MBAM picked up a trojan! (Trojan.ZBotR.gen)

kishmish · April 15, 2013

Hello lovely people,

Totally my fault - I opened a dodgy file without sandboxing it first! MBAM picked up two files as being infected, I deleted those, then rescanned with MBAM (reported clean) and dds. Here are the dds logs:

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2

Run by Kish at 9:38:29 on 2013-04-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8098.5120 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\nlssrv32.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Kish\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Kish\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Users\Kish\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [AdobeBridge] <no file>

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

mRun: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe

mRun: [intel AppUp® center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4

StartupFolder: C:\Users\Kish\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VYPRVP~1.LNK - C:\Windows\System32\schtasks.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - C:\Users\Kish\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: %SYSTEMROOT%\system32\BfLLR.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{08F7EE3E-20F0-4972-9930-61F15F47B987} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{08F7EE3E-20F0-4972-9930-61F15F47B987}\E4544574541425 : DHCPNameServer = 218.248.255.194 218.248.255.146

TCP: Interfaces\{CE838508-1FC4-4376-80D1-695B34FDC227} : DHCPNameServer = 8.8.8.8 8.8.4.4

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 192.168.2.111 MCDSTUFF #Windows Home Server#

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-22 30056]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-3-17 56208]

R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-1 75368]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]

R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-2-1 490496]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-5 71032]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-5 384888]

R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2012-8-30 25832]

R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-24 13336]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-9-6 66560]

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-10-25 632792]

R2 PowerBiosServer;PowerBiosServer;C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768]

R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-8 15552]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-4 3463080]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-16 2656280]

R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]

R2 XMail;XMail Server;C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [2012-3-19 397824]

R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-1 2740328]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-5-30 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-5-28 166576]

R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-9-8 136000]

R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-9-8 409408]

S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2012-12-5 393080]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-12-6 174168]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\System32\drivers\JME.sys [2012-2-14 132624]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-14 19456]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-8-29 31800]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-14 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-14 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-25 1255736]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-04-15 06:25:42 -------- d-----w- C:\Users\Kish\AppData\Roaming\Riyqih

2013-04-15 06:25:42 -------- d-----w- C:\Users\Kish\AppData\Roaming\Imqipa

2013-04-15 06:25:14 -------- d-----w- C:\Users\Kish\AppData\Roaming\Yzogfu

2013-04-15 06:25:14 -------- d-----w- C:\Users\Kish\AppData\Roaming\tor

2013-04-15 06:25:14 -------- d-----w- C:\Users\Kish\AppData\Roaming\Gatis

2013-04-14 18:13:15 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui

2013-04-14 18:06:30 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-04-14 17:57:51 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-04-14 17:57:51 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-04-14 17:57:51 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-04-14 17:57:51 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-04-14 17:57:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-04-14 17:57:50 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-04-14 17:57:50 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-04-14 17:57:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-04-14 17:57:47 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-04-14 07:08:59 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FA0CE7D-BE25-4180-A4BF-4645709274E5}\mpengine.dll

2013-04-13 07:07:05 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-12 08:42:24 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-04-10 20:30:43 -------- d-----w- C:\Users\Kish\AppData\Roaming\uTorrent

2013-04-10 14:46:47 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 14:46:46 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 14:43:42 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 14:43:41 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 14:43:41 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 14:43:41 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 14:43:40 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 14:43:40 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-10 14:43:39 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-30 10:31:48 -------- d-----w- C:\Program Files\iPod

2013-03-30 10:31:47 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-30 10:31:47 -------- d-----w- C:\Program Files\iTunes

2013-03-30 10:31:47 -------- d-----w- C:\Program Files (x86)\iTunes

2013-03-27 14:41:03 -------- d-----w- C:\Users\Kish\AppData\Roaming\Paddy

2013-03-27 08:30:23 -------- d-----w- C:\Windows\pss

2013-03-26 17:14:00 -------- d-----w- C:\Users\Kish\AppData\Roaming\Stardock

2013-03-26 17:13:50 -------- dc-h--w- C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2013-03-26 17:13:48 -------- d-----w- C:\Program Files (x86)\Stardock

2013-03-26 17:13:29 -------- d-----w- C:\Users\Kish\AppData\Local\PackageAware

2013-03-26 13:16:12 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-21 13:33:40 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3C455A3-1BE1-4E48-BBC0-72941F215906}\gapaengine.dll

2013-03-18 18:31:37 -------- d-----w- C:\Program Files (x86)\Stamp

2013-03-18 18:31:32 249856 ------w- C:\Windows\Setup1.exe

2013-03-18 18:31:31 73216 ----a-w- C:\Windows\ST6UNST.EXE

2013-03-18 17:58:38 -------- d-----w- C:\Users\Kish\AppData\Roaming\Nitreal Games

2013-03-18 17:52:23 -------- d-----w- C:\Users\Kish\AppData\Roaming\namexif

2013-03-18 17:52:21 -------- d-----w- C:\Program Files (x86)\Namexif

2013-03-17 17:51:54 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-16 09:14:25 -------- d-----w- C:\Program Files\Image Resizer for Windows

2013-03-16 09:14:25 -------- d-----w- C:\Program Files (x86)\Image Resizer for Windows

.

==================== Find3M ====================

.

2013-04-12 08:37:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-12 08:37:20 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-17 17:51:49 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-17 17:51:49 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-17 17:24:42 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-01-28 11:46:30 176128 ----a-w- C:\Windows\SysWow64\RemoteControl.dll

2013-01-20 14:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 14:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

.

============= FINISH: 9:38:48.76 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 16/03/2012 11:53:06

System Uptime: 15/04/2013 09:31:47 (0 hours ago)

.

Motherboard: CLEVO CO. | | W150HRM

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | SOCKET 0 | 2201/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 699 GiB total, 193.264 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Intel® Display Audio

Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_15581500&REV_1000\4&3E148B9&0&0301

Manufacturer: Intel® Corporation

Name: Intel® Display Audio

PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_15581500&REV_1000\4&3E148B9&0&0301

Service: IntcDAud

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

==== System Restore Points ===================

.

RP242: 12/04/2013 01:08:47 - Scheduled Checkpoint

RP243: 14/04/2013 09:08:38 - Windows Update

RP244: 14/04/2013 20:06:12 - Windows Update

.

==== Installed Programs ======================

.

4K Video Downloader 2.5

Acquia Dev Desktop

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Creative Suite 6 Master Collection

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Media Player

Adobe Photoshop CS5.1

Adobe Photoshop Lightroom 4.3 64-bit

Adobe Reader X (10.1.5)

Adobe Shockwave Player 12.0

Adobe Widget Browser

Advanced Admin Console 2011

Air Video Server 2.4.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

µTorrent

Bigfoot Networks Killer Network Manager

BisonCam

bl

BlueStacks App Player

Bonjour

BookSmart® 3.2.5 3.2.5

BurnAware Free 4.9

Calibrize 2.0

ColorStyler 1.0 (Plugin)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dragon Age: Origins

Dropbox

Dungeon Defenders

DVD Flick 1.3.0.7

DVDFab 8.1.5.9 (20/01/2012) Qt

EPSON SX510W Series Printer Uninstall

F.lux

Fast Duplicate File Finder 3.2.0.1

Fences

FileZilla Client 3.6.0.2

Folder Size 2.8.0.0

Free YouTube Download version 3.1.34.825

Garden Rescue - Christmas Edition

Gardens Inc - From Rakes To Riches

Git version 1.8.1.2-preview20130201

GOG.com Downloader version 3.0.52

Google Chrome

Google Chrome Canary

GrabIt 1.7.2 Beta 6 (build 1008)

HandBrake 0.9.8

Hotkey 3.3017

iCloud

Image Resizer for Windows

Image Resizer for Windows (64 bit)

ImgBurn

Intel AppUp® center

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Java 7 Update 17

Java Auto Updater

Java 6 Update 31

JavaFX 2.1.1

JMicron Ethernet Adapter NDIS Driver

JMicron Flash Media Controller Driver

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

Mimo

MOBZync

Movie Collector

Movie Maker

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

New Yankee in King Arthur's Court 2

Notification Center

NVIDIA Control Panel 310.70

NVIDIA Graphics Driver 310.70

NVIDIA Install Application

NVIDIA Optimus 1.11.3

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Update 1.11.3

NVIDIA Update Components

OpenVPN 2.2.1

Origin

Paddy for Lightroom

Pamela Pro 4.8

PDF Settings CS6

ph

Pharaoh Gold Bundle

Photo Common

Photo Gallery

Protector Suite 2009

PxMergeModule

Python 2.7 pywin32-217

Python 2.7.3

QuickPar 0.9

QuickTime

Realtek High Definition Audio Driver

Registry Mechanic 10.0

ReNamer

Renesas Electronics USB 3.0 Host Controller Driver

Revo Uninstaller Pro 2.5.8

RollerCoaster Tycoon 3 Platinum

SABnzbd 0.7.11

Sandboxie 3.70 (64-bit)

