I'm infected

kalniss · May 30, 2013

Hello,

I was unable to complete steps required before posting. I suppose it is because of the infection. I am posting this from a different computer.

I did a scan of my machine with MS Security Essentials (I removed infected HDD and scanned it as external HDD from a different computer) and it reported that a Trojan Droper Win32 sirefef gen B has been found, sort of removed it, but it didn't work. Now it seems that I can't download any files on the infected machine without Chrome telling me that they are infected and not allowing me to run them. Also my AVG free is detecting new infections (as I understand this Trojan Dropper is installing new viruses or other malicious software).

What can I do to fix this?

Please help.

D-FRED-BROWN · May 30, 2013

Hello kalniss and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

TDSSKiller's logfile
MBAR mbar-log.txt and system-log.txt
ComboFix's report (C:\ComboFix.txt)
Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

kalniss · May 30, 2013

Hey, nice to hear from you.

Ok, I did all the steps you said. Below are all the log files. So far it seems, that it fixed things. Computer works again.

I still have three questions.

I read that after a root-kit a system can never be trusted again, that is, there still might be some hidden malware, that can't be detected. So the question is, how safe am I, how safe is my personal data now? Do I maybe have to format everything and re install? In that case, what is the safest way to get all the files from the system that I don't want to loose?

The other question is, should I perform all the steps on my other computer, that I plugged the infected hard drive in as external drive?

What is the best way to protect my computer from now on.

P.S. Although in Combofix log file it says that AVG was running during it's scan, it wasn't. It was disabled, and after it repeatedly warned me that it is running I uninstalled it before starting Combofix.

Ok, log files.

23:00:34.0876 3576 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

23:00:34.0938 3576 ============================================================

23:00:34.0938 3576 Current date / time: 2013/05/30 23:00:34.0938

23:00:34.0938 3576 SystemInfo:

23:00:34.0938 3576

23:00:34.0938 3576 OS Version: 6.1.7601 ServicePack: 1.0

23:00:34.0938 3576 Product type: Workstation

23:00:34.0938 3576 ComputerName: TOSIS

23:00:34.0938 3576 UserName: Kaspars

23:00:34.0938 3576 Windows directory: C:\Windows

23:00:34.0938 3576 System windows directory: C:\Windows

23:00:34.0938 3576 Processor architecture: Intel x86

23:00:34.0938 3576 Number of processors: 2

23:00:34.0938 3576 Page size: 0x1000

23:00:34.0938 3576 Boot type: Normal boot

23:00:34.0938 3576 ============================================================

23:00:36.0529 3576 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:00:36.0529 3576 ============================================================

23:00:36.0529 3576 \Device\Harddisk0\DR0:

23:00:36.0529 3576 MBR partitions:

23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9CD738A

23:00:36.0529 3576 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9D09B8A, BlocksNum 0x3067B476

23:00:36.0529 3576 ============================================================

23:00:36.0545 3576 C: <-> \Device\Harddisk0\DR0\Partition2

23:00:36.0576 3576 A: <-> \Device\Harddisk0\DR0\Partition3

23:00:36.0576 3576 ============================================================

23:00:36.0576 3576 Initialize success

23:00:36.0576 3576 ============================================================

23:00:54.0781 4020 ============================================================

23:00:54.0781 4020 Scan started

23:00:54.0781 4020 Mode: Manual;

23:00:54.0781 4020 ============================================================

23:00:57.0355 4020 ================ Scan system memory ========================

23:00:57.0355 4020 System memory - ok

23:00:57.0355 4020 ================ Scan services =============================

23:00:57.0527 4020 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:00:58.0182 4020 1394ohci - ok

23:00:58.0260 4020 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:00:58.0260 4020 ACPI - ok

23:00:58.0322 4020 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:00:58.0322 4020 AcpiPmi - ok

23:00:58.0463 4020 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

23:00:58.0463 4020 AdobeARMservice - ok

23:00:58.0541 4020 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

23:00:58.0541 4020 AdobeFlashPlayerUpdateSvc - ok

23:00:58.0603 4020 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

23:00:58.0619 4020 adp94xx - ok

23:00:58.0634 4020 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

23:00:58.0650 4020 adpahci - ok

23:00:58.0681 4020 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

23:00:58.0681 4020 adpu320 - ok

23:00:58.0728 4020 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:00:58.0728 4020 AeLookupSvc - ok

