47.0911 6928 Mode: Manual; SigCheck; TDLFS;

17:33:47.0911 6928 ============================================================

17:33:49.0923 6928 ================ Scan services =============================

17:33:50.0048 6928 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

17:33:50.0110 6928 !SASCORE - ok

17:33:50.0329 6928 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

17:33:50.0391 6928 1394ohci - ok

17:33:50.0609 6928 [ f9c202597dd9340260df2482500dfcf9 ] ABBYY.Licensing.FineReader.ScreenshotReader.9.0 C:\Program Files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe

17:33:50.0625 6928 ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ok

17:33:50.0687 6928 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

17:33:50.0703 6928 ACPI - ok

17:33:50.0765 6928 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

17:33:50.0828 6928 AcpiPmi - ok

17:33:50.0906 6928 AcronisOSSReinstallSvc - ok

17:33:51.0062 6928 [ 2fa64c2e62f1b30e2ff70578b9babdcd ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

17:33:51.0155 6928 AcrSch2Svc - ok

17:33:51.0389 6928 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:33:51.0405 6928 AdobeFlashPlayerUpdateSvc - ok

17:33:51.0483 6928 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

17:33:51.0499 6928 adp94xx - ok

17:33:51.0561 6928 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

17:33:51.0577 6928 adpahci - ok

17:33:51.0608 6928 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

17:33:51.0623 6928 adpu320 - ok

17:33:51.0686 6928 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

17:33:51.0748 6928 AeLookupSvc - ok

17:33:51.0857 6928 [ a6fb9db8f1a86861d955fd6975977ae0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe

17:33:51.0889 6928 AESTFilters - ok

17:33:51.0982 6928 [ ae1fce2cd1e99bea89183ba8cd320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys

17:33:52.0029 6928 afcdp - ok

17:33:52.0169 6928 [ af44f7e027037628f1fac3c13cde73e6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

17:33:52.0263 6928 afcdpsrv - ok

17:33:52.0310 6928 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys

17:33:52.0357 6928 AFD - ok

17:33:52.0403 6928 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

17:33:52.0419 6928 agp440 - ok

17:33:52.0559 6928 [ 2870ce9bfd6ba66fb0ffc6d11c9e41a7 ] AIPS C:\Program Files (x86)\netcut\services\AIPS.exe

17:33:52.0559 6928 AIPS ( UnsignedFile.Multi.Generic ) - warning

17:33:52.0559 6928 AIPS - detected UnsignedFile.Multi.Generic (1)

17:33:52.0637 6928 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe

17:33:52.0669 6928 ALG - ok

17:33:52.0731 6928 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys

17:33:52.0747 6928 aliide - ok

17:33:52.0871 6928 [ 812349d328eb406815183a5d17b49e7c ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

17:33:52.0903 6928 AMD External Events Utility - ok

17:33:52.0934 6928 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys

17:33:52.0949 6928 amdide - ok

17:33:53.0012 6928 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

17:33:53.0059 6928 AmdK8 - ok

17:33:53.0308 6928 [ 0415ffe1b6a6ea141feafca57567f57f ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:33:53.0605 6928 amdkmdag - ok

17:33:53.0651 6928 [ dc24d6f38f17c0d643d9aa8a6852f8d0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

17:33:53.0683 6928 amdkmdap - ok

17:33:53.0714 6928 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

17:33:53.0761 6928 AmdPPM - ok

17:33:53.0792 6928 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

17:33:53.0807 6928 amdsata - ok

17:33:53.0870 6928 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

17:33:53.0885 6928 amdsbs - ok

17:33:53.0963 6928 [ deda72a4ab5416ad0a09faecfa6056c2 ] AmdTools64 C:\Windows\system32\DRIVERS\AmdTools64.sys

17:33:53.0963 6928 AmdTools64 - ok

17:33:53.0995 6928 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

17:33:54.0010 6928 amdxata - ok

17:33:54.0104 6928 [ 3cc4531f11648a6081a7ba3aa4924d04 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

17:33:54.0119 6928 ApfiltrService - ok

17:33:54.0197 6928 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys

17:33:54.0244 6928 AppID - ok

17:33:54.0291 6928 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

17:33:54.0353 6928 AppIDSvc - ok

17:33:54.0385 6928 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll

17:33:54.0447 6928 Appinfo - ok

17:33:54.0494 6928 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

17:33:54.0525 6928 AppMgmt - ok

17:33:54.0587 6928 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys

17:33:54.0603 6928 arc - ok

17:33:54.0619 6928 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

17:33:54.0634 6928 arcsas - ok

17:33:54.0775 6928 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

17:33:54.0790 6928 aspnet_state - ok

17:33:54.0853 6928 [ b76182f203e0bd5eb6a5f6538f0faee4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

17:33:54.0868 6928 aswFsBlk - ok

17:33:54.0946 6928 [ a88e9544edda1ce83825dd22d6a8b5f9 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

17:33:54.0946 6928 aswMonFlt - ok

17:33:54.0962 6928 [ cfad2fb33b22e7039c9dc233baacbf8b ] aswRdr C:\Windows\system32\drivers\aswRdr.sys

17:33:54.0977 6928 aswRdr - ok

17:33:54.0993 6928 [ 594365e887f4a5ad3970870b352eb887 ] aswSP C:\Windows\system32\drivers\aswSP.sys

17:33:55.0009 6928 aswSP - ok

17:33:55.0024 6928 [ 4ba0a0e1d36f88f536180ffe5efd8b7c ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

17:33:55.0040 6928 aswTdi - ok

17:33:55.0087 6928 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

17:33:55.0149 6928 AsyncMac - ok

17:33:55.0196 6928 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys

17:33:55.0211 6928 atapi - ok

17:33:55.0367 6928 ATICDSDr - ok

17:33:55.0461 6928 [ e02b26650acc2f4901342d4a66774ad7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

17:33:55.0477 6928 AtiHDAudioService - ok

17:33:55.0508 6928 [ 38467ff83c2b4265d51f418812a91e3c ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

17:33:55.0508 6928 AtiHdmiService - ok

17:33:55.0742 6928 [ 0415ffe1b6a6ea141feafca57567f57f ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

17:33:55.0851 6928 atikmdag - ok

17:33:55.0913 6928 [ b07e6681d303a612680223c729b021e2 ] ATITool C:\Windows\system32\DRIVERS\ATITool64.sys

17:33:55.0929 6928 ATITool ( UnsignedFile.Multi.Generic ) - warning

17:33:55.0929 6928 ATITool - detected UnsignedFile.Multi.Generic (1)

17:33:55.0991 6928 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

17:33:56.0054 6928 AudioEndpointBuilder - ok

17:33:56.0069 6928 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

17:33:56.0101 6928 AudioSrv - ok

17:33:56.0179 6928 [ acb544d7254f366dfb48f380bc36cd25 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

17:33:56.0194 6928 avast! Antivirus - ok

17:33:56.0194 6928 [ acb544d7254f366dfb48f380bc36cd25 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

17:33:56.0210 6928 avast! Mail Scanner - ok

17:33:56.0210 6928 [ acb544d7254f366dfb48f380bc36cd25 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

17:33:56.0225 6928 avast! Web Scanner - ok

17:33:56.0288 6928 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll

17:33:56.0350 6928 AxInstSV - ok

17:33:56.0397 6928 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

17:33:56.0444 6928 b06bdrv - ok

17:33:56.0491 6928 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

17:33:56.0537 6928 b57nd60a - ok

17:33:56.0615 6928 [ 849ea7a204f9f77e7b2adb8699f7bfc8 ] bbcap C:\Windows\system32\DRIVERS\bbcap.sys

17:33:56.0647 6928 bbcap - ok

17:33:56.0740 6928 [ fb4fda64f2e8552eaeb5986c3f34462c ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

17:33:56.0834 6928 BCM43XX - ok

17:33:56.0896 6928 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll

17:33:56.0912 6928 BDESVC - ok

17:33:56.0990 6928 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

17:33:57.0052 6928 Beep - ok

17:33:57.0115 6928 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll

17:33:57.0177 6928 BFE - ok

17:33:57.0239 6928 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll

17:33:57.0317 6928 BITS - ok

17:33:57.0364 6928 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

17:33:57.0395 6928 blbdrive - ok

17:33:57.0442 6928 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

17:33:57.0489 6928 bowser - ok

17:33:57.0520 6928 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:33:57.0567 6928 BrFiltLo - ok

17:33:57.0598 6928 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:33:57.0645 6928 BrFiltUp - ok