Seagate Dashboard 2.0

Security Update for Microsoft .NET Framework 4.5 (KB2737083)

Security Update for Microsoft .NET Framework 4.5 (KB2742613)

Security Update for Microsoft .NET Framework 4.5 (KB2789648)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sid Meier's Civilization V

Skype™ 6.1

Snapseed

Spotify

Stamp 2.8

Steam

Stronghold 2

Stronghold Crusader Extreme

Stronghold Legends

swMSM

TeamViewer 8

The Elder Scrolls IV: Oblivion

THX TruStudio Pro

TI USB 3.0 Host Controller Driver

TI USB3 Host Driver

Torchlight

TreeSize Free V2.7

Update for Microsoft .NET Framework 4.5 (KB2750147)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VLC media player 2.0.5

Vuze

VyprVPN for Giganews

WinDirStat 1.1.2

Windows Home Server Connector

Windows Home Server Toolkit 1.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR 4.11 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

15/04/2013 09:34:37, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

15/04/2013 09:34:37, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

15/04/2013 09:32:32, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.

15/04/2013 08:31:01, Error: Service Control Manager [7034] - The Seagate Dashboard Services service terminated unexpectedly. It has done this 1 time(s).

15/04/2013 08:30:56, Error: Service Control Manager [7034] - The Windows Media Center TV Archive Transfer Service service terminated unexpectedly. It has done this 1 time(s).

15/04/2013 08:30:50, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

15/04/2013 08:30:36, Error: Service Control Manager [7031] - The Windows Home Server Connector Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

15/04/2013 08:30:32, Error: Service Control Manager [7034] - The XMail Server service terminated unexpectedly. It has done this 1 time(s).

15/04/2013 08:30:28, Error: Service Control Manager [7034] - The BlueStacks Android Service service terminated unexpectedly. It has done this 1 time(s).

15/04/2013 08:29:38, Error: Service Control Manager [7034] - The Dragon Age: Origins - Content Updater service terminated unexpectedly. It has done this 1 time(s).

14/04/2013 14:49:34, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

12/04/2013 08:28:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1490.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/04/2013 08:28:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1490.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

11/04/2013 22:56:47, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

11/04/2013 22:30:00, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

11/04/2013 16:15:45, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

11/04/2013 10:02:44, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

08/04/2013 22:42:47, Error: Microsoft-Windows-RasSstp [1] - CoId={84D5EF45-3452-48B6-8A64-1C24F17EA6B8}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The requested name is valid, but no data of the requested type was found.

08/04/2013 22:41:21, Error: Microsoft-Windows-RasSstp [1] - CoId={9FE1184C-8C37-4D73-AFA2-D0DA3A9ED050}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. No connection could be made because the target machine actively refused it.

.

==== End Of File ===========================

Thanks for your help!

Kish.

Larusso · April 15, 2013

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Please post the most recent Malwarebytes Logfile

Launch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

kishmish · April 15, 2013

Hi Daniel,

Thank you for your help. Here is the latest MBAM scan (I ran one after MBAM removed the initial infection):

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.14.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16521

Kish :: KISH-PC [administrator]

Protection: Enabled

15/04/2013 09:33:06

mbam-log-2013-04-15 (09-33-06).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 233508

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

And here is the TDSSKiller log:

12:19:06.0056 4380 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

12:19:06.0185 4380 ============================================================

12:19:06.0185 4380 Current date / time: 2013/04/15 12:19:06.0185

12:19:06.0185 4380 SystemInfo:

12:19:06.0185 4380

12:19:06.0185 4380 OS Version: 6.1.7601 ServicePack: 1.0

12:19:06.0185 4380 Product type: Workstation

12:19:06.0185 4380 ComputerName: KISH-PC

12:19:06.0185 4380 UserName: Kish

12:19:06.0185 4380 Windows directory: C:\Windows

12:19:06.0185 4380 System windows directory: C:\Windows

12:19:06.0185 4380 Running under WOW64

12:19:06.0185 4380 Processor architecture: Intel x64

12:19:06.0185 4380 Number of processors: 8

12:19:06.0185 4380 Page size: 0x1000

12:19:06.0185 4380 Boot type: Normal boot

12:19:06.0185 4380 ============================================================

12:19:06.0782 4380 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:19:06.0825 4380 ============================================================

12:19:06.0825 4380 \Device\Harddisk0\DR0:

12:19:06.0826 4380 MBR partitions:

12:19:06.0826 4380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

12:19:06.0826 4380 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000

12:19:06.0826 4380 ============================================================

12:19:06.0885 4380 C: <-> \Device\Harddisk0\DR0\Partition2

12:19:06.0885 4380 ============================================================

12:19:06.0885 4380 Initialize success

12:19:06.0885 4380 ============================================================

12:20:10.0323 3528 ============================================================

12:20:10.0323 3528 Scan started

12:20:10.0323 3528 Mode: Manual;

12:20:10.0323 3528 ============================================================

12:20:10.0548 3528 ================ Scan system memory ========================

12:20:10.0549 3528 System memory - ok

12:20:10.0549 3528 ================ Scan services =============================

12:20:10.0627 3528 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:20:10.0629 3528 1394ohci - ok

12:20:10.0642 3528 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:20:10.0645 3528 ACPI - ok

12:20:10.0662 3528 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:20:10.0663 3528 AcpiPmi - ok

12:20:10.0761 3528 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:20:10.0761 3528 AdobeARMservice - ok

12:20:10.0877 3528 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:20:10.0879 3528 AdobeFlashPlayerUpdateSvc - ok

12:20:10.0917 3528 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

12:20:10.0921 3528 adp94xx - ok

12:20:10.0938 3528 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

12:20:10.0941 3528 adpahci - ok

12:20:10.0962 3528 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

12:20:10.0964 3528 adpu320 - ok

12:20:10.0984 3528 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:20:10.0985 3528 AeLookupSvc - ok

12:20:11.0038 3528 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

12:20:11.0042 3528 AFD - ok

12:20:11.0056 3528 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:20:11.0057 3528 agp440 - ok

12:20:11.0112 3528 [ 9725E7266CC9ABC475CA3762CECA6444 ] Ak27x64 C:\Windows\system32\DRIVERS\Ak27x64.sys

12:20:11.0155 3528 Ak27x64 - ok

12:20:11.0175 3528 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:20:11.0176 3528 ALG - ok

12:20:11.0178 3528 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:20:11.0179 3528 aliide - ok

12:20:11.0194 3528 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:20:11.0195 3528 amdide - ok

12:20:11.0212 3528 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

12:20:11.0214 3528 AmdK8 - ok

12:20:11.0217 3528 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

12:20:11.0218 3528 AmdPPM - ok

12:20:11.0222 3528 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:20:11.0223 3528 amdsata - ok

12:20:11.0228 3528 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

12:20:11.0230 3528 amdsbs - ok

12:20:11.0232 3528 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:20:11.0233 3528 amdxata - ok

12:20:11.0247 3528 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:20:11.0248 3528 AppID - ok

12:20:11.0263 3528 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:20:11.0264 3528 AppIDSvc - ok

12:20:11.0271 3528 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:20:11.0272 3528 Appinfo - ok

12:20:11.0408 3528 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:20:11.0409 3528 Apple Mobile Device - ok

12:20:11.0422 3528 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

12:20:11.0424 3528 arc - ok

12:20:11.0426 3528 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

12:20:11.0428 3528 arcsas - ok

12:20:11.0474 3528 [ 9149EC69ACD3EFC97B01D5A1BAEB3B57 ] arXfrSvc C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

12:20:11.0476 3528 arXfrSvc - ok

12:20:11.0550 3528 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:20:11.0551 3528 aspnet_state - ok

12:20:11.0579 3528 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:20:11.0580 3528 AsyncMac - ok