23:00:58.0790 4020 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

23:00:58.0790 4020 AFD - ok

23:00:58.0853 4020 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe

23:00:58.0853 4020 AgereModemAudio - ok

23:00:58.0915 4020 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

23:00:58.0946 4020 AgereSoftModem - ok

23:00:58.0993 4020 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

23:00:58.0993 4020 agp440 - ok

23:00:59.0024 4020 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

23:00:59.0040 4020 aic78xx - ok

23:00:59.0071 4020 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

23:00:59.0071 4020 ALG - ok

23:00:59.0102 4020 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

23:00:59.0102 4020 aliide - ok

23:00:59.0118 4020 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

23:00:59.0118 4020 amdagp - ok

23:00:59.0165 4020 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

23:00:59.0165 4020 amdide - ok

23:00:59.0212 4020 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

23:00:59.0212 4020 AmdK8 - ok

23:00:59.0243 4020 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

23:00:59.0243 4020 AmdPPM - ok

23:00:59.0274 4020 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:00:59.0274 4020 amdsata - ok

23:00:59.0290 4020 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

23:00:59.0305 4020 amdsbs - ok

23:00:59.0321 4020 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:00:59.0321 4020 amdxata - ok

23:00:59.0368 4020 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

23:00:59.0368 4020 AppID - ok

23:00:59.0399 4020 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:00:59.0399 4020 AppIDSvc - ok

23:00:59.0446 4020 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll

23:00:59.0446 4020 Appinfo - ok

23:00:59.0524 4020 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:00:59.0539 4020 Apple Mobile Device - ok

23:00:59.0570 4020 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

23:00:59.0586 4020 AppMgmt - ok

23:00:59.0617 4020 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

23:00:59.0617 4020 arc - ok

23:00:59.0633 4020 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

23:00:59.0648 4020 arcsas - ok

23:00:59.0711 4020 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:00:59.0711 4020 AsyncMac - ok

23:00:59.0758 4020 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

23:00:59.0758 4020 atapi - ok

23:00:59.0804 4020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:00:59.0820 4020 AudioEndpointBuilder - ok

23:00:59.0836 4020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

23:00:59.0836 4020 Audiosrv - ok

23:01:00.0007 4020 [ 231B6AD3DB2866BC3FDB9979E6B2B61E ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

23:01:00.0038 4020 AVGIDSAgent - ok

23:01:00.0101 4020 [ EF67527CC2AD77D22AB1405C6470407E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys

23:01:00.0101 4020 AVGIDSDriver - ok

23:01:00.0148 4020 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys

23:01:00.0148 4020 AVGIDSFilter - ok

23:01:00.0179 4020 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys

23:01:00.0194 4020 AVGIDSHX - ok

23:01:00.0226 4020 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys

23:01:00.0226 4020 AVGIDSShim - ok

23:01:00.0257 4020 [ 6671345A6E2669AF1966BAF68EC5620F ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys

23:01:00.0272 4020 Avgldx86 - ok

23:01:00.0304 4020 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys

23:01:00.0304 4020 Avgmfx86 - ok

23:01:00.0350 4020 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys

23:01:00.0350 4020 Avgrkx86 - ok

23:01:00.0382 4020 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

23:01:00.0382 4020 avgwd - ok

23:01:00.0428 4020 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:01:00.0428 4020 AxInstSV - ok

23:01:00.0491 4020 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

23:01:00.0491 4020 b06bdrv - ok

23:01:00.0538 4020 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

23:01:00.0538 4020 b57nd60x - ok

23:01:00.0584 4020 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

23:01:00.0584 4020 BDESVC - ok

23:01:00.0600 4020 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

23:01:00.0600 4020 Beep - ok

23:01:00.0631 4020 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:01:00.0631 4020 blbdrive - ok

23:01:00.0740 4020 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:01:00.0756 4020 Bonjour Service - ok

23:01:00.0803 4020 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:01:00.0803 4020 bowser - ok

23:01:00.0834 4020 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:01:00.0834 4020 BrFiltLo - ok

23:01:00.0850 4020 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:01:00.0850 4020 BrFiltUp - ok