17:33:57.0692 6928 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll

17:33:57.0739 6928 Browser - ok

17:33:57.0770 6928 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys

17:33:57.0801 6928 Brserid - ok

17:33:57.0848 6928 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

17:33:57.0863 6928 BrSerWdm - ok

17:33:57.0879 6928 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

17:33:57.0926 6928 BrUsbMdm - ok

17:33:57.0941 6928 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

17:33:57.0988 6928 BrUsbSer - ok

17:33:58.0019 6928 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

17:33:58.0035 6928 BTHMODEM - ok

17:33:58.0097 6928 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll

17:33:58.0160 6928 bthserv - ok

17:33:58.0207 6928 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

17:33:58.0285 6928 cdfs - ok

17:33:58.0331 6928 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

17:33:58.0363 6928 cdrom - ok

17:33:58.0441 6928 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll

17:33:58.0487 6928 CertPropSvc - ok

17:33:58.0628 6928 [ 1edbc1dbdeaab7b185b4491bf6129701 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe

17:33:58.0706 6928 CGVPNCliSrvc - ok

17:33:58.0784 6928 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys

17:33:58.0831 6928 circlass - ok

17:33:58.0893 6928 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys

17:33:58.0909 6928 CLFS - ok

17:33:59.0033 6928 [ 882e3973505c441ce000133c821d0edd ] CLPSLS C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

17:33:59.0065 6928 CLPSLS - ok

17:33:59.0174 6928 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:33:59.0189 6928 clr_optimization_v2.0.50727_32 - ok

17:33:59.0299 6928 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:33:59.0299 6928 clr_optimization_v2.0.50727_64 - ok

17:33:59.0345 6928 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:33:59.0345 6928 clr_optimization_v4.0.30319_32 - ok

17:33:59.0377 6928 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:33:59.0377 6928 clr_optimization_v4.0.30319_64 - ok

17:33:59.0439 6928 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

17:33:59.0486 6928 CmBatt - ok

17:33:59.0626 6928 [ cee48ccc4d561ddb19c72f9fb55d28d5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

17:33:59.0657 6928 cmdAgent - ok

17:33:59.0735 6928 [ 0599d5a458d4e0e37ab84e9d1c5c73e5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys

17:33:59.0751 6928 cmdGuard - ok

17:33:59.0782 6928 [ 2d3e08c7106f748f9eff3dec14142d3e ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys

17:33:59.0798 6928 cmdHlp - ok

17:33:59.0813 6928 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys

17:33:59.0813 6928 cmdide - ok

17:33:59.0907 6928 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys

17:33:59.0938 6928 CNG - ok

17:34:00.0016 6928 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

17:34:00.0016 6928 Compbatt - ok

17:34:00.0094 6928 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

17:34:00.0125 6928 CompositeBus - ok

17:34:00.0141 6928 COMSysApp - ok

17:34:00.0219 6928 [ 262969a3fab32b9e17e63e2d17a57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

17:34:00.0235 6928 cpuz135 - ok

17:34:00.0281 6928 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

17:34:00.0297 6928 crcdisk - ok

17:34:00.0344 6928 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

17:34:00.0391 6928 CryptSvc - ok

17:34:00.0422 6928 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys

17:34:00.0469 6928 CSC - ok

17:34:00.0515 6928 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll

17:34:00.0562 6928 CscService - ok

17:34:00.0640 6928 [ ed5cf92396a62f4c15110dcdb5e854d9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

17:34:00.0671 6928 CtClsFlt - ok

17:34:00.0749 6928 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll

17:34:00.0812 6928 DcomLaunch - ok

17:34:00.0874 6928 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll

17:34:00.0937 6928 defragsvc - ok

17:34:00.0968 6928 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

17:34:01.0030 6928 DfsC - ok

17:34:01.0093 6928 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll

17:34:01.0139 6928 Dhcp - ok

17:34:01.0171 6928 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys

17:34:01.0233 6928 discache - ok

17:34:01.0311 6928 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys

17:34:01.0327 6928 Disk - ok

17:34:01.0451 6928 [ e50664f505d80fc2bed3186807609c22 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

17:34:01.0514 6928 Diskeeper - ok

17:34:01.0545 6928 [ 20c394c80113d77406df8f1adc720b01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys

17:34:01.0545 6928 DKRtWrt - ok

17:34:01.0576 6928 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

17:34:01.0623 6928 Dnscache - ok

17:34:01.0654 6928 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll

17:34:01.0717 6928 dot3svc - ok

17:34:01.0748 6928 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll

17:34:01.0810 6928 DPS - ok

17:34:01.0857 6928 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

17:34:01.0904 6928 drmkaud - ok

17:34:01.0966 6928 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

17:34:02.0013 6928 DXGKrnl - ok

17:34:02.0075 6928 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll

17:34:02.0122 6928 EapHost - ok

17:34:02.0216 6928 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

17:34:02.0325 6928 ebdrv - ok

17:34:02.0341 6928 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe

17:34:02.0403 6928 EFS - ok

17:34:02.0450 6928 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

17:34:02.0465 6928 elxstor - ok

17:34:02.0497 6928 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys

17:34:02.0543 6928 ErrDev - ok

17:34:02.0575 6928 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll

17:34:02.0621 6928 EventSystem - ok

17:34:02.0668 6928 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys

17:34:02.0731 6928 exfat - ok

17:34:02.0762 6928 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys

17:34:02.0824 6928 fastfat - ok

17:34:02.0887 6928 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe

17:34:02.0933 6928 Fax - ok

17:34:02.0965 6928 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys

17:34:02.0980 6928 fdc - ok

17:34:03.0011 6928 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll

17:34:03.0105 6928 fdPHost - ok

17:34:03.0136 6928 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

17:34:03.0183 6928 FDResPub - ok

17:34:03.0230 6928 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

17:34:03.0245 6928 FileInfo - ok

17:34:03.0261 6928 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

17:34:03.0323 6928 Filetrace - ok

17:34:03.0339 6928 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

17:34:03.0355 6928 flpydisk - ok

17:34:03.0417 6928 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

17:34:03.0448 6928 FltMgr - ok

17:34:03.0495 6928 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll

17:34:03.0573 6928 FontCache - ok

17:34:03.0651 6928 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:34:03.0667 6928 FontCache3.0.0.0 - ok

17:34:03.0729 6928 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

17:34:03.0729 6928 FsDepends - ok

17:34:03.0760 6928 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

17:34:03.0776 6928 Fs_Rec - ok

17:34:03.0854 6928 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

17:34:03.0869 6928 fvevol - ok

17:34:03.0916 6928 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

17:34:03.0932 6928 gagp30kx - ok

17:34:04.0010 6928 [ 022807b149127b8faa3dbeb13a7d9b41 ] GenericMount C:\Windows\system32\DRIVERS\GenericMount.sys

17:34:04.0025 6928 GenericMount - ok

17:34:04.0072 6928 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll

17:34:04.0150 6928 gpsvc - ok

17:34:04.0166 6928 GPU-Z - ok

17:34:04.0228 6928 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:34:04.0228 6928 gupdate - ok

17:34:04.0291 6928 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:34:04.0306 6928 gupdatem - ok

17:34:04.0369 6928 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

17:34:04.0400 6928 hcw85cir - ok

17:34:04.0462 6928 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

17:34:04.0493 6928 HdAudAddService - ok

17:34:04.0540 6928 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

17:34:04.0587 6928 HDAudBus - ok

17:34:04.0618 6928 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

17:34:04.0649 6928 HidBatt - ok

17:34:04.0681 6928 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

17:34:04.0712 6928 HidBth - ok

17:34:04.0774 6928 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

17:34:04.0790 6928 HidIr - ok

17:34:04.0837 6928 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll

17:34:04.0899 6928 hidserv - ok

17:34:04.0961 6928 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

17:34:04.0993 6928 HidUsb - ok

17:34:05.0024 6928 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll

17:34:05.0086 6928 hkmsvc - ok

17:34:05.0117 6928 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll

17:34:05.0242 6928 HomeGroupListener - ok

17:34:05.0289 6928 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

17:34:05.0351 6928 HomeGroupProvider - ok

17:34:05.0414 6928 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

17:34:05.0429 6928 HpSAMD - ok

17:34:05.0523 6928 [ bbc89da4065bdce34257be95b2f636ee ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys

17:34:05.0539 6928 HssDRV6 - ok

17:34:05.0617 6928 [ f47cec45fb85791d4ab237563ad0fa8f ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys

17:34:05.0663 6928 HTCAND64 - ok

17:34:05.0741 6928 [ b8b1b284362e1d8135112573395d5da5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys

17:34:05.0757 6928 htcnprot - ok

17:34:05.0819 6928 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

17:34:05.0866 6928 HTTP - ok

17:34:05.0913 6928 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

17:34:05.0929 6928 hwpolicy - ok

17:34:05.0991 6928 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

17:34:06.0007 6928 i8042prt - ok

17:34:06.0085 6928 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

17:34:06.0100 6928 iaStor - ok

17:34:06.0163 6928 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

17:34:06.0178 6928 iaStorV - ok

17:34:06.0256 6928 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:34:06.0303 6928 idsvc - ok