12:20:11.0591 3528 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:20:11.0592 3528 atapi - ok

12:20:11.0608 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:20:11.0614 3528 AudioEndpointBuilder - ok

12:20:11.0627 3528 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:20:11.0630 3528 AudioSrv - ok

12:20:11.0635 3528 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:20:11.0636 3528 AxInstSV - ok

12:20:11.0669 3528 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

12:20:11.0673 3528 b06bdrv - ok

12:20:11.0687 3528 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:20:11.0690 3528 b57nd60a - ok

12:20:11.0699 3528 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:20:11.0701 3528 BDESVC - ok

12:20:11.0716 3528 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:20:11.0717 3528 Beep - ok

12:20:11.0752 3528 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

12:20:11.0758 3528 BFE - ok

12:20:11.0778 3528 [ B6CB0C7A0EA9DEE5B7DB2DF0CF2A6625 ] BfLwf C:\Windows\system32\DRIVERS\bflwfx64.sys

12:20:11.0779 3528 BfLwf - ok

12:20:11.0875 3528 [ 0CB778BD8DEA06787C33B5577029802C ] Bigfoot Networks Killer Service C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe

12:20:11.0883 3528 Bigfoot Networks Killer Service - ok

12:20:11.0912 3528 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

12:20:11.0919 3528 BITS - ok

12:20:11.0931 3528 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:20:11.0932 3528 blbdrive - ok

12:20:11.0997 3528 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

12:20:12.0001 3528 Bonjour Service - ok

12:20:12.0004 3528 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:20:12.0006 3528 bowser - ok

12:20:12.0008 3528 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

12:20:12.0009 3528 BrFiltLo - ok

12:20:12.0017 3528 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

12:20:12.0018 3528 BrFiltUp - ok

12:20:12.0022 3528 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

12:20:12.0024 3528 Browser - ok

12:20:12.0033 3528 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:20:12.0036 3528 Brserid - ok

12:20:12.0042 3528 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:20:12.0043 3528 BrSerWdm - ok

12:20:12.0045 3528 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:20:12.0046 3528 BrUsbMdm - ok

12:20:12.0048 3528 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:20:12.0049 3528 BrUsbSer - ok

12:20:12.0078 3528 [ 9D7B3E989AED3DE53B13E514D3D3FDD2 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe

12:20:12.0082 3528 BstHdAndroidSvc - ok

12:20:12.0102 3528 [ 82D92C0DF7FDA102E10D0E653316EB8A ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys

12:20:12.0103 3528 BstHdDrv - ok

12:20:12.0121 3528 [ 4CA44453E9DD74FB2210A198B28199CD ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

12:20:12.0124 3528 BstHdLogRotatorSvc - ok

12:20:12.0127 3528 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

12:20:12.0128 3528 BTHMODEM - ok

12:20:12.0142 3528 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:20:12.0143 3528 bthserv - ok

12:20:12.0183 3528 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:20:12.0184 3528 cdfs - ok

12:20:12.0208 3528 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:20:12.0210 3528 cdrom - ok

12:20:12.0219 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:20:12.0220 3528 CertPropSvc - ok

12:20:12.0223 3528 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

12:20:12.0225 3528 circlass - ok

12:20:12.0240 3528 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:20:12.0243 3528 CLFS - ok

12:20:12.0267 3528 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:20:12.0269 3528 clr_optimization_v2.0.50727_32 - ok

12:20:12.0284 3528 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:20:12.0286 3528 clr_optimization_v2.0.50727_64 - ok

12:20:12.0326 3528 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:20:12.0328 3528 clr_optimization_v4.0.30319_32 - ok

12:20:12.0332 3528 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:20:12.0333 3528 clr_optimization_v4.0.30319_64 - ok

12:20:12.0354 3528 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:20:12.0355 3528 CmBatt - ok

12:20:12.0358 3528 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:20:12.0358 3528 cmdide - ok

12:20:12.0381 3528 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

12:20:12.0385 3528 CNG - ok

12:20:12.0402 3528 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:20:12.0403 3528 Compbatt - ok

12:20:12.0421 3528 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

12:20:12.0422 3528 CompositeBus - ok

12:20:12.0425 3528 COMSysApp - ok

12:20:12.0485 3528 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

12:20:12.0487 3528 cphs - ok

12:20:12.0507 3528 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

12:20:12.0508 3528 crcdisk - ok

12:20:12.0532 3528 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:20:12.0534 3528 CryptSvc - ok

12:20:12.0572 3528 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

12:20:12.0572 3528 DAUpdaterSvc - ok

12:20:12.0596 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:20:12.0601 3528 DcomLaunch - ok

12:20:12.0620 3528 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:20:12.0623 3528 defragsvc - ok

12:20:12.0635 3528 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:20:12.0637 3528 DfsC - ok

12:20:12.0651 3528 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:20:12.0654 3528 Dhcp - ok

12:20:12.0661 3528 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:20:12.0661 3528 discache - ok

12:20:12.0671 3528 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

12:20:12.0672 3528 Disk - ok

12:20:12.0702 3528 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:20:12.0704 3528 Dnscache - ok

12:20:12.0717 3528 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:20:12.0720 3528 dot3svc - ok

12:20:12.0731 3528 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:20:12.0733 3528 DPS - ok

12:20:12.0756 3528 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:20:12.0757 3528 drmkaud - ok

12:20:12.0774 3528 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:20:12.0792 3528 DXGKrnl - ok

12:20:12.0802 3528 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:20:12.0804 3528 EapHost - ok

12:20:12.0858 3528 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

12:20:12.0908 3528 ebdrv - ok

12:20:12.0919 3528 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

12:20:12.0921 3528 EFS - ok

12:20:12.0964 3528 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:20:12.0969 3528 ehRecvr - ok

12:20:12.0981 3528 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

12:20:12.0983 3528 ehSched - ok

12:20:13.0003 3528 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

12:20:13.0007 3528 elxstor - ok

12:20:13.0018 3528 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:20:13.0018 3528 ErrDev - ok

12:20:13.0082 3528 [ 94B3C06DCF580695EBA5304F3C750256 ] esClient C:\Program Files\Windows Home Server\esClient.exe

12:20:13.0083 3528 esClient - ok

12:20:13.0102 3528 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:20:13.0106 3528 EventSystem - ok

12:20:13.0126 3528 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:20:13.0127 3528 exfat - ok

12:20:13.0132 3528 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:20:13.0134 3528 fastfat - ok

12:20:13.0150 3528 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:20:13.0156 3528 Fax - ok

12:20:13.0163 3528 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

12:20:13.0164 3528 fdc - ok

12:20:13.0178 3528 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:20:13.0179 3528 fdPHost - ok

12:20:13.0186 3528 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:20:13.0187 3528 FDResPub - ok

12:20:13.0190 3528 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:20:13.0191 3528 FileInfo - ok

12:20:13.0203 3528 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:20:13.0205 3528 Filetrace - ok

12:20:13.0251 3528 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

12:20:13.0259 3528 FLEXnet Licensing Service - ok

12:20:13.0262 3528 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

12:20:13.0263 3528 flpydisk - ok

12:20:13.0269 3528 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:20:13.0272 3528 FltMgr - ok

12:20:13.0376 3528 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

12:20:13.0402 3528 FontCache - ok

12:20:13.0438 3528 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:20:13.0439 3528 FontCache3.0.0.0 - ok

12:20:13.0599 3528 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:20:13.0702 3528 FsDepends - ok

12:20:13.0705 3528 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:20:13.0708 3528 Fs_Rec - ok

12:20:13.0798 3528 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:20:13.0800 3528 fvevol - ok

12:20:13.0804 3528 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

12:20:13.0805 3528 gagp30kx - ok

12:20:13.0838 3528 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:20:13.0840 3528 GEARAspiWDM - ok

12:20:13.0860 3528 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:20:13.0866 3528 gpsvc - ok

12:20:13.0869 3528 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:20:13.0870 3528 hcw85cir - ok

12:20:13.0895 3528 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:20:13.0898 3528 HdAudAddService - ok

12:20:13.0910 3528 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

12:20:13.0911 3528 HDAudBus - ok

12:20:13.0928 3528 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

12:20:13.0929 3528 HidBatt - ok

12:20:13.0933 3528 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

12:20:13.0934 3528 HidBth - ok

12:20:13.0943 3528 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

12:20:13.0944 3528 HidIr - ok

12:20:13.0958 3528 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

12:20:13.0959 3528 hidserv - ok

12:20:13.0970 3528 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:20:13.0971 3528 HidUsb - ok