23:01:00.0896 4020 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

23:01:00.0896 4020 Browser - ok

23:01:00.0928 4020 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:01:00.0928 4020 Brserid - ok

23:01:00.0943 4020 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:01:00.0943 4020 BrSerWdm - ok

23:01:00.0959 4020 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:01:00.0959 4020 BrUsbMdm - ok

23:01:00.0990 4020 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:01:00.0990 4020 BrUsbSer - ok

23:01:01.0052 4020 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

23:01:01.0052 4020 BthEnum - ok

23:01:01.0068 4020 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

23:01:01.0068 4020 BTHMODEM - ok

23:01:01.0099 4020 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

23:01:01.0099 4020 BthPan - ok

23:01:01.0130 4020 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

23:01:01.0146 4020 BTHPORT - ok

23:01:01.0177 4020 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

23:01:01.0177 4020 bthserv - ok

23:01:01.0224 4020 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

23:01:01.0224 4020 BTHUSB - ok

23:01:01.0255 4020 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:01:01.0255 4020 cdfs - ok

23:01:01.0286 4020 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys

23:01:01.0286 4020 cdrom - ok

23:01:01.0333 4020 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

23:01:01.0333 4020 CertPropSvc - ok

23:01:01.0396 4020 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

23:01:01.0396 4020 CFSvcs - ok

23:01:01.0427 4020 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

23:01:01.0427 4020 circlass - ok

23:01:01.0458 4020 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

23:01:01.0458 4020 CLFS - ok

23:01:01.0520 4020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:01:01.0520 4020 clr_optimization_v2.0.50727_32 - ok

23:01:01.0567 4020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:01:01.0614 4020 clr_optimization_v4.0.30319_32 - ok

23:01:01.0645 4020 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:01:01.0645 4020 CmBatt - ok

23:01:01.0708 4020 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:01:01.0708 4020 cmdide - ok

23:01:01.0754 4020 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

23:01:01.0754 4020 CNG - ok

23:01:01.0770 4020 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:01:01.0770 4020 Compbatt - ok

23:01:01.0832 4020 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

23:01:01.0832 4020 CompositeBus - ok

23:01:01.0848 4020 COMSysApp - ok

23:01:01.0864 4020 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

23:01:01.0864 4020 crcdisk - ok

23:01:01.0910 4020 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:01:01.0910 4020 CryptSvc - ok

23:01:01.0957 4020 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

23:01:01.0973 4020 CSC - ok

23:01:01.0988 4020 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

23:01:02.0004 4020 CscService - ok

23:01:02.0035 4020 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

23:01:02.0051 4020 DcomLaunch - ok

23:01:02.0082 4020 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

23:01:02.0082 4020 defragsvc - ok

23:01:02.0129 4020 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:01:02.0129 4020 DfsC - ok

23:01:02.0191 4020 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

23:01:02.0191 4020 Dhcp - ok

23:01:02.0207 4020 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

23:01:02.0207 4020 discache - ok

23:01:02.0254 4020 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

23:01:02.0254 4020 Disk - ok

23:01:02.0300 4020 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:01:02.0300 4020 Dnscache - ok

23:01:02.0347 4020 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

23:01:02.0347 4020 dot3svc - ok

23:01:02.0394 4020 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

23:01:02.0394 4020 DPS - ok

23:01:02.0425 4020 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:01:02.0425 4020 drmkaud - ok

23:01:02.0456 4020 [ FA0D92F039005F01EF6C5429052222DB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:01:02.0472 4020 Suspicious file (Forged): C:\Windows\system32\DRIVERS\dtsoftbus01.sys. Real md5: FA0D92F039005F01EF6C5429052222DB, Fake md5: 87B0F28C43B50BBB917F4400FA63CD31

23:01:02.0472 4020 dtsoftbus01 ( Virus.Win32.ZAccess.aml ) - infected

23:01:02.0472 4020 dtsoftbus01 - detected Virus.Win32.ZAccess.aml (0)

23:01:02.0519 4020 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:01:02.0519 4020 DXGKrnl - ok

23:01:02.0566 4020 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

23:01:02.0566 4020 EapHost - ok

23:01:02.0659 4020 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

23:01:02.0690 4020 ebdrv - ok

23:01:02.0737 4020 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

23:01:02.0737 4020 EFS - ok

23:01:02.0815 4020 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:01:02.0815 4020 ehRecvr - ok