17:34:06.0350 6928 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

17:34:06.0365 6928 iirsp - ok

17:34:06.0443 6928 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll

17:34:06.0521 6928 IKEEXT - ok

17:34:06.0568 6928 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys

17:34:06.0584 6928 intelide - ok

17:34:06.0631 6928 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

17:34:06.0646 6928 intelppm - ok

17:34:06.0724 6928 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll

17:34:06.0771 6928 IPBusEnum - ok

17:34:06.0818 6928 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:34:06.0880 6928 IpFilterDriver - ok

17:34:06.0927 6928 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

17:34:06.0989 6928 iphlpsvc - ok

17:34:07.0036 6928 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

17:34:07.0052 6928 IPMIDRV - ok

17:34:07.0114 6928 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

17:34:07.0145 6928 IPNAT - ok

17:34:07.0192 6928 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

17:34:07.0239 6928 IRENUM - ok

17:34:07.0255 6928 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

17:34:07.0270 6928 isapnp - ok

17:34:07.0301 6928 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

17:34:07.0317 6928 iScsiPrt - ok

17:34:07.0379 6928 [ 8d990a44b4f2b68e2c56a3724ec3eb84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys

17:34:07.0395 6928 itecir - ok

17:34:07.0473 6928 [ e5aac07b053d15ba8f67ba7d49c20971 ] ITECIRfilter C:\Windows\system32\DRIVERS\ITECIRfilter.sys

17:34:07.0489 6928 ITECIRfilter - ok

17:34:07.0535 6928 [ 12e27942dbb7c91880163634b0d8a776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

17:34:07.0567 6928 k57nd60a - ok

17:34:07.0629 6928 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

17:34:07.0645 6928 kbdclass - ok

17:34:07.0707 6928 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

17:34:07.0738 6928 kbdhid - ok

17:34:07.0785 6928 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe

17:34:07.0785 6928 KeyIso - ok

17:34:07.0910 6928 [ e3cf421210ebddacb4590ae67a0226dc ] KeyScrambler C:\Windows\system32\drivers\keyscrambler.sys

17:34:07.0925 6928 KeyScrambler - ok

17:34:07.0988 6928 KMService - ok

17:34:08.0019 6928 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

17:34:08.0035 6928 KSecDD - ok

17:34:08.0066 6928 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

17:34:08.0081 6928 KSecPkg - ok

17:34:08.0144 6928 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

17:34:08.0191 6928 ksthunk - ok

17:34:08.0237 6928 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll

17:34:08.0300 6928 KtmRm - ok

17:34:08.0347 6928 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll

17:34:08.0393 6928 LanmanServer - ok

17:34:08.0425 6928 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

17:34:08.0471 6928 LanmanWorkstation - ok

17:34:08.0549 6928 [ 3c46290f7a5d45ba6ef32c248e22aa69 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys

17:34:08.0565 6928 Lbd - ok

17:34:08.0705 6928 [ 7772dfab22611050b79504e671b06e6e ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

17:34:08.0737 6928 LBTServ - ok

17:34:08.0783 6928 [ ed7ec050cd6c20e1a93a4dafb7efd14d ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

17:34:08.0783 6928 LEqdUsb - ok

17:34:08.0830 6928 [ 3267bc698e29474a8381e68904eb0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

17:34:08.0846 6928 LHidEqd - ok

17:34:08.0908 6928 [ 241f2648adf090e2a10095bd6d6f5dcb ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

17:34:08.0924 6928 LHidFilt - ok

17:34:08.0971 6928 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

17:34:09.0033 6928 lltdio - ok

17:34:09.0080 6928 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll

17:34:09.0142 6928 lltdsvc - ok

17:34:09.0158 6928 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll

17:34:09.0220 6928 lmhosts - ok

17:34:09.0267 6928 [ 342ed5a4b3326014438f36d22d803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

17:34:09.0283 6928 LMouFilt - ok

17:34:09.0329 6928 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

17:34:09.0345 6928 LSI_FC - ok

17:34:09.0361 6928 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

17:34:09.0376 6928 LSI_SAS - ok

17:34:09.0392 6928 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:34:09.0407 6928 LSI_SAS2 - ok

17:34:09.0423 6928 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:34:09.0439 6928 LSI_SCSI - ok

17:34:09.0454 6928 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys

17:34:09.0517 6928 luafv - ok

17:34:09.0579 6928 [ 922cbac7b992b9614cab7122f4bf9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys

17:34:09.0595 6928 ManyCam - ok

17:34:09.0673 6928 [ 34a42dd7cf525d0d2c5232916496e4b8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys

17:34:09.0688 6928 mcaudrv_simple - ok

17:34:09.0688 6928 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

17:34:09.0704 6928 megasas - ok

17:34:09.0719 6928 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

17:34:09.0751 6928 MegaSR - ok

17:34:09.0829 6928 Microsoft SharePoint Workspace Audit Service - ok

17:34:09.0891 6928 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll

17:34:09.0922 6928 MMCSS - ok

17:34:09.0953 6928 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys

17:34:10.0016 6928 Modem - ok

17:34:10.0094 6928 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys

17:34:10.0125 6928 monitor - ok

17:34:10.0172 6928 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

17:34:10.0203 6928 mouclass - ok

17:34:10.0265 6928 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

17:34:10.0312 6928 mouhid - ok

17:34:10.0343 6928 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

17:34:10.0359 6928 mountmgr - ok

17:34:10.0468 6928 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:34:10.0484 6928 MozillaMaintenance - ok

17:34:10.0515 6928 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys

17:34:10.0531 6928 mpio - ok

17:34:10.0593 6928 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

17:34:10.0640 6928 mpsdrv - ok

17:34:10.0687 6928 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll

17:34:10.0765 6928 MpsSvc - ok

17:34:10.0811 6928 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

17:34:10.0858 6928 MRxDAV - ok

17:34:10.0889 6928 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

17:34:10.0921 6928 mrxsmb - ok

17:34:10.0967 6928 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:34:11.0014 6928 mrxsmb10 - ok

17:34:11.0045 6928 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:34:11.0092 6928 mrxsmb20 - ok

17:34:11.0123 6928 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys

17:34:11.0139 6928 msahci - ok

17:34:11.0155 6928 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

17:34:11.0170 6928 msdsm - ok

17:34:11.0217 6928 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe

17:34:11.0248 6928 MSDTC - ok

17:34:11.0295 6928 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

17:34:11.0357 6928 Msfs - ok

17:34:11.0389 6928 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

17:34:11.0435 6928 mshidkmdf - ok

17:34:11.0482 6928 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

17:34:11.0498 6928 msisadrv - ok

17:34:11.0591 6928 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

17:34:11.0623 6928 MSiSCSI - ok

17:34:11.0623 6928 msiserver - ok

17:34:11.0685 6928 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

17:34:11.0716 6928 MSKSSRV - ok

17:34:11.0716 6928 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

17:34:11.0763 6928 MSPCLOCK - ok

17:34:11.0763 6928 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

17:34:11.0794 6928 MSPQM - ok

17:34:11.0857 6928 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

17:34:11.0888 6928 MsRPC - ok

17:34:11.0919 6928 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

17:34:11.0935 6928 mssmbios - ok

17:34:11.0950 6928 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

17:34:11.0997 6928 MSTEE - ok

17:34:12.0044 6928 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

17:34:12.0059 6928 MTConfig - ok

17:34:12.0059 6928 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys

17:34:12.0075 6928 Mup - ok

17:34:12.0137 6928 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll

17:34:12.0184 6928 napagent - ok

17:34:12.0247 6928 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

17:34:12.0293 6928 NativeWifiP - ok

17:34:12.0356 6928 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys

17:34:12.0403 6928 NDIS - ok

17:34:12.0418 6928 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

17:34:12.0481 6928 NdisCap - ok

17:34:12.0512 6928 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

17:34:12.0543 6928 NdisTapi - ok

17:34:12.0605 6928 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

17:34:12.0652 6928 Ndisuio - ok

17:34:12.0683 6928 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

17:34:12.0746 6928 NdisWan - ok

17:34:12.0793 6928 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

17:34:12.0839 6928 NDProxy - ok

17:34:12.0886 6928 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

17:34:12.0949 6928 NetBIOS - ok

17:34:12.0995 6928 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

17:34:13.0027 6928 NetBT - ok

17:34:13.0073 6928 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe

17:34:13.0089 6928 Netlogon - ok

17:34:13.0151 6928 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll

17:34:13.0198 6928 Netman - ok

17:34:13.0245 6928 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:34:13.0261 6928 NetMsmqActivator - ok