12:20:13.0982 3528 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:20:13.0984 3528 hkmsvc - ok

12:20:13.0999 3528 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:20:14.0002 3528 HomeGroupListener - ok

12:20:14.0018 3528 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:20:14.0020 3528 HomeGroupProvider - ok

12:20:14.0023 3528 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:20:14.0025 3528 HpSAMD - ok

12:20:14.0042 3528 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:20:14.0049 3528 HTTP - ok

12:20:14.0060 3528 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:20:14.0060 3528 hwpolicy - ok

12:20:14.0072 3528 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

12:20:14.0074 3528 i8042prt - ok

12:20:14.0125 3528 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

12:20:14.0127 3528 iaStor - ok

12:20:14.0155 3528 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:20:14.0156 3528 IAStorDataMgrSvc - ok

12:20:14.0173 3528 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:20:14.0176 3528 iaStorV - ok

12:20:14.0212 3528 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:20:14.0219 3528 idsvc - ok

12:20:14.0333 3528 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

12:20:14.0483 3528 igfx - ok

12:20:14.0487 3528 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

12:20:14.0488 3528 iirsp - ok

12:20:14.0542 3528 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:20:14.0549 3528 IKEEXT - ok

12:20:14.0623 3528 [ 38C3ACE3402B655D6C2A5BAB6F78B4C3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:20:14.0666 3528 IntcAzAudAddService - ok

12:20:14.0676 3528 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

12:20:14.0679 3528 IntcDAud - ok

12:20:14.0683 3528 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:20:14.0683 3528 intelide - ok

12:20:14.0697 3528 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:20:14.0698 3528 intelppm - ok

12:20:14.0707 3528 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:20:14.0709 3528 IPBusEnum - ok

12:20:14.0712 3528 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:20:14.0713 3528 IpFilterDriver - ok

12:20:14.0750 3528 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:20:14.0755 3528 iphlpsvc - ok

12:20:14.0758 3528 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:20:14.0759 3528 IPMIDRV - ok

12:20:14.0772 3528 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:20:14.0774 3528 IPNAT - ok

12:20:14.0803 3528 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

12:20:14.0807 3528 iPod Service - ok

12:20:14.0810 3528 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:20:14.0811 3528 IRENUM - ok

12:20:14.0830 3528 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:20:14.0831 3528 isapnp - ok

12:20:14.0852 3528 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:20:14.0855 3528 iScsiPrt - ok

12:20:15.0080 3528 [ E5F9A5AC854529EFBE37E475149615C1 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys

12:20:15.0081 3528 JMCR - ok

12:20:15.0118 3528 [ A4F45625CCD360DE35DA5051FDA0B47F ] JME C:\Windows\system32\DRIVERS\JME.sys

12:20:15.0120 3528 JME - ok

12:20:15.0160 3528 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:20:15.0161 3528 kbdclass - ok

12:20:15.0164 3528 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

12:20:15.0165 3528 kbdhid - ok

12:20:15.0192 3528 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

12:20:15.0193 3528 KeyIso - ok

12:20:15.0200 3528 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:20:15.0201 3528 KSecDD - ok

12:20:15.0219 3528 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:20:15.0221 3528 KSecPkg - ok

12:20:15.0223 3528 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:20:15.0225 3528 ksthunk - ok

12:20:15.0257 3528 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:20:15.0261 3528 KtmRm - ok

12:20:15.0308 3528 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

12:20:15.0311 3528 LanmanServer - ok

12:20:15.0322 3528 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:20:15.0324 3528 LanmanWorkstation - ok

12:20:15.0339 3528 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:20:15.0340 3528 lltdio - ok

12:20:15.0363 3528 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:20:15.0367 3528 lltdsvc - ok

12:20:15.0374 3528 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:20:15.0375 3528 lmhosts - ok

12:20:15.0421 3528 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:20:15.0422 3528 LMS - ok

12:20:15.0460 3528 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

12:20:15.0462 3528 LSI_FC - ok

12:20:15.0466 3528 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

12:20:15.0467 3528 LSI_SAS - ok

12:20:15.0470 3528 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

12:20:15.0471 3528 LSI_SAS2 - ok

12:20:15.0475 3528 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

12:20:15.0476 3528 LSI_SCSI - ok

12:20:15.0496 3528 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:20:15.0497 3528 luafv - ok

12:20:15.0532 3528 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

12:20:15.0533 3528 MBAMProtector - ok

12:20:15.0626 3528 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

12:20:15.0629 3528 MBAMScheduler - ok

12:20:15.0676 3528 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:20:15.0681 3528 MBAMService - ok

12:20:15.0701 3528 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:20:15.0703 3528 Mcx2Svc - ok

12:20:15.0706 3528 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

12:20:15.0707 3528 megasas - ok

12:20:15.0716 3528 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

12:20:15.0719 3528 MegaSR - ok

12:20:15.0734 3528 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

12:20:15.0735 3528 MEIx64 - ok

12:20:15.0780 3528 Microsoft SharePoint Workspace Audit Service - ok

12:20:15.0801 3528 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:20:15.0803 3528 MMCSS - ok

12:20:15.0806 3528 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:20:15.0807 3528 Modem - ok

12:20:15.0814 3528 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:20:15.0816 3528 monitor - ok

12:20:15.0825 3528 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:20:15.0827 3528 mouclass - ok

12:20:15.0829 3528 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:20:15.0830 3528 mouhid - ok

12:20:15.0851 3528 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:20:15.0853 3528 mountmgr - ok

12:20:15.0858 3528 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

12:20:15.0860 3528 MpFilter - ok

12:20:15.0869 3528 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

12:20:15.0871 3528 mpio - ok

12:20:15.0883 3528 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:20:15.0884 3528 mpsdrv - ok

12:20:15.0903 3528 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:20:15.0910 3528 MpsSvc - ok

12:20:15.0914 3528 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:20:15.0916 3528 MRxDAV - ok

12:20:15.0946 3528 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:20:15.0948 3528 mrxsmb - ok

12:20:15.0963 3528 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:20:15.0965 3528 mrxsmb10 - ok

12:20:15.0978 3528 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:20:15.0980 3528 mrxsmb20 - ok

12:20:15.0982 3528 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

12:20:15.0983 3528 msahci - ok

12:20:15.0987 3528 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:20:15.0989 3528 msdsm - ok

12:20:15.0993 3528 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

12:20:15.0995 3528 MSDTC - ok

12:20:16.0004 3528 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:20:16.0005 3528 Msfs - ok

12:20:16.0017 3528 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:20:16.0018 3528 mshidkmdf - ok

12:20:16.0026 3528 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:20:16.0026 3528 msisadrv - ok

12:20:16.0053 3528 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:20:16.0055 3528 MSiSCSI - ok

12:20:16.0057 3528 msiserver - ok

12:20:16.0074 3528 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:20:16.0075 3528 MSKSSRV - ok

12:20:16.0136 3528 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

12:20:16.0136 3528 MsMpSvc - ok

12:20:16.0158 3528 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:20:16.0158 3528 MSPCLOCK - ok

12:20:16.0161 3528 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:20:16.0162 3528 MSPQM - ok

12:20:16.0182 3528 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:20:16.0185 3528 MsRPC - ok

12:20:16.0189 3528 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

12:20:16.0190 3528 mssmbios - ok

12:20:16.0193 3528 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:20:16.0193 3528 MSTEE - ok

12:20:16.0196 3528 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

12:20:16.0197 3528 MTConfig - ok

12:20:16.0199 3528 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

12:20:16.0200 3528 Mup - ok

12:20:16.0222 3528 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

12:20:16.0226 3528 napagent - ok

12:20:16.0236 3528 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:20:16.0239 3528 NativeWifiP - ok

12:20:16.0280 3528 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:20:16.0297 3528 NDIS - ok

12:20:16.0306 3528 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:20:16.0307 3528 NdisCap - ok

12:20:16.0315 3528 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:20:16.0316 3528 NdisTapi - ok

12:20:16.0327 3528 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:20:16.0329 3528 Ndisuio - ok

12:20:16.0342 3528 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:20:16.0344 3528 NdisWan - ok

12:20:16.0353 3528 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:20:16.0354 3528 NDProxy - ok

12:20:16.0361 3528 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:20:16.0362 3528 NetBIOS - ok