23:01:02.0846 4020 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

23:01:02.0846 4020 ehSched - ok

23:01:02.0893 4020 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

23:01:02.0893 4020 elxstor - ok

23:01:02.0909 4020 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:01:02.0909 4020 ErrDev - ok

23:01:02.0956 4020 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

23:01:02.0971 4020 EventSystem - ok

23:01:03.0002 4020 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

23:01:03.0002 4020 exfat - ok

23:01:03.0018 4020 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:01:03.0034 4020 fastfat - ok

23:01:03.0080 4020 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

23:01:03.0080 4020 Fax - ok

23:01:03.0112 4020 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:01:03.0112 4020 fdc - ok

23:01:03.0143 4020 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

23:01:03.0143 4020 fdPHost - ok

23:01:03.0158 4020 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

23:01:03.0158 4020 FDResPub - ok

23:01:03.0174 4020 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:01:03.0174 4020 FileInfo - ok

23:01:03.0190 4020 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:01:03.0190 4020 Filetrace - ok

23:01:03.0268 4020 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

23:01:03.0283 4020 FLEXnet Licensing Service - ok

23:01:03.0299 4020 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:01:03.0314 4020 flpydisk - ok

23:01:03.0330 4020 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:01:03.0330 4020 FltMgr - ok

23:01:03.0408 4020 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll

23:01:03.0408 4020 FontCache - ok

23:01:03.0470 4020 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:01:03.0470 4020 FontCache3.0.0.0 - ok

23:01:03.0502 4020 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:01:03.0502 4020 FsDepends - ok

23:01:03.0533 4020 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:01:03.0533 4020 Fs_Rec - ok

23:01:03.0580 4020 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:01:03.0580 4020 fvevol - ok

23:01:03.0611 4020 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

23:01:03.0611 4020 gagp30kx - ok

23:01:03.0642 4020 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:01:03.0658 4020 GEARAspiWDM - ok

23:01:03.0767 4020 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

23:01:03.0767 4020 gpsvc - ok

23:01:03.0814 4020 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:01:03.0814 4020 hcw85cir - ok

23:01:03.0892 4020 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:01:03.0892 4020 HdAudAddService - ok

23:01:03.0923 4020 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

23:01:03.0923 4020 HDAudBus - ok

23:01:03.0954 4020 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

23:01:03.0970 4020 HidBatt - ok

23:01:03.0985 4020 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

23:01:03.0985 4020 HidBth - ok

23:01:04.0016 4020 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

23:01:04.0016 4020 HidIr - ok

23:01:04.0048 4020 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

23:01:04.0048 4020 hidserv - ok

23:01:04.0094 4020 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys

23:01:04.0094 4020 HidUsb - ok

23:01:04.0141 4020 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:01:04.0141 4020 hkmsvc - ok

23:01:04.0188 4020 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:01:04.0188 4020 HomeGroupListener - ok

23:01:04.0235 4020 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:01:04.0235 4020 HomeGroupProvider - ok

23:01:04.0282 4020 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:01:04.0282 4020 HpSAMD - ok

23:01:04.0344 4020 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:01:04.0360 4020 HTTP - ok

23:01:04.0375 4020 hwdatacard - ok

23:01:04.0391 4020 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:01:04.0391 4020 hwpolicy - ok

23:01:04.0406 4020 hwusbfake - ok

23:01:04.0469 4020 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:01:04.0469 4020 i8042prt - ok

23:01:04.0500 4020 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:01:04.0500 4020 iaStorV - ok

23:01:04.0609 4020 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

23:01:04.0609 4020 IDriverT - ok

23:01:04.0734 4020 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:01:04.0734 4020 idsvc - ok

23:01:04.0781 4020 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

23:01:04.0781 4020 iirsp - ok

23:01:04.0812 4020 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

23:01:04.0828 4020 IKEEXT - ok

23:01:04.0937 4020 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

23:01:04.0952 4020 IntcAzAudAddService - ok

23:01:04.0999 4020 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

23:01:04.0999 4020 intelide - ok

23:01:05.0046 4020 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:01:05.0046 4020 intelppm - ok

23:01:05.0093 4020 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:01:05.0093 4020 IPBusEnum - ok