17:34:13.0307 6928 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:34:13.0307 6928 NetPipeActivator - ok

17:34:13.0354 6928 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll

17:34:13.0417 6928 netprofm - ok

17:34:13.0432 6928 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:34:13.0432 6928 NetTcpActivator - ok

17:34:13.0448 6928 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

17:34:13.0448 6928 NetTcpPortSharing - ok

17:34:13.0495 6928 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

17:34:13.0510 6928 nfrd960 - ok

17:34:13.0573 6928 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

17:34:13.0604 6928 NlaSvc - ok

17:34:13.0682 6928 NMIndexingService - ok

17:34:13.0744 6928 NMSAccess - ok

17:34:13.0760 6928 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

17:34:13.0791 6928 Npfs - ok

17:34:13.0838 6928 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll

17:34:13.0900 6928 nsi - ok

17:34:13.0931 6928 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

17:34:13.0978 6928 nsiproxy - ok

17:34:14.0056 6928 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

17:34:14.0119 6928 Ntfs - ok

17:34:14.0165 6928 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys

17:34:14.0212 6928 Null - ok

17:34:14.0275 6928 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys

17:34:14.0290 6928 nvraid - ok

17:34:14.0306 6928 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys

17:34:14.0321 6928 nvstor - ok

17:34:14.0368 6928 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

17:34:14.0384 6928 nv_agp - ok

17:34:14.0384 6928 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

17:34:14.0399 6928 ohci1394 - ok

17:34:14.0540 6928 [ 49a344136f729659c075d67adfb88fba ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

17:34:14.0587 6928 OS Selector - ok

17:34:14.0665 6928 [ 4965b005492cba7719e82b71e3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:34:14.0680 6928 ose64 - ok

17:34:14.0867 6928 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:34:15.0023 6928 osppsvc - ok

17:34:15.0070 6928 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

17:34:15.0117 6928 p2pimsvc - ok

17:34:15.0148 6928 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll

17:34:15.0195 6928 p2psvc - ok

17:34:15.0242 6928 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

17:34:15.0257 6928 Parport - ok

17:34:15.0304 6928 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys

17:34:15.0320 6928 partmgr - ok

17:34:15.0398 6928 [ 68139940b5ac84affb7eb1b713be66e7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

17:34:15.0413 6928 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

17:34:15.0413 6928 PassThru Service - detected UnsignedFile.Multi.Generic (1)

17:34:15.0460 6928 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

17:34:15.0523 6928 PcaSvc - ok

17:34:15.0554 6928 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys

17:34:15.0569 6928 pci - ok

17:34:15.0632 6928 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys

17:34:15.0647 6928 pciide - ok

17:34:15.0710 6928 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

17:34:15.0725 6928 pcmcia - ok

17:34:15.0741 6928 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys

17:34:15.0757 6928 pcw - ok

17:34:15.0772 6928 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys

17:34:15.0819 6928 PEAUTH - ok

17:34:15.0881 6928 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

17:34:15.0944 6928 PeerDistSvc - ok

17:34:16.0022 6928 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe

17:34:16.0069 6928 PerfHost - ok

17:34:16.0131 6928 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll

17:34:16.0193 6928 pla - ok

17:34:16.0225 6928 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

17:34:16.0256 6928 PlugPlay - ok

17:34:16.0256 6928 PnkBstrA - ok

17:34:16.0287 6928 PnkBstrB - ok

17:34:16.0318 6928 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

17:34:16.0334 6928 PNRPAutoReg - ok

17:34:16.0396 6928 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

17:34:16.0412 6928 PNRPsvc - ok

17:34:16.0474 6928 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

17:34:16.0537 6928 PolicyAgent - ok

17:34:16.0583 6928 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll

17:34:16.0646 6928 Power - ok

17:34:16.0739 6928 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

17:34:16.0771 6928 PptpMiniport - ok

17:34:16.0786 6928 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys

17:34:16.0817 6928 Processor - ok

17:34:16.0849 6928 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll

17:34:16.0880 6928 ProfSvc - ok

17:34:16.0911 6928 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe

17:34:16.0927 6928 ProtectedStorage - ok

17:34:17.0005 6928 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys

17:34:17.0051 6928 Psched - ok

17:34:17.0161 6928 [ 0b6dea0a1662cab8f2bf339dc0752ef4 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

17:34:17.0176 6928 PSI_SVC_2 - ok

17:34:17.0254 6928 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

17:34:17.0301 6928 ql2300 - ok

17:34:17.0317 6928 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

17:34:17.0332 6928 ql40xx - ok

17:34:17.0395 6928 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll

17:34:17.0410 6928 QWAVE - ok

17:34:17.0441 6928 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

17:34:17.0473 6928 QWAVEdrv - ok

17:34:17.0519 6928 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

17:34:17.0551 6928 RasAcd - ok

17:34:17.0613 6928 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

17:34:17.0660 6928 RasAgileVpn - ok

17:34:17.0675 6928 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll

17:34:17.0722 6928 RasAuto - ok

17:34:17.0753 6928 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

17:34:17.0800 6928 Rasl2tp - ok

17:34:17.0847 6928 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll

17:34:17.0894 6928 RasMan - ok

17:34:17.0956 6928 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

17:34:17.0987 6928 RasPppoe - ok

17:34:18.0019 6928 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

17:34:18.0081 6928 RasSstp - ok

17:34:18.0128 6928 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

17:34:18.0206 6928 rdbss - ok

17:34:18.0237 6928 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

17:34:18.0268 6928 rdpbus - ok

17:34:18.0347 6928 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

17:34:18.0425 6928 RDPCDD - ok

17:34:18.0488 6928 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

17:34:18.0550 6928 RDPDR - ok

17:34:18.0566 6928 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

17:34:18.0644 6928 RDPENCDD - ok

17:34:18.0675 6928 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

17:34:18.0737 6928 RDPREFMP - ok

17:34:18.0784 6928 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

17:34:18.0815 6928 RDPWD - ok

17:34:18.0862 6928 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

17:34:18.0878 6928 rdyboost - ok

17:34:18.0940 6928 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll

17:34:18.0971 6928 RemoteAccess - ok

17:34:19.0034 6928 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

17:34:19.0096 6928 RemoteRegistry - ok

17:34:19.0158 6928 [ 6faf5b04bedc66d300d9d233b2d222f0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

17:34:19.0174 6928 rimmptsk - ok

17:34:19.0190 6928 [ 4d7ef3d46346ec4c58784db964b365de ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

17:34:19.0205 6928 rismxdp - ok

17:34:19.0236 6928 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

17:34:19.0283 6928 RpcEptMapper - ok

17:34:19.0330 6928 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe

17:34:19.0346 6928 RpcLocator - ok

17:34:19.0424 6928 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll

17:34:19.0455 6928 RpcSs - ok

17:34:19.0533 6928 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

17:34:19.0580 6928 rspndr - ok

17:34:19.0626 6928 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

17:34:19.0689 6928 s3cap - ok

17:34:19.0720 6928 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe

17:34:19.0736 6928 SamSs - ok

17:34:19.0985 6928 [ 9d19e17449c8e8759d6872f662104321 ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

17:34:20.0001 6928 SamsungAllShareV2.0 - ok

17:34:20.0094 6928 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

17:34:20.0110 6928 SASDIFSV - ok

17:34:20.0172 6928 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

17:34:20.0188 6928 SASKUTIL - ok

17:34:20.0250 6928 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

17:34:20.0266 6928 sbp2port - ok

17:34:20.0344 6928 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll

17:34:20.0422 6928 SCardSvr - ok

17:34:20.0469 6928 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

17:34:20.0500 6928 scfilter - ok

17:34:20.0562 6928 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll

17:34:20.0656 6928 Schedule - ok

17:34:20.0703 6928 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll

17:34:20.0734 6928 SCPolicySvc - ok

17:34:20.0843 6928 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

17:34:20.0890 6928 sdbus - ok

17:34:20.0906 6928 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

17:34:20.0937 6928 SDRSVC - ok

17:34:20.0999 6928 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

17:34:21.0046 6928 secdrv - ok

17:34:21.0108 6928 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll

17:34:21.0140 6928 seclogon - ok

17:34:21.0186 6928 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll

17:34:21.0249 6928 SENS - ok

17:34:21.0264 6928 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

17:34:21.0296 6928 SensrSvc - ok

17:34:21.0342 6928 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

17:34:21.0358 6928 Serenum - ok

17:34:21.0405 6928 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

17:34:21.0436 6928 Serial - ok

17:34:21.0530 6928 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

17:34:21.0561 6928 sermouse - ok

17:34:21.0608 6928 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll

17:34:21.0670 6928 SessionEnv - ok

17:34:21.0717 6928 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

17:34:21.0826 6928 sffdisk - ok

17:34:21.0857 6928 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

17:34:21.0951 6928 sffp_mmc - ok

17:34:21.0982 6928 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

17:34:22.0013 6928 sffp_sd - ok

17:34:22.0091 6928 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

17:34:22.0107 6928 sfloppy - ok

17:34:22.0169 6928 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll

17:34:22.0247 6928 SharedAccess - ok

17:34:22.0294 6928 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll

17:34:22.0356 6928 ShellHWDetection - ok

17:34:22.0497 6928 [ 1980fe1f5a32067dad1d8776b63c2669 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe

17:34:22.0512 6928 SimpleSlideShowServer - ok

17:34:22.0559 6928 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:34:22.0590 6928 SiSRaid2 - ok

17:34:22.0637 6928 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

17:34:22.0653 6928 SiSRaid4 - ok

17:34:22.0731 6928 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

17:34:22.0809 6928 Smb - ok

17:34:22.0980 6928 [ 10450f432811d7fda60a97fcc674d7b2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys

17:34:23.0058 6928 snapman - ok

17:34:23.0141 6928 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe

17:34:23.0158 6928 SNMPTRAP - ok

17:34:23.0198 6928 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys

17:34:23.0218 6928 spldr - ok

17:34:23.0280 6928 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe

17:34:23.0300 6928 Spooler - ok

17:34:23.0470 6928 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe

17:34:23.0645 6928 sppsvc - ok

17:34:23.0704 6928 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

17:34:23.0776 6928 sppuinotify - ok

17:34:23.0870 6928 [ 602884696850c86434530790b110e8eb ] sptd C:\Windows\system32\Drivers\sptd.sys

17:34:23.0885 6928 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

17:34:23.0885 6928 sptd ( LockedFile.Multi.Generic ) - warning

17:34:23.0885 6928 sptd - detected LockedFile.Multi.Generic (1)

17:34:23.0916 6928 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys

17:34:23.0948 6928 srv - ok

17:34:23.0979 6928 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

17:34:24.0026 6928 srv2 - ok

17:34:24.0057 6928 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

17:34:24.0088 6928 srvnet - ok

17:34:24.0135 6928 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

17:34:24.0166 6928 SSDPSRV - ok

17:34:24.0182 6928 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll

17:34:24.0260 6928 SstpSvc - ok

17:34:24.0369 6928 [ da7702025dfd169b909c4da3126762cc ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe

17:34:24.0416 6928 STacSV - ok

17:34:24.0447 6928 Steam Client Service - ok

17:34:24.0509 6928 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

17:34:24.0525 6928 stexstor - ok

17:34:24.0603 6928 [ caf5a9708671b14b9670260735b22c4e ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

17:34:24.0650 6928 STHDA - ok

17:34:24.0712 6928 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll

17:34:24.0759 6928 stisvc - ok

17:34:24.0790 6928 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

17:34:24.0806 6928 storflt - ok

17:34:24.0868 6928 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll

17:34:24.0915 6928 StorSvc - ok

17:34:24.0946 6928 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

17:34:24.0962 6928 storvsc - ok

17:34:24.0993 6928 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys

17:34:25.0008 6928 swenum - ok

17:34:25.0071 6928 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll

17:34:25.0102 6928 swprv - ok

17:34:25.0196 6928 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll

17:34:25.0289 6928 SysMain - ok

17:34:25.0336 6928 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

17:34:25.0352 6928 TabletInputService - ok

17:34:25.0430 6928 [ f0b9d3ed88e56d3cd713dff21e42aaf0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys

17:34:25.0461 6928 tap0901 - ok

17:34:25.0508 6928 [ f33fdc72298df4bf9813a55d21f4eb31 ] taphss C:\Windows\system32\DRIVERS\taphss.sys

17:34:25.0523 6928 taphss - ok

17:34:25.0586 6928 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

17:34:25.0648 6928 TapiSrv - ok

17:34:25.0695 6928 [ 927d0cdb3f96efc1e98fb1a2c9fb67ad ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys

17:34:25.0710 6928 tapoas - ok

17:34:25.0773 6928 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll

17:34:25.0804 6928 TBS - ok

17:34:25.0882 6928 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

17:34:25.0913 6928 Tcpip - ok

17:34:25.0991 6928 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

17:34:26.0022 6928 TCPIP6 - ok

17:34:26.0054 6928 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

17:34:26.0100 6928 tcpipreg - ok

17:34:26.0225 6928 Tcpz-x64 - ok

17:34:26.0288 6928 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

17:34:26.0319 6928 TDPIPE - ok

17:34:26.0412 6928 [ 99527d49ee0a96fc25537c61b270a372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys

17:34:26.0459 6928 tdrpman273 - ok

17:34:26.0490 6928 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

17:34:26.0537 6928 TDTCP - ok

17:34:26.0584 6928 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

17:34:26.0631 6928 tdx - ok

17:34:26.0678 6928 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys

17:34:26.0693 6928 TermDD - ok

17:34:26.0709 6928 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll

17:34:26.0787 6928 TermService - ok

17:34:26.0818 6928 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll

17:34:26.0834 6928 Themes - ok

17:34:26.0880 6928 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll

17:34:26.0912 6928 THREADORDER - ok

17:34:26.0990 6928 [ 3e24b7fe52bc455da8d6e2cc2b4ca23f ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys

17:34:27.0005 6928 tifsfilter - ok

17:34:27.0114 6928 [ ebbaea02f0095a798000c7e06b16d41b ] timounter C:\Windows\system32\DRIVERS\timntr.sys

17:34:27.0146 6928 timounter - ok

17:34:27.0161 6928 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll

17:34:27.0224 6928 TrkWks - ok

17:34:27.0317 6928 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

17:34:27.0364 6928 TrustedInstaller - ok

17:34:27.0426 6928 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

17:34:27.0473 6928 tssecsrv - ok

17:34:27.0551 6928 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

17:34:27.0582 6928 TsUsbFlt - ok

17:34:27.0645 6928 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

17:34:27.0692 6928 tunnel - ok

17:34:27.0738 6928 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

17:34:27.0754 6928 uagp35 - ok

17:34:27.0816 6928 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

17:34:27.0863 6928 udfs - ok

17:34:27.0910 6928 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

17:34:27.0941 6928 UI0Detect - ok

17:34:27.0988 6928 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

17:34:27.0988 6928 uliagpkx - ok

17:34:28.0050 6928 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

17:34:28.0066 6928 umbus - ok

17:34:28.0128 6928 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

17:34:28.0191 6928 UmPass - ok

17:34:28.0269 6928 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll

17:34:28.0316 6928 UmRdpService - ok

17:34:28.0409 6928 [ 9dc07e73a4abb9acf692113b36a5009f ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys

17:34:28.0409 6928 UnlockerDriver5 - ok

17:34:28.0456 6928 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll

17:34:28.0518 6928 upnphost - ok

17:34:28.0628 6928 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

17:34:28.0643 6928 usbccgp - ok

17:34:28.0768 6928 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

17:34:28.0799 6928 usbcir - ok

17:34:28.0877 6928 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys

17:34:28.0924 6928 usbehci - ok

17:34:28.0971 6928 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

17:34:28.0986 6928 usbhub - ok

17:34:29.0018 6928 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

17:34:29.0064 6928 usbohci - ok

17:34:29.0111 6928 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

17:34:29.0142 6928 usbprint - ok

17:34:29.0189 6928 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:34:29.0220 6928 USBSTOR - ok

17:34:29.0236 6928 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

17:34:29.0252 6928 usbuhci - ok

17:34:29.0330 6928 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

17:34:29.0345 6928 usbvideo - ok

17:34:29.0392 6928 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll

17:34:29.0454 6928 UxSms - ok

17:34:29.0486 6928 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe

17:34:29.0501 6928 VaultSvc - ok

17:34:29.0579 6928 [ 9024e915f803431e2c2c85070dc919fb ] VCam_WDM C:\Windows\system32\DRIVERS\VCam_WDM.sys