12:20:16.0375 3528 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:20:16.0377 3528 NetBT - ok

12:20:16.0387 3528 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

12:20:16.0388 3528 Netlogon - ok

12:20:16.0398 3528 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

12:20:16.0401 3528 Netman - ok

12:20:16.0458 3528 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:20:16.0460 3528 NetMsmqActivator - ok

12:20:16.0463 3528 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:20:16.0464 3528 NetPipeActivator - ok

12:20:16.0491 3528 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

12:20:16.0495 3528 netprofm - ok

12:20:16.0498 3528 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:20:16.0499 3528 NetTcpActivator - ok

12:20:16.0502 3528 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:20:16.0503 3528 NetTcpPortSharing - ok

12:20:16.0509 3528 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

12:20:16.0511 3528 nfrd960 - ok

12:20:16.0524 3528 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

12:20:16.0526 3528 NisDrv - ok

12:20:16.0549 3528 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

12:20:16.0552 3528 NisSrv - ok

12:20:16.0588 3528 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:20:16.0591 3528 NlaSvc - ok

12:20:16.0647 3528 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe

12:20:16.0678 3528 nlsX86cc - ok

12:20:16.0712 3528 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:20:16.0713 3528 Npfs - ok

12:20:16.0725 3528 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

12:20:16.0727 3528 nsi - ok

12:20:16.0732 3528 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:20:16.0732 3528 nsiproxy - ok

12:20:16.0792 3528 [ B8965FB53551B5455630A4B804D0791F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:20:16.0826 3528 Ntfs - ok

12:20:16.0839 3528 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

12:20:16.0840 3528 Null - ok

12:20:17.0006 3528 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:20:17.0183 3528 nvlddmkm - ok

12:20:17.0226 3528 [ 54C7D4E3A31888FA4BE822F506FE905B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

12:20:17.0227 3528 nvpciflt - ok

12:20:17.0253 3528 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:20:17.0254 3528 nvraid - ok

12:20:17.0282 3528 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:20:17.0284 3528 nvstor - ok

12:20:17.0332 3528 [ 3341D2C91989BC87C3C0BAA97C27253B ] NVSvc C:\Windows\system32\nvvsvc.exe

12:20:17.0341 3528 NVSvc - ok

12:20:17.0387 3528 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

12:20:17.0423 3528 nvUpdatusService - ok

12:20:17.0448 3528 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:20:17.0449 3528 nv_agp - ok

12:20:17.0452 3528 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:20:17.0454 3528 ohci1394 - ok

12:20:17.0521 3528 [ D29D5E61A5722630BB58940D1E4E231A ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

12:20:17.0522 3528 OpenVPNService - ok

12:20:17.0593 3528 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:20:17.0595 3528 ose - ok

12:20:17.0682 3528 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:20:17.0757 3528 osppsvc - ok

12:20:17.0787 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:20:17.0790 3528 p2pimsvc - ok

12:20:17.0814 3528 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

12:20:17.0818 3528 p2psvc - ok

12:20:17.0822 3528 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

12:20:17.0823 3528 Parport - ok

12:20:17.0860 3528 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:20:17.0861 3528 partmgr - ok

12:20:17.0875 3528 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:20:17.0878 3528 PcaSvc - ok

12:20:17.0883 3528 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

12:20:17.0885 3528 pci - ok

12:20:17.0888 3528 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

12:20:17.0889 3528 pciide - ok

12:20:17.0893 3528 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

12:20:17.0896 3528 pcmcia - ok

12:20:17.0942 3528 [ C98CD9EE0012DF72206BD519DB9780D4 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe

12:20:17.0945 3528 PCToolsSSDMonitorSvc - ok

12:20:17.0954 3528 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

12:20:17.0955 3528 pcw - ok

12:20:17.0973 3528 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:20:17.0979 3528 PEAUTH - ok

12:20:17.0996 3528 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:20:17.0998 3528 PerfHost - ok

12:20:18.0045 3528 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

12:20:18.0070 3528 pla - ok

12:20:18.0098 3528 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:20:18.0102 3528 PlugPlay - ok

12:20:18.0139 3528 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:20:18.0140 3528 PNRPAutoReg - ok

12:20:18.0151 3528 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:20:18.0153 3528 PNRPsvc - ok

12:20:18.0178 3528 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:20:18.0183 3528 PolicyAgent - ok

12:20:18.0195 3528 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

12:20:18.0198 3528 Power - ok

12:20:18.0246 3528 [ 485C885ACFA91D2CA662308C092765EA ] PowerBiosServer C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

12:20:18.0247 3528 PowerBiosServer - ok

12:20:18.0254 3528 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:20:18.0256 3528 PptpMiniport - ok

12:20:18.0259 3528 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

12:20:18.0260 3528 Processor - ok

12:20:18.0300 3528 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

12:20:18.0303 3528 ProfSvc - ok

12:20:18.0313 3528 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:20:18.0314 3528 ProtectedStorage - ok

12:20:18.0331 3528 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:20:18.0333 3528 Psched - ok

12:20:18.0373 3528 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

12:20:18.0375 3528 PxHlpa64 - ok

12:20:18.0410 3528 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

12:20:18.0435 3528 ql2300 - ok

12:20:18.0439 3528 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

12:20:18.0441 3528 ql40xx - ok

12:20:18.0455 3528 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

12:20:18.0458 3528 QWAVE - ok

12:20:18.0460 3528 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:20:18.0462 3528 QWAVEdrv - ok

12:20:18.0464 3528 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:20:18.0465 3528 RasAcd - ok

12:20:18.0480 3528 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:20:18.0481 3528 RasAgileVpn - ok

12:20:18.0490 3528 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

12:20:18.0493 3528 RasAuto - ok

12:20:18.0509 3528 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:20:18.0511 3528 Rasl2tp - ok

12:20:18.0532 3528 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

12:20:18.0536 3528 RasMan - ok

12:20:18.0549 3528 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:20:18.0551 3528 RasPppoe - ok

12:20:18.0562 3528 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:20:18.0563 3528 RasSstp - ok

12:20:18.0577 3528 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:20:18.0580 3528 rdbss - ok

12:20:18.0582 3528 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

12:20:18.0583 3528 rdpbus - ok

12:20:18.0601 3528 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:20:18.0602 3528 RDPCDD - ok

12:20:18.0613 3528 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:20:18.0614 3528 RDPENCDD - ok

12:20:18.0617 3528 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:20:18.0617 3528 RDPREFMP - ok

12:20:18.0675 3528 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

12:20:18.0677 3528 RdpVideoMiniport - ok

12:20:18.0698 3528 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:20:18.0700 3528 RDPWD - ok

12:20:18.0807 3528 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:20:18.0910 3528 rdyboost - ok

12:20:18.0917 3528 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:20:18.0919 3528 RemoteAccess - ok

12:20:18.0939 3528 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:20:18.0942 3528 RemoteRegistry - ok

12:20:18.0956 3528 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys

12:20:18.0964 3528 Revoflt - ok

12:20:18.0974 3528 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:20:18.0976 3528 RpcEptMapper - ok

12:20:18.0992 3528 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

12:20:18.0994 3528 RpcLocator - ok

12:20:19.0011 3528 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

12:20:19.0014 3528 RpcSs - ok

12:20:19.0021 3528 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:20:19.0023 3528 rspndr - ok

12:20:19.0030 3528 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

12:20:19.0031 3528 SamSs - ok

12:20:19.0045 3528 [ BA76FA5696032C977EE4D5B4C5C83CFD ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys

12:20:19.0047 3528 SbieDrv - ok

12:20:19.0059 3528 [ B424965D749C8BA5C493A2242141BA3B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe

12:20:19.0060 3528 SbieSvc - ok

12:20:19.0064 3528 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:20:19.0065 3528 sbp2port - ok

12:20:19.0074 3528 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:20:19.0076 3528 SCardSvr - ok

12:20:19.0083 3528 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:20:19.0084 3528 scfilter - ok

12:20:19.0104 3528 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

12:20:19.0122 3528 Schedule - ok

12:20:19.0144 3528 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:20:19.0145 3528 SCPolicySvc - ok

12:20:19.0174 3528 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

12:20:19.0175 3528 sdbus - ok

12:20:19.0193 3528 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:20:19.0196 3528 SDRSVC - ok

12:20:19.0274 3528 [ 8CC57132C758F1B9614FE2E2C841FA3D ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