23:01:05.0108 4020 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:01:05.0108 4020 IpFilterDriver - ok

23:01:05.0140 4020 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:01:05.0140 4020 IPMIDRV - ok

23:01:05.0171 4020 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:01:05.0171 4020 IPNAT - ok

23:01:05.0233 4020 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:01:05.0233 4020 iPod Service - ok

23:01:05.0264 4020 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:01:05.0264 4020 IRENUM - ok

23:01:05.0311 4020 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:01:05.0311 4020 isapnp - ok

23:01:05.0342 4020 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:01:05.0358 4020 iScsiPrt - ok

23:01:05.0389 4020 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

23:01:05.0389 4020 kbdclass - ok

23:01:05.0405 4020 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:01:05.0405 4020 kbdhid - ok

23:01:05.0420 4020 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

23:01:05.0436 4020 KeyIso - ok

23:01:05.0467 4020 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:01:05.0467 4020 KSecDD - ok

23:01:05.0483 4020 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:01:05.0483 4020 KSecPkg - ok

23:01:05.0514 4020 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

23:01:05.0530 4020 KtmRm - ok

23:01:05.0561 4020 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll

23:01:05.0561 4020 LanmanServer - ok

23:01:05.0608 4020 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:01:05.0623 4020 LanmanWorkstation - ok

23:01:05.0654 4020 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:01:05.0654 4020 lltdio - ok

23:01:05.0732 4020 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:01:05.0732 4020 lltdsvc - ok

23:01:05.0748 4020 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

23:01:05.0748 4020 lmhosts - ok

23:01:05.0779 4020 [ 6ADAB14D7AD12B35BDC665B35278099B ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys

23:01:05.0779 4020 LPCFilter - ok

23:01:05.0810 4020 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

23:01:05.0826 4020 LSI_FC - ok

23:01:05.0842 4020 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

23:01:05.0842 4020 LSI_SAS - ok

23:01:05.0873 4020 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:01:05.0873 4020 LSI_SAS2 - ok

23:01:05.0888 4020 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:01:05.0888 4020 LSI_SCSI - ok

23:01:05.0920 4020 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

23:01:05.0920 4020 luafv - ok

23:01:05.0951 4020 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:01:05.0951 4020 MBAMProtector - ok

23:01:05.0998 4020 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:01:05.0998 4020 MBAMScheduler - ok

23:01:06.0029 4020 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

23:01:06.0044 4020 MBAMService - ok

23:01:06.0076 4020 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:01:06.0076 4020 Mcx2Svc - ok

23:01:06.0107 4020 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

23:01:06.0107 4020 megasas - ok

23:01:06.0122 4020 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

23:01:06.0138 4020 MegaSR - ok

23:01:06.0169 4020 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

23:01:06.0169 4020 MMCSS - ok

23:01:06.0185 4020 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

23:01:06.0185 4020 Modem - ok

23:01:06.0200 4020 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:01:06.0200 4020 monitor - ok

23:01:06.0232 4020 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys

23:01:06.0232 4020 mouclass - ok

23:01:06.0247 4020 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:01:06.0247 4020 mouhid - ok

23:01:06.0294 4020 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:01:06.0294 4020 mountmgr - ok

23:01:06.0372 4020 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

23:01:06.0372 4020 MozillaMaintenance - ok

23:01:06.0403 4020 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

23:01:06.0419 4020 mpio - ok

23:01:06.0434 4020 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:01:06.0434 4020 mpsdrv - ok

23:01:06.0466 4020 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:01:06.0481 4020 MRxDAV - ok

23:01:06.0528 4020 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:01:06.0528 4020 mrxsmb - ok

23:01:06.0559 4020 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:01:06.0575 4020 mrxsmb10 - ok

23:01:06.0590 4020 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:01:06.0590 4020 mrxsmb20 - ok

23:01:06.0637 4020 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

23:01:06.0637 4020 msahci - ok

23:01:06.0653 4020 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:01:06.0653 4020 msdsm - ok

23:01:06.0715 4020 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

23:01:06.0715 4020 MSDTC - ok

23:01:06.0778 4020 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:01:06.0778 4020 Msfs - ok

23:01:06.0793 4020 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:01:06.0793 4020 mshidkmdf - ok

23:01:06.0809 4020 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:01:06.0809 4020 msisadrv - ok