17:34:29.0595 6928 VCam_WDM - ok

17:34:29.0657 6928 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

17:34:29.0673 6928 vdrvroot - ok

17:34:29.0720 6928 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe

17:34:29.0798 6928 vds - ok

17:34:29.0829 6928 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

17:34:29.0844 6928 vga - ok

17:34:29.0860 6928 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys

17:34:29.0907 6928 VgaSave - ok

17:34:29.0954 6928 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

17:34:29.0969 6928 vhdmp - ok

17:34:29.0985 6928 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys

17:34:30.0000 6928 viaide - ok

17:34:30.0016 6928 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys

17:34:30.0032 6928 vmbus - ok

17:34:30.0063 6928 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

17:34:30.0110 6928 VMBusHID - ok

17:34:30.0125 6928 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

17:34:30.0141 6928 volmgr - ok

17:34:30.0203 6928 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

17:34:30.0219 6928 volmgrx - ok

17:34:30.0234 6928 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

17:34:30.0266 6928 volsnap - ok

17:34:30.0312 6928 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

17:34:30.0328 6928 vsmraid - ok

17:34:30.0406 6928 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe

17:34:30.0468 6928 VSS - ok

17:34:30.0484 6928 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

17:34:30.0531 6928 vwifibus - ok

17:34:30.0562 6928 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

17:34:30.0593 6928 vwififlt - ok

17:34:30.0656 6928 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll

17:34:30.0718 6928 W32Time - ok

17:34:30.0749 6928 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

17:34:30.0796 6928 WacomPen - ok

17:34:30.0843 6928 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

17:34:30.0905 6928 WANARP - ok

17:34:30.0905 6928 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

17:34:30.0936 6928 Wanarpv6 - ok

17:34:31.0014 6928 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

17:34:31.0077 6928 WatAdminSvc - ok

17:34:31.0155 6928 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe

17:34:31.0233 6928 wbengine - ok

17:34:31.0280 6928 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

17:34:31.0295 6928 WbioSrvc - ok

17:34:31.0358 6928 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll

17:34:31.0404 6928 wcncsvc - ok

17:34:31.0436 6928 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

17:34:31.0482 6928 WcsPlugInService - ok

17:34:31.0514 6928 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys

17:34:31.0529 6928 Wd - ok

17:34:31.0560 6928 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

17:34:31.0592 6928 Wdf01000 - ok

17:34:31.0607 6928 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll

17:34:31.0654 6928 WdiServiceHost - ok

17:34:31.0654 6928 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll

17:34:31.0685 6928 WdiSystemHost - ok

17:34:31.0716 6928 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll

17:34:31.0763 6928 WebClient - ok

17:34:31.0794 6928 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll

17:34:31.0872 6928 Wecsvc - ok

17:34:31.0919 6928 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

17:34:31.0950 6928 wercplsupport - ok

17:34:32.0060 6928 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll

17:34:32.0106 6928 WerSvc - ok

17:34:32.0184 6928 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

17:34:32.0216 6928 WfpLwf - ok

17:34:32.0231 6928 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys

17:34:32.0247 6928 WIMMount - ok

17:34:32.0278 6928 WinDefend - ok

17:34:32.0309 6928 WinHttpAutoProxySvc - ok

17:34:32.0668 6928 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

17:34:32.0730 6928 Winmgmt - ok

17:34:32.0824 6928 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll

17:34:32.0933 6928 WinRM - ok

17:34:32.0996 6928 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

17:34:33.0027 6928 WinUsb - ok

17:34:33.0105 6928 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll

17:34:33.0167 6928 Wlansvc - ok

17:34:33.0323 6928 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

17:34:33.0417 6928 wlidsvc - ok

17:34:33.0432 6928 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

17:34:33.0448 6928 WmiAcpi - ok

17:34:33.0526 6928 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

17:34:33.0573 6928 wmiApSrv - ok

17:34:33.0651 6928 WMPNetworkSvc - ok

17:34:33.0729 6928 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll

17:34:33.0744 6928 WPCSvc - ok

17:34:33.0807 6928 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

17:34:33.0822 6928 WPDBusEnum - ok

17:34:33.0869 6928 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

17:34:33.0932 6928 ws2ifsl - ok

17:34:33.0963 6928 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll

17:34:34.0010 6928 wscsvc - ok

17:34:34.0010 6928 WSearch - ok

17:34:34.0119 6928 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll

17:34:34.0212 6928 wuauserv - ok

17:34:34.0228 6928 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

17:34:34.0275 6928 WudfPf - ok

17:34:34.0353 6928 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

17:34:34.0400 6928 WUDFRd - ok

17:34:34.0446 6928 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

17:34:34.0478 6928 wudfsvc - ok

17:34:34.0556 6928 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll

17:34:34.0602 6928 WwanSvc - ok

17:34:34.0634 6928 ================ Scan global ===============================

17:34:34.0665 6928 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll

17:34:34.0727 6928 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

17:34:34.0743 6928 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll

17:34:34.0805 6928 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll

17:34:34.0868 6928 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe

17:34:34.0883 6928 [Global] - ok

17:34:34.0883 6928 ================ Scan MBR ==================================

17:34:34.0899 6928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:34:35.0211 6928 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

17:34:35.0211 6928 \Device\Harddisk0\DR0 - detected TDSS File System (1)

17:34:35.0211 6928 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

17:34:35.0336 6928 \Device\Harddisk1\DR1 - ok

17:34:35.0336 6928 ================ Scan VBR ==================================

17:34:35.0336 6928 Boot (0x1200) (0972217551a19403177fc59ed8c0ce89) \Device\Harddisk0\DR0\Partition1

17:34:35.0336 6928 \Device\Harddisk0\DR0\Partition1 - ok

17:34:35.0382 6928 Boot (0x1200) (abe555372148aa19a32770168519f139) \Device\Harddisk0\DR0\Partition2

17:34:35.0382 6928 \Device\Harddisk0\DR0\Partition2 - ok

17:34:35.0382 6928 Boot (0x1200) (fe47a97d63a32b419e95cffdbe1cc837) \Device\Harddisk0\DR0\Partition3

17:34:35.0398 6928 \Device\Harddisk0\DR0\Partition3 - ok

17:34:35.0429 6928 Boot (0x1200) (01dd55527dee2b8c095d5f815e532b15) \Device\Harddisk0\DR0\Partition4

17:34:35.0429 6928 \Device\Harddisk0\DR0\Partition4 - ok

17:34:35.0429 6928 Boot (0x1200) (5929ee8b48f1c4bff5c15d5aa14661d5) \Device\Harddisk1\DR1\Partition1

17:34:35.0445 6928 \Device\Harddisk1\DR1\Partition1 - ok

17:34:35.0445 6928 ============================================================

17:34:35.0445 6928 Scan finished

17:34:35.0445 6928 ============================================================

17:34:35.0445 3508 Detected object count: 5

17:34:35.0445 3508 Actual detected object count: 5

17:35:53.0679 3508 AIPS ( UnsignedFile.Multi.Generic ) - skipped by user

17:35:53.0679 3508 AIPS ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:35:53.0679 3508 ATITool ( UnsignedFile.Multi.Generic ) - skipped by user

17:35:53.0679 3508 ATITool ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:35:53.0695 3508 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:35:53.0695 3508 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:35:53.0695 3508 sptd ( LockedFile.Multi.Generic ) - skipped by user

17:35:53.0695 3508 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

17:35:53.0695 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:35:53.0695 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

17:35:53.0695 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

17:35:53.0695 3508 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

Sorry about the delay. I ran ComboFix in safe mode. However, the suspect files are still there. The ComboFix log:

ComboFix 12-08-20.02 - Andy 20/08/2012 19:06:31.2.2 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6109.4697 [GMT 1:00]

Running from: c:\users\Andy\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andy\AppData\Roaming\data.dat

c:\users\Andy\AppData\Roaming\s.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-20 18:13 . 2012-08-20 18:13 -------- d-----w- c:\users\Mcx1-ANDY-PC\AppData\Local\temp

2012-08-20 18:13 . 2012-08-20 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-20 18:13 . 2012-08-20 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-08-19 22:24 . 2012-08-19 22:24 -------- d-----w- C:\Casino

2012-08-19 18:34 . 2012-08-19 18:34 -------- d-----w- c:\windows\Broadband Download Monitor

2012-08-19 17:46 . 2012-08-19 19:20 -------- d-----w- c:\programdata\Bittorrent Anonymizer

2012-08-19 17:46 . 2012-08-19 17:46 -------- d-----w- c:\program files (x86)\Bittorrent Anonymizer

2012-08-19 03:28 . 2012-08-19 16:31 -------- d-----w- c:\users\Andy\AppData\Roaming\uTorrent

2012-08-19 03:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset

2012-08-19 03:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.copy

2012-08-19 00:10 . 2012-08-19 00:14 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2

2012-08-18 23:42 . 2012-08-19 20:25 -------- d-----w- c:\programdata\CPA_VA

2012-08-18 23:33 . 2012-08-18 23:51 -------- d-----w- c:\programdata\Comodo

2012-08-18 23:33 . 2012-08-18 23:33 -------- d-----w- c:\program files\COMODO

2012-08-18 19:38 . 2012-08-18 19:38 -------- d-----w- c:\users\Andy\AppData\Local\Tor

2012-08-18 19:38 . 2012-08-20 13:51 -------- d-----w- c:\users\Andy\AppData\Local\Vidalia

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\users\Andy\AppData\Roaming\QFX Software

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\programdata\QFX Software

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\program files (x86)\KeyScrambler