12:20:19.0276 3528 Seagate Dashboard Services - ok

12:20:19.0288 3528 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:20:19.0289 3528 secdrv - ok

12:20:19.0300 3528 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

12:20:19.0302 3528 seclogon - ok

12:20:19.0312 3528 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

12:20:19.0314 3528 SENS - ok

12:20:19.0328 3528 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:20:19.0329 3528 SensrSvc - ok

12:20:19.0343 3528 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

12:20:19.0344 3528 Serenum - ok

12:20:19.0357 3528 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

12:20:19.0359 3528 Serial - ok

12:20:19.0362 3528 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

12:20:19.0363 3528 sermouse - ok

12:20:19.0376 3528 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

12:20:19.0378 3528 SessionEnv - ok

12:20:19.0381 3528 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:20:19.0382 3528 sffdisk - ok

12:20:19.0384 3528 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:20:19.0385 3528 sffp_mmc - ok

12:20:19.0400 3528 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:20:19.0401 3528 sffp_sd - ok

12:20:19.0417 3528 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:20:19.0418 3528 sfloppy - ok

12:20:19.0443 3528 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:20:19.0447 3528 SharedAccess - ok

12:20:19.0459 3528 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:20:19.0463 3528 ShellHWDetection - ok

12:20:19.0479 3528 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

12:20:19.0480 3528 SiSRaid2 - ok

12:20:19.0492 3528 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

12:20:19.0493 3528 SiSRaid4 - ok

12:20:19.0531 3528 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

12:20:19.0532 3528 SkypeUpdate - ok

12:20:19.0544 3528 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:20:19.0545 3528 Smb - ok

12:20:19.0559 3528 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:20:19.0561 3528 SNMPTRAP - ok

12:20:19.0571 3528 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

12:20:19.0572 3528 spldr - ok

12:20:19.0587 3528 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

12:20:19.0592 3528 Spooler - ok

12:20:19.0641 3528 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

12:20:19.0692 3528 sppsvc - ok

12:20:19.0705 3528 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:20:19.0707 3528 sppuinotify - ok

12:20:19.0740 3528 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

12:20:19.0740 3528 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

12:20:19.0741 3528 sptd ( LockedFile.Multi.Generic ) - warning

12:20:19.0741 3528 sptd - detected LockedFile.Multi.Generic (1)

12:20:19.0756 3528 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

12:20:19.0759 3528 srv - ok

12:20:19.0772 3528 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:20:19.0776 3528 srv2 - ok

12:20:19.0785 3528 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:20:19.0787 3528 srvnet - ok

12:20:19.0800 3528 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:20:19.0803 3528 SSDPSRV - ok

12:20:19.0813 3528 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:20:19.0815 3528 SstpSvc - ok

12:20:19.0830 3528 Steam Client Service - ok

12:20:19.0844 3528 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

12:20:19.0845 3528 stexstor - ok

12:20:19.0871 3528 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

12:20:19.0876 3528 stisvc - ok

12:20:19.0886 3528 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

12:20:19.0887 3528 swenum - ok

12:20:19.0959 3528 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

12:20:19.0964 3528 SwitchBoard - ok

12:20:19.0978 3528 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

12:20:19.0983 3528 swprv - ok

12:20:20.0022 3528 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

12:20:20.0048 3528 SysMain - ok

12:20:20.0057 3528 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:20:20.0060 3528 TabletInputService - ok

12:20:20.0079 3528 [ F0B9D3ED88E56D3CD713DFF21E42AAF0 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys

12:20:20.0086 3528 tap0901 - ok

12:20:20.0093 3528 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:20:20.0097 3528 TapiSrv - ok

12:20:20.0117 3528 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

12:20:20.0119 3528 TBS - ok

12:20:20.0164 3528 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:20:20.0198 3528 Tcpip - ok

12:20:20.0230 3528 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:20:20.0239 3528 TCPIP6 - ok

12:20:20.0257 3528 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:20:20.0258 3528 tcpipreg - ok

12:20:20.0262 3528 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:20:20.0263 3528 TDPIPE - ok

12:20:20.0285 3528 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:20:20.0286 3528 TDTCP - ok

12:20:20.0302 3528 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:20:20.0304 3528 tdx - ok

12:20:20.0385 3528 [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

12:20:20.0436 3528 TeamViewer8 - ok

12:20:20.0447 3528 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

12:20:20.0448 3528 TermDD - ok

12:20:20.0461 3528 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

12:20:20.0467 3528 TermService - ok

12:20:20.0470 3528 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

12:20:20.0472 3528 Themes - ok

12:20:20.0487 3528 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

12:20:20.0488 3528 THREADORDER - ok

12:20:20.0534 3528 [ DA632FAE7B5629032B2C24E1BE29168B ] tihub3 C:\Windows\system32\DRIVERS\tihub3.sys

12:20:20.0536 3528 tihub3 - ok

12:20:20.0549 3528 [ 6AAD465F69632931B6D8D61B287E6DE9 ] tixhci C:\Windows\system32\DRIVERS\tixhci.sys

12:20:20.0552 3528 tixhci - ok

12:20:20.0563 3528 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

12:20:20.0565 3528 TrkWks - ok

12:20:20.0606 3528 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:20:20.0608 3528 TrustedInstaller - ok

12:20:20.0621 3528 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:20:20.0622 3528 tssecsrv - ok

12:20:20.0643 3528 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:20:20.0645 3528 TsUsbFlt - ok

12:20:20.0672 3528 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

12:20:20.0673 3528 TsUsbGD - ok

12:20:20.0705 3528 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:20:20.0707 3528 tunnel - ok

12:20:20.0710 3528 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

12:20:20.0712 3528 uagp35 - ok

12:20:20.0726 3528 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:20:20.0729 3528 udfs - ok

12:20:20.0735 3528 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:20:20.0737 3528 UI0Detect - ok

12:20:20.0752 3528 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:20:20.0753 3528 uliagpkx - ok

12:20:20.0771 3528 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

12:20:20.0772 3528 umbus - ok

12:20:20.0791 3528 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

12:20:20.0792 3528 UmPass - ok

12:20:20.0857 3528 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:20:20.0892 3528 UNS - ok

12:20:20.0905 3528 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

12:20:20.0909 3528 upnphost - ok

12:20:20.0945 3528 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

12:20:20.0946 3528 USBAAPL64 - ok

12:20:20.0977 3528 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:20:20.0979 3528 usbccgp - ok

12:20:20.0990 3528 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:20:20.0992 3528 usbcir - ok

12:20:21.0025 3528 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

12:20:21.0026 3528 usbehci - ok

12:20:21.0064 3528 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:20:21.0067 3528 usbhub - ok

12:20:21.0082 3528 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:20:21.0084 3528 usbohci - ok

12:20:21.0110 3528 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:20:21.0111 3528 usbprint - ok

12:20:21.0144 3528 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:20:21.0145 3528 USBSTOR - ok

12:20:21.0166 3528 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

12:20:21.0168 3528 usbuhci - ok

12:20:21.0198 3528 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

12:20:21.0200 3528 usbvideo - ok

12:20:21.0209 3528 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

12:20:21.0211 3528 UxSms - ok

12:20:21.0220 3528 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

12:20:21.0221 3528 VaultSvc - ok

12:20:21.0234 3528 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:20:21.0235 3528 vdrvroot - ok

12:20:21.0254 3528 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

12:20:21.0259 3528 vds - ok

12:20:21.0269 3528 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:20:21.0270 3528 vga - ok

12:20:21.0284 3528 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

12:20:21.0285 3528 VgaSave - ok

12:20:21.0296 3528 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:20:21.0298 3528 vhdmp - ok

12:20:21.0301 3528 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:20:21.0301 3528 viaide - ok

12:20:21.0313 3528 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:20:21.0314 3528 volmgr - ok

12:20:21.0330 3528 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:20:21.0333 3528 volmgrx - ok

12:20:21.0345 3528 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:20:21.0348 3528 volsnap - ok

12:20:21.0361 3528 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

12:20:21.0363 3528 vsmraid - ok

12:20:21.0391 3528 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:20:21.0416 3528 VSS - ok

12:20:21.0422 3528 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

12:20:21.0425 3528 vwifibus - ok

12:20:21.0448 3528 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:20:21.0450 3528 vwififlt - ok

12:20:21.0454 3528 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

12:20:21.0455 3528 vwifimp - ok

12:20:21.0468 3528 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:20:21.0472 3528 W32Time - ok

12:20:21.0475 3528 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

12:20:21.0476 3528 WacomPen - ok

12:20:21.0491 3528 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:20:21.0492 3528 WANARP - ok

12:20:21.0495 3528 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:20:21.0496 3528 Wanarpv6 - ok

12:20:21.0547 3528 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:20:21.0572 3528 WatAdminSvc - ok

12:20:21.0603 3528 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:20:21.0629 3528 wbengine - ok

12:20:21.0643 3528 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:20:21.0646 3528 WbioSrvc - ok

12:20:21.0653 3528 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:20:21.0657 3528 wcncsvc - ok

12:20:21.0666 3528 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:20:21.0668 3528 WcsPlugInService - ok

12:20:21.0671 3528 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

12:20:21.0672 3528 Wd - ok

12:20:21.0720 3528 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:20:21.0725 3528 Wdf01000 - ok

12:20:21.0739 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:20:21.0742 3528 WdiServiceHost - ok

12:20:21.0744 3528 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:20:21.0746 3528 WdiSystemHost - ok

12:20:21.0762 3528 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:20:21.0765 3528 WebClient - ok

12:20:21.0774 3528 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:20:21.0777 3528 Wecsvc - ok

12:20:21.0781 3528 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:20:21.0783 3528 wercplsupport - ok

12:20:21.0800 3528 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:20:21.0802 3528 WerSvc - ok

12:20:21.0810 3528 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:20:21.0811 3528 WfpLwf - ok

12:20:21.0871 3528 [ 1EF54B3220EBF3794439EB072B350F3E ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe

12:20:21.0875 3528 WHSConnector - ok

12:20:21.0878 3528 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:20:21.0879 3528 WIMMount - ok

12:20:21.0889 3528 WinDefend - ok

12:20:21.0901 3528 WinHttpAutoProxySvc - ok

12:20:21.0931 3528 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:20:21.0933 3528 Winmgmt - ok

12:20:21.0968 3528 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:20:22.0002 3528 WinRM - ok

12:20:22.0055 3528 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

12:20:22.0056 3528 WinUsb - ok

12:20:22.0073 3528 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:20:22.0080 3528 Wlansvc - ok

12:20:22.0175 3528 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:20:22.0208 3528 wlidsvc - ok

12:20:22.0215 3528 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

12:20:22.0216 3528 WmiAcpi - ok

12:20:22.0227 3528 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:20:22.0230 3528 wmiApSrv - ok

12:20:22.0235 3528 WMPNetworkSvc - ok

12:20:22.0257 3528 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:20:22.0259 3528 WPCSvc - ok

12:20:22.0263 3528 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:20:22.0266 3528 WPDBusEnum - ok

12:20:22.0272 3528 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:20:22.0273 3528 ws2ifsl - ok

12:20:22.0277 3528 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

12:20:22.0279 3528 wscsvc - ok

12:20:22.0282 3528 WSearch - ok

12:20:22.0349 3528 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

12:20:22.0391 3528 wuauserv - ok

12:20:22.0402 3528 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:20:22.0403 3528 WudfPf - ok

12:20:22.0409 3528 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:20:22.0411 3528 WUDFRd - ok

12:20:22.0448 3528 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:20:22.0450 3528 wudfsvc - ok

12:20:22.0456 3528 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:20:22.0460 3528 WwanSvc - ok

12:20:22.0515 3528 [ 1619A3283D9125D44116A1EE9143E035 ] XMail C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe

12:20:22.0517 3528 XMail - ok

12:20:22.0532 3528 ================ Scan global ===============================

12:20:22.0548 3528 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:20:22.0585 3528 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:20:22.0591 3528 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

12:20:22.0605 3528 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:20:22.0622 3528 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

12:20:22.0626 3528 [Global] - ok

12:20:22.0626 3528 ================ Scan MBR ==================================

12:20:22.0633 3528 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

12:20:22.0809 3528 \Device\Harddisk0\DR0 - ok

12:20:22.0809 3528 ================ Scan VBR ==================================

12:20:22.0811 3528 [ 296299ED3452272AB481B061E7C2675C ] \Device\Harddisk0\DR0\Partition1

12:20:22.0812 3528 \Device\Harddisk0\DR0\Partition1 - ok

12:20:22.0814 3528 [ 245C5F8A43FAC80A2BD4F78E37B86F08 ] \Device\Harddisk0\DR0\Partition2

12:20:22.0815 3528 \Device\Harddisk0\DR0\Partition2 - ok

12:20:22.0815 3528 ============================================================

12:20:22.0815 3528 Scan finished

12:20:22.0815 3528 ============================================================

12:20:22.0821 5840 Detected object count: 1

12:20:22.0822 5840 Actual detected object count: 1

12:20:25.0483 5840 sptd ( LockedFile.Multi.Generic ) - skipped by user

12:20:25.0483 5840 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Thanks,

Kish.

Larusso · April 15, 2013

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

kishmish · April 15, 2013

Hi,

Here is the log from ComboFix:

ComboFix 13-04-15.01 - Kish 15/04/2013 14:03:56.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8098.5636 [GMT 2:00]

Running from: c:\users\Kish\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\programdata\Origin

c:\programdata\Origin\local.xml

c:\users\Kish\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3820EE43-C0C3-4863-A8BF-7B8A8DE80BD5}.xps

c:\users\Kish\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9324FFE7-432E-4457-AE33-F9EC12EF8CD6}.xps

c:\users\Kish\AppData\Roaming\Riyqih

c:\users\Kish\AppData\Roaming\Riyqih\olozu.exe

.

----- File Replicators -----

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe

c:\program files (x86)\Git\bin\git.exe

c:\program files (x86)\Git\libexec\git-core\git-add.exe

c:\program files (x86)\Git\libexec\git-core\git-annotate.exe

c:\program files (x86)\Git\libexec\git-core\git-apply.exe

c:\program files (x86)\Git\libexec\git-core\git-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe

c:\program files (x86)\Git\libexec\git-core\git-blame.exe

c:\program files (x86)\Git\libexec\git-core\git-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-bundle.exe

c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe

c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe

c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry.exe

c:\program files (x86)\Git\libexec\git-core\git-clean.exe

c:\program files (x86)\Git\libexec\git-core\git-clone.exe

c:\program files (x86)\Git\libexec\git-core\git-column.exe

c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-commit.exe

c:\program files (x86)\Git\libexec\git-core\git-config.exe

c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-credential.exe

c:\program files (x86)\Git\libexec\git-core\git-describe.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-diff.exe

c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch.exe

c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe

c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck.exe

c:\program files (x86)\Git\libexec\git-core\git-gc.exe

c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe

c:\program files (x86)\Git\libexec\git-core\git-grep.exe

c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe

c:\program files (x86)\Git\libexec\git-core\git-help.exe

c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-init-db.exe

c:\program files (x86)\Git\libexec\git-core\git-init.exe

c:\program files (x86)\Git\libexec\git-core\git-log.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe

c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge.exe

c:\program files (x86)\Git\libexec\git-core\git-mktag.exe

c:\program files (x86)\Git\libexec\git-core\git-mktree.exe

c:\program files (x86)\Git\libexec\git-core\git-mv.exe

c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe

c:\program files (x86)\Git\libexec\git-core\git-notes.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe

c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe

c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe

c:\program files (x86)\Git\libexec\git-core\git-prune.exe

c:\program files (x86)\Git\libexec\git-core\git-push.exe

c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-reflog.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe

c:\program files (x86)\Git\libexec\git-core\git-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-replace.exe

c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe

c:\program files (x86)\Git\libexec\git-core\git-rerere.exe

c:\program files (x86)\Git\libexec\git-core\git-reset.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe

c:\program files (x86)\Git\libexec\git-core\git-revert.exe

c:\program files (x86)\Git\libexec\git-core\git-rm.exe

c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe

c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-show.exe

c:\program files (x86)\Git\libexec\git-core\git-stage.exe

c:\program files (x86)\Git\libexec\git-core\git-status.exe

c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe

c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-update-index.exe

c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe

c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-var.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe

c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe

c:\program files (x86)\Git\libexec\git-core\git.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\14981\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\14981\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\14981\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\19383\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\19383\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\19383\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\25257\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\25257\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\25257\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\26229\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\26229\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\26229\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\4759\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\4759\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\4759\ReaderUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\7266\AcrobatUpdater.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\7266\AdobeARMHelper.exe

c:\programdata\Adobe\ARM\Acrobat_10.1.1\7266\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\14981\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\14981\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\14981\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\19383\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\19383\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\19383\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\25257\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\25257\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\25257\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\26229\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\26229\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\26229\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\4759\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\4759\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\4759\ReaderUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\7266\AcrobatUpdater.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\7266\AdobeARMHelper.exe

c:\users\All Users\Adobe\ARM\Acrobat_10.1.1\7266\ReaderUpdater.exe

.