2012-08-18 18:51 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2012-08-17 12:41 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3F3DCDE-E03B-48E6-B7B3-DB70A950FFEB}\mpengine.dll

2012-08-10 01:20 . 2012-08-10 01:20 -------- d-----w- c:\users\Andy\AppData\Roaming\dvdcss

2012-08-04 00:31 . 2012-08-04 00:31 -------- d-----w- c:\program files (x86)\Intelore

2012-08-01 15:58 . 2012-08-01 16:08 -------- d-----r- c:\program files (x86)\CHANNEL5

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-26 17:11 . 2012-07-26 17:12 -------- d-----w- c:\program files (x86)\MonitorBright

2012-07-24 22:18 . 2012-07-24 22:18 -------- d-----w- c:\users\Andy\AppData\Local\JockerSoft

2012-07-22 12:07 . 2012-07-22 12:07 -------- d-----w- c:\users\Andy\AppData\Roaming\Bigasoft Total Video Converter

2012-07-22 12:05 . 2012-07-22 12:05 -------- d-----w- c:\program files (x86)\Bigasoft

2012-07-22 11:38 . 2012-07-22 11:38 -------- d-----w- c:\users\Andy\AppData\Roaming\Softplicity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-20 16:55 . 2011-08-10 16:02 6656 ----a-w- c:\windows\system32\lpcio.dll

2012-08-16 00:10 . 2012-04-05 17:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-16 00:10 . 2011-06-09 01:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 22:01 . 2010-11-16 04:21 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-10 02:48 . 2012-07-10 02:48 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2012-07-03 12:46 . 2011-01-05 21:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-09 05:43 . 2012-07-11 17:10 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 17:10 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 17:10 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 17:10 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 17:10 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 17:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 17:10 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-03 17:51 . 2012-06-03 17:51 119808 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}\icons.exe

2012-06-02 22:19 . 2012-06-23 15:12 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 15:13 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-23 15:13 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 15:13 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 15:12 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-23 15:13 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-23 15:12 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-23 15:12 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:15 . 2012-06-23 15:12 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 17:10 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 17:10 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 17:10 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 17:10 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 17:10 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 17:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 17:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 17:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 17:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 11:25 . 2010-11-16 01:52 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-25 11:25 . 2012-07-20 13:33 104120 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys

2011-09-21 10:22 . 2011-09-21 10:22 400840 ----a-w- c:\program files (x86)\atomic.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-20_17.42.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-08-20 17:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-20 18:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-20 18:15 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-20 18:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-16 01:25 . 2012-08-20 17:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-16 01:25 . 2012-08-20 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-16 01:25 . 2012-08-20 17:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-16 01:25 . 2012-08-20 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-20 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-08-20 18:14 . 2012-08-20 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-20 17:41 . 2012-08-20 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-20 17:41 . 2012-08-20 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-20 18:14 . 2012-08-20 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"camchat"="c:\users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe" [2011-04-11 704512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2012-03-08 432952]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2012-05-10 30240]

.

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-11-16 3450608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-25 1994832]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAVolume"= 0 (0x0)

"TaskbarNoThumbnail"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2008-10-16 759072]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]

R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-21 140672]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]

R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]

R3 ATICDSDr;ATICDSDr;c:\users\Andy\AppData\Local\Temp\ATICDSDr.sys [x]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]

R3 GPU-Z;GPU-Z;c:\users\Andy\AppData\Local\Temp\GPU-Z.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-01-19 25504]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720]

R3 Tcpz-x64;Tcpz-x64;c:\users\Andy\AppData\Local\Temp\Tcpz-x64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VCam_WDM;Fake Webcam 7.2;c:\windows\system32\DRIVERS\VCam_WDM.sys [2012-05-25 104120]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-16 1255736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-16 834544]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-05-26 1263200]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-26 3246040]

S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-28 262144]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-26 285280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [2010-11-16 4608]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-07-30 406056]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 08:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 08:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757025443-2415963681-3535841810-1001Core.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 06:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757025443-2415963681-3535841810-1001UA.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 06:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 309760]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

IE: Download with &CruxP2P - c:\program files (x86)\Crux P2P\RazaWebHook32.dll/3000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}: NameServer = 87.194.255.154,87.194.255.155

FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\6629k6oz.andy\

FF - prefs.js: browser.startup.homepage - hxxps://portal.shef.ac.uk/cp/home/displaylogin

FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&rls=org.mozilla:en-US:official&client=firefox-a&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\05\06\13\0c)5?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

.

**************************************************************************

.

Completion time: 2012-08-20 19:21:13 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 18:21

ComboFix2.txt 2012-08-20 17:49

.

Pre-Run: 4,127,592,448 bytes free

Post-Run: 3,998,789,632 bytes free

.

- - End Of File - - AA97E0749E63AC1177595017B1E5681B

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

I thought it would be this file as it has a bogus Adobe icon, yet no copyright information when I checked the file properties. The URL: is:

https://www.virustotal.com/file/a257c7e31548a76e478e4c9aa50734ad200b0b98d7a93edbc432fe6121a90dd4/analysis/1345503221/

Incidentally, after using Combofix, my wireless wont work. That's a minor issue though that can be resolved later.

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Andy\AppData\Roaming\camchatplugin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"camchat"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

Ok, here's the log:

ComboFix 12-08-20.02 - Andy 21/08/2012 0:26.3.2 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.6109.5250 [GMT 1:00]

Running from: c:\users\Andy\Desktop\ComboFix.exe

Command switches used :: c:\users\Andy\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andy\AppData\Roaming\camchatplugin

c:\users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe

c:\users\Andy\AppData\Roaming\camchatplugin\MSWINSCK.OCX

c:\users\Andy\AppData\Roaming\data.dat

.

.

((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))

.

.

2012-08-20 23:32 . 2012-08-20 23:32 -------- d-----w- c:\users\Mcx1-ANDY-PC\AppData\Local\temp

2012-08-20 23:32 . 2012-08-20 23:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-20 23:32 . 2012-08-20 23:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-08-20 18:58 . 2012-08-20 18:58 -------- d-----w- c:\program files (x86)\WinPalace

2012-08-19 22:24 . 2012-08-20 20:19 -------- d-----w- C:\Casino

2012-08-19 18:34 . 2012-08-19 18:34 -------- d-----w- c:\windows\Broadband Download Monitor

2012-08-19 17:46 . 2012-08-19 19:20 -------- d-----w- c:\programdata\Bittorrent Anonymizer

2012-08-19 17:46 . 2012-08-19 17:46 -------- d-----w- c:\program files (x86)\Bittorrent Anonymizer

2012-08-19 03:28 . 2012-08-19 16:31 -------- d-----w- c:\users\Andy\AppData\Roaming\uTorrent

2012-08-19 03:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpipreset

2012-08-19 03:15 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.copy

2012-08-19 00:10 . 2012-08-19 00:14 -------- d-----w- c:\program files (x86)\Cheat Engine 6.2

2012-08-18 23:42 . 2012-08-19 20:25 -------- d-----w- c:\programdata\CPA_VA

2012-08-18 23:33 . 2012-08-18 23:51 -------- d-----w- c:\programdata\Comodo

2012-08-18 23:33 . 2012-08-18 23:33 -------- d-----w- c:\program files\COMODO

2012-08-18 19:38 . 2012-08-18 19:38 -------- d-----w- c:\users\Andy\AppData\Local\Tor

2012-08-18 19:38 . 2012-08-20 13:51 -------- d-----w- c:\users\Andy\AppData\Local\Vidalia

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\users\Andy\AppData\Roaming\QFX Software

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\programdata\QFX Software

2012-08-18 18:51 . 2012-08-18 18:51 -------- d-----w- c:\program files (x86)\KeyScrambler

2012-08-18 18:51 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2012-08-17 12:41 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3F3DCDE-E03B-48E6-B7B3-DB70A950FFEB}\mpengine.dll

2012-08-10 01:20 . 2012-08-10 01:20 -------- d-----w- c:\users\Andy\AppData\Roaming\dvdcss

2012-08-04 00:31 . 2012-08-04 00:31 -------- d-----w- c:\program files (x86)\Intelore

2012-08-01 15:58 . 2012-08-01 16:08 -------- d-----r- c:\program files (x86)\CHANNEL5

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-07-26 17:11 . 2012-07-26 17:12 -------- d-----w- c:\program files (x86)\MonitorBright

2012-07-24 22:18 . 2012-07-24 22:18 -------- d-----w- c:\users\Andy\AppData\Local\JockerSoft

2012-07-22 12:07 . 2012-07-22 12:07 -------- d-----w- c:\users\Andy\AppData\Roaming\Bigasoft Total Video Converter

2012-07-22 12:05 . 2012-07-22 12:05 -------- d-----w- c:\program files (x86)\Bigasoft