((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))

.

2013-04-15 12:24 . 2013-04-15 12:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-15 12:24 . 2013-04-15 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-15 07:43 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C38DB43-94A7-4DE1-8BD6-568179737998}\mpengine.dll

2013-04-15 06:25 . 2013-04-15 06:25 -------- d-----w- c:\users\Kish\AppData\Roaming\Imqipa

2013-04-15 06:25 . 2013-04-15 07:28 -------- d-----w- c:\users\Kish\AppData\Roaming\tor

2013-04-15 06:25 . 2013-04-15 07:18 -------- d-----w- c:\users\Kish\AppData\Roaming\Gatis

2013-04-15 06:25 . 2013-04-15 06:26 -------- d-----w- c:\users\Kish\AppData\Roaming\Yzogfu

2013-04-14 18:13 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2013-04-14 18:06 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-04-14 17:57 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-04-14 17:57 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-04-14 17:57 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-04-14 17:57 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-04-14 17:57 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-04-14 17:57 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-04-14 17:57 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-04-14 17:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2013-04-14 17:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2013-04-14 07:08 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-13 07:41 . 2013-04-13 07:47 -------- d-----w- c:\users\Kish\AppData\Roaming\FileZilla

2013-04-13 07:18 . 2013-04-13 07:18 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2013-04-12 08:42 . 2013-04-12 08:42 -------- d-----w- c:\windows\SysWow64\Adobe

2013-04-10 20:30 . 2013-04-14 12:47 -------- d-----w- c:\users\Kish\AppData\Roaming\uTorrent

2013-04-10 14:46 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 14:46 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 14:43 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 14:43 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 14:43 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 14:43 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 14:43 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 14:43 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-10 14:43 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-30 10:31 . 2013-03-30 10:31 -------- d-----w- c:\program files\iPod

2013-03-30 10:31 . 2013-03-30 10:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-03-30 10:31 . 2013-03-30 10:32 -------- d-----w- c:\program files\iTunes

2013-03-30 10:31 . 2013-03-30 10:32 -------- d-----w- c:\program files (x86)\iTunes

2013-03-27 14:41 . 2013-03-27 14:41 -------- d-----w- c:\users\Kish\AppData\Roaming\Paddy

2013-03-26 17:14 . 2013-03-26 17:14 -------- d-----w- c:\users\Kish\AppData\Roaming\Stardock

2013-03-26 17:13 . 2013-03-26 17:13 -------- dc-h--w- c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}

2013-03-26 17:13 . 2013-03-26 17:13 -------- d-----w- c:\program files (x86)\Stardock

2013-03-26 17:13 . 2013-03-26 17:13 -------- d-----w- c:\users\Kish\AppData\Local\PackageAware

2013-03-26 13:16 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-21 13:33 . 2012-11-29 06:35 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3C455A3-1BE1-4E48-BBC0-72941F215906}\gapaengine.dll

2013-03-18 18:31 . 2013-03-18 18:31 -------- d-----w- c:\program files (x86)\Stamp

2013-03-18 18:31 . 2013-03-18 18:31 249856 ------w- c:\windows\Setup1.exe

2013-03-18 18:31 . 2013-03-18 18:31 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-03-18 17:58 . 2013-03-18 17:58 -------- d-----w- c:\users\Kish\AppData\Roaming\Nitreal Games

2013-03-18 17:52 . 2013-03-18 17:54 -------- d-----w- c:\users\Kish\AppData\Roaming\namexif

2013-03-18 17:52 . 2013-03-18 17:52 -------- d-----w- c:\program files (x86)\Namexif

2013-03-17 17:51 . 2013-03-17 17:51 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-17 11:07 . 2013-03-17 11:07 -------- d-----w- c:\users\Kish\AppData\Roaming\dvdcss

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-12 08:37 . 2012-04-28 15:20 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-04-12 08:37 . 2012-03-16 11:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-04 12:50 . 2012-05-30 08:27 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-04-01 17:58 . 2012-03-16 19:43 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-17 17:51 . 2012-07-06 18:54 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-17 17:51 . 2012-04-15 16:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-17 17:24 . 2012-06-08 07:20 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-02-12 05:45 . 2013-03-18 18:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-18 18:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-18 18:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-18 18:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-18 18:36 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-18 18:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-28 11:46 . 2013-01-28 11:46 176128 ----a-w- c:\windows\SysWow64\RemoteControl.dll

2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"F.lux"="c:\users\Kish\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-09-25 156000]

"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]

"Intel AppUp® center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-09-25 156000]

.

c:\users\Kish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2010-11-21 285696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"wave2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R2 XMail;XMail Server;c:\program files (x86)\acquia-drupal\xmail\XMail.exe [2012-03-13 397824]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-06 174168]

R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-25 1255736]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-03 30056]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-03-17 834544]

S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2012-02-01 75368]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]

S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2012-02-01 490496]

S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-12-05 71032]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-12-05 384888]

S2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-28 66560]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]

S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2010-11-18 32768]

S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-11-08 15552]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-29 3463080]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]

S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [2012-02-01 2740328]

S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-09-08 136000]

S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-09-08 409408]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 14201791

*Deregistered* - 14201791

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 08:37]

.

2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923391522-1644114835-3851056406-1000Core.job

- c:\users\Kish\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 14:56]

.

2013-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1923391522-1644114835-3851056406-1000UA.job

- c:\users\Kish\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-28 14:56]

.

2013-04-14 c:\windows\Tasks\RMSchedule.job

- c:\program files (x86)\Registry Mechanic\RegMech.exe [2012-10-25 08:02]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Kish\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2010-04-27 14:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2010-04-27 14:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Kish\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

LSP: %SYSTEMROOT%\system32\BfLLR.dll

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1923391522-1644114835-3851056406-1000\Software\SecuROM\License information*]

"datasecu"=hex:3d,64,69,4b,7a,0c,59,9b,e2,cb,2a,23,7d,4a,37,d2,c6,16,cc,86,53,

c5,38,5b,17,d3,35,68,83,21,90,ba,ef,4e,7a,1c,c2,6a,4f,e4,81,47,ca,24,41,ce,\

"rkeysecu"=hex:dd,56,2a,61,52,af,3b,1d,99,b3,e9,2b,6c,82,e0,54

.

[HKEY_LOCAL_MACHINE\software\BlueStacks]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-15 14:25:52

ComboFix-quarantined-files.txt 2013-04-15 12:25

.

Pre-Run: 217,419,902,976 bytes free

Post-Run: 217,326,632,960 bytes free

.

- - End Of File - - 13B0FCD69718035203D85A1373C80849

I'm re-enabling mbam and mse now.

Thanks!

Larusso · April 15, 2013

Open notepad and copy/paste the text in the Code-box below into it:


Folder::
C:\Users\Kish\AppData\Roaming\Riyqih
C:\Users\Kish\AppData\Roaming\Imqipa
C:\Users\Kish\AppData\Roaming\Yzogfu
DirLook::
C:\Users\Kish\AppData\Roaming\tor
C:\Users\Kish\AppData\Roaming\Gatis
ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

kishmish · April 15, 2013

Hi Daniel,

Here is the Combofix log:

ComboFix 13-04-15.01 - Kish 15/04/2013 16:55:36.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8098.5876 [GMT 2:00]

Running from: c:\users\Kish\Desktop\ComboFix.exe

Command switches used :: c:\users\Kish\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Kish\AppData\Roaming\Imqipa

c:\users\Kish\AppData\Roaming\Imqipa\wyas.reg

c:\users\Kish\AppData\Roaming\Yzogfu

c:\users\Kish\AppData\Roaming\Yzogfu\payd.tmp

.

((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))

.

2013-04-15 14:59 . 2013-04-15 14:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-15 14:59 . 2013-04-15 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-15 12:28 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F208ECB9-ADAD-4EC6-AD64-9DCE0ED05C61}\mpengine.dll