2012-07-22 11:38 . 2012-07-22 11:38 -------- d-----w- c:\users\Andy\AppData\Roaming\Softplicity

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-20 16:55 . 2011-08-10 16:02 6656 ----a-w- c:\windows\system32\lpcio.dll

2012-08-16 00:10 . 2012-04-05 17:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-16 00:10 . 2011-06-09 01:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 22:01 . 2010-11-16 04:21 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-10 02:48 . 2012-07-10 02:48 41704 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2012-07-03 12:46 . 2011-01-05 21:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 15:04 . 2012-06-25 15:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-09 05:43 . 2012-07-11 17:10 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 17:10 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 17:10 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 17:10 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 17:10 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 17:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 17:10 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-03 17:51 . 2012-06-03 17:51 119808 ----a-r- c:\users\Andy\AppData\Roaming\Microsoft\Installer\{F92064F6-BDE8-46FC-A19F-4E12D311BE3A}\icons.exe

2012-06-02 22:19 . 2012-06-23 15:12 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 15:13 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-23 15:13 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 15:13 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 15:12 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-23 15:13 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-23 15:12 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-23 15:12 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:15 . 2012-06-23 15:12 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 17:10 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 17:10 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 17:10 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 17:10 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 17:10 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 17:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 17:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 17:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 17:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 11:25 . 2010-11-16 01:52 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-25 11:25 . 2012-07-20 13:33 104120 ----a-w- c:\windows\system32\drivers\VCam_WDM.sys

2011-09-21 10:22 . 2011-09-21 10:22 400840 ----a-w- c:\program files (x86)\atomic.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-20_17.42.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-08-20 17:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-20 23:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:43 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-20 23:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-20 23:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:43 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-16 03:26 . 2012-08-20 18:21 65416 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-20 18:21 48178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-11-16 01:36 . 2012-08-20 18:21 17030 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1757025443-2415963681-3535841810-1001_UserData.bin

+ 2010-11-16 01:25 . 2012-08-20 23:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-16 01:25 . 2012-08-20 17:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-16 01:25 . 2012-08-20 17:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-16 01:25 . 2012-08-20 23:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-20 17:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-20 23:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-16 01:35 . 2012-08-20 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-16 01:35 . 2012-08-20 17:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-16 01:35 . 2012-08-20 18:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-11-16 01:35 . 2012-08-20 17:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-11-16 01:35 . 2012-08-20 17:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-16 01:35 . 2012-08-20 18:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-16 01:35 . 2012-08-20 17:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-16 01:35 . 2012-08-20 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-16 01:35 . 2012-08-20 17:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-16 01:35 . 2012-08-20 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-08-20 18:58 . 2012-08-20 18:58 65536 c:\windows\Installer\{817662b3-3cff-40a0-97ac-1dc3bc0f14d7}\ARPPRODUCTICON.exe

- 2012-08-20 17:41 . 2012-08-20 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-20 23:35 . 2012-08-20 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-20 17:41 . 2012-08-20 17:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-20 23:35 . 2012-08-20 23:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:45 . 2012-08-15 23:18 431008 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 04:45 . 2012-08-20 23:20 431008 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 05:12 . 2012-08-16 21:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-08-20 22:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2012-08-20 18:57 . 2012-08-20 18:57 2612224 c:\windows\Installer\286b23.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2012-03-08 432952]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AlterGeoUpdater"="c:\programdata\AlterGeo\Update for Html5 geolocation provider\html5locsvc.exe" [2012-05-10 30240]

.

c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-11-16 3450608]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-25 1994832]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAVolume"= 0 (0x0)

"TaskbarNoThumbnail"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-21 140672]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 250056]

R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]

R3 ATICDSDr;ATICDSDr;c:\users\Andy\AppData\Local\Temp\ATICDSDr.sys [x]

R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]

R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-21 54320]

R3 GPU-Z;GPU-Z;c:\users\Andy\AppData\Local\Temp\GPU-Z.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]

R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]

R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-01-19 25504]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-18 30720]

R3 Tcpz-x64;Tcpz-x64;c:\users\Andy\AppData\Local\Temp\Tcpz-x64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VCam_WDM;Fake Webcam 7.2;c:\windows\system32\DRIVERS\VCam_WDM.sys [2012-05-25 104120]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-16 1255736]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-12-03 69152]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-16 834544]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-05-26 1263200]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files (x86)\ABBYY Screenshot Reader\NetworkLicenseServer.exe [2008-10-16 759072]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-26 3246040]

S2 AIPS;Arp Intelligent Protection Service;c:\program files (x86)\netcut\services\AIPS.exe [2011-07-28 262144]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]

S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-26 285280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys [2010-11-16 4608]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-07-30 406056]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-12-15 222904]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:10]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 08:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 08:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757025443-2415963681-3535841810-1001Core.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 06:54]

.

2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757025443-2415963681-3535841810-1001UA.job

- c:\users\Andy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-16 06:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Andy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 14:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-10 309760]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

uInternet Settings,ProxyOverride = localhost;127.0.0.1;<local>

IE: Download with &CruxP2P - c:\program files (x86)\Crux P2P\RazaWebHook32.dll/3000

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EF8884C2-6A38-4930-A274-543016BA066C}: NameServer = 87.194.255.154,87.194.255.155

FF - ProfilePath - c:\users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\6629k6oz.andy\

FF - prefs.js: browser.startup.homepage - hxxps://portal.shef.ac.uk/cp/home/displaylogin

FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?ie=UTF-8&oe=UTF-8&rls=org.mozilla:en-US:official&client=firefox-a&sourceid=navclient&gfns=1&q=

FF - prefs.js: network.proxy.ftp_port - 80

FF - prefs.js: network.proxy.gopher_port - 80

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.socks_port - 80

FF - prefs.js: network.proxy.ssl_port - 80

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\05\06\13\0c)5?"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

.

**************************************************************************

.

Completion time: 2012-08-21 00:42:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-20 23:42

ComboFix2.txt 2012-08-20 18:21

ComboFix3.txt 2012-08-20 17:49

.

Pre-Run: 8,268,025,856 bytes free

Post-Run: 8,153,067,520 bytes free

.

- - End Of File - - 153B9F63F15099FA5E0A892F73C1E7FD

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

I've also carried out another MBAM scan and it didn't pick up anything this time (log below). Hopefully the main problem may be solved. I'll await your final say before getting too excited. In other news, I've also solved the wireless conectivity issue. : )

MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Andy :: ANDY-PC [administrator]

21/08/2012 00:51:49

mbam-log-2012-08-21 (00-51-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226072

Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

Here's the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-21 02:35:20

# local_time=2012-08-21 03:35:21 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 51295598 51295598 0 0

# compatibility_mode=770 16774141 100 100 55676609 122259595 0 0

# compatibility_mode=3073 16777213 80 71 220458 21239337 0 0

# compatibility_mode=5893 16776573 100 94 3913 98018373 0 0

# compatibility_mode=8192 67108863 100 0 223 223 0 0

# scanned=263649

# found=4

# cleaned=4

# scan_time=6397

C:\Qoobox\Quarantine\C\Users\Andy\AppData\Roaming\s.exe.vir a variant of Win32/Injector.FRK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\Andy\AppData\Roaming\camchatplugin\camchatplugin.exe.vir a variant of Win32/Injector.FRK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

G:\Downloads & Setup Files\Setup Files\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

G:\Downloads & Setup Files\Setup Files\Windows 7 Professional (32 Bit)\Extra Activation Programs\Windows 7 Loader eXtreme Edition 3.5.0.3.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-21 04:11:24

# local_time=2012-08-21 05:11:24 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 51302694 51302694 0 0

# compatibility_mode=770 16774141 100 100 55683705 122266691 0 0

# compatibility_mode=3073 16777213 80 71 227554 21246433 0 0

# compatibility_mode=5893 16776573 100 94 11009 98025469 0 0

# compatibility_mode=8192 67108863 100 0 7319 7319 0 0

# scanned=238065

# found=0

# cleaned=0

# scan_time=5065

Link to post
Share on other sites
andy78

andy78

Posted
  • Author
Posted

I take your point on that. I think the original problem stems from when I lived in a shared house and let anyone use my laptop (not the case any longer). Laptop now seems fine.

Once again, I really appreciate all your help on this. When I get paid at the end of the month I'll make a donation to the cause. You guys do a really good job : )

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks a lot, Andy! I appreciate it! :)

I think the original problem stems from when I lived in a shared house and let anyone use my laptop (not the case any longer).

In this case, it is important to take adequate steps to prevent such problems. For example, you can create a separate account to anyone who uses this laptop to limit its privileges so as not to create problems. You could start from here:

http://forums.malwarebytes.org/index.php?showtopic=104379

Let's clean this mess. Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, manually delete DDS and TDSSKiller. Also, uninstall ESET Online Scanner.

Safe surfing! :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.