23:01:06.0856 4020 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:01:06.0871 4020 MSiSCSI - ok

23:01:06.0887 4020 msiserver - ok

23:01:06.0918 4020 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:01:06.0918 4020 MSKSSRV - ok

23:01:06.0934 4020 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:01:06.0934 4020 MSPCLOCK - ok

23:01:06.0980 4020 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:01:06.0980 4020 MSPQM - ok

23:01:07.0012 4020 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:01:07.0012 4020 MsRPC - ok

23:01:07.0074 4020 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

23:01:07.0074 4020 mssmbios - ok

23:01:07.0074 4020 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:01:07.0090 4020 MSTEE - ok

23:01:07.0105 4020 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

23:01:07.0105 4020 MTConfig - ok

23:01:07.0121 4020 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

23:01:07.0121 4020 Mup - ok

23:01:07.0168 4020 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

23:01:07.0183 4020 napagent - ok

23:01:07.0230 4020 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:01:07.0230 4020 NativeWifiP - ok

23:01:07.0277 4020 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:01:07.0292 4020 NDIS - ok

23:01:07.0308 4020 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:01:07.0308 4020 NdisCap - ok

23:01:07.0355 4020 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:01:07.0355 4020 NdisTapi - ok

23:01:07.0402 4020 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:01:07.0402 4020 Ndisuio - ok

23:01:07.0433 4020 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:01:07.0448 4020 NdisWan - ok

23:01:07.0480 4020 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:01:07.0480 4020 NDProxy - ok

23:01:07.0511 4020 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys

23:01:07.0526 4020 Netaapl - ok

23:01:07.0558 4020 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:01:07.0558 4020 NetBIOS - ok

23:01:07.0589 4020 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:01:07.0604 4020 NetBT - ok

23:01:07.0604 4020 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

23:01:07.0604 4020 Netlogon - ok

23:01:07.0651 4020 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

23:01:07.0651 4020 Netman - ok

23:01:07.0667 4020 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

23:01:07.0682 4020 netprofm - ok

23:01:07.0729 4020 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:01:07.0729 4020 NetTcpPortSharing - ok

23:01:07.0838 4020 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys

23:01:07.0916 4020 netw5v32 - ok

23:01:07.0948 4020 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

23:01:07.0948 4020 nfrd960 - ok

23:01:07.0979 4020 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll

23:01:07.0994 4020 NlaSvc - ok

23:01:08.0041 4020 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys

23:01:08.0041 4020 nmwcd - ok

23:01:08.0072 4020 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys

23:01:08.0072 4020 nmwcdc - ok

23:01:08.0088 4020 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:01:08.0104 4020 Npfs - ok

23:01:08.0119 4020 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

23:01:08.0119 4020 nsi - ok

23:01:08.0150 4020 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:01:08.0150 4020 nsiproxy - ok

23:01:08.0213 4020 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:01:08.0228 4020 Ntfs - ok

23:01:08.0244 4020 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

23:01:08.0244 4020 Null - ok

23:01:08.0447 4020 [ C954388BB78AA4E2B09F70771F86B115 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:01:08.0603 4020 nvlddmkm - ok

23:01:08.0665 4020 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:01:08.0681 4020 nvraid - ok

23:01:08.0696 4020 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:01:08.0712 4020 nvstor - ok

23:01:08.0743 4020 [ 5A8DAE04B047BA34A084E595B8F9C7EB ] nvsvc C:\Windows\system32\nvvsvc.exe

23:01:08.0743 4020 nvsvc - ok

23:01:08.0774 4020 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:01:08.0774 4020 nv_agp - ok

23:01:08.0806 4020 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:01:08.0806 4020 ohci1394 - ok

23:01:08.0852 4020 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:01:08.0868 4020 ose - ok

23:01:09.0040 4020 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:01:09.0164 4020 osppsvc - ok

23:01:09.0196 4020 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:01:09.0211 4020 p2pimsvc - ok

23:01:09.0227 4020 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

23:01:09.0227 4020 p2psvc - ok

23:01:09.0258 4020 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

23:01:09.0258 4020 Parport - ok

23:01:09.0305 4020 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:01:09.0305 4020 partmgr - ok

23:01:09.0320 4020 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

23:01:09.0320 4020 Parvdm - ok

23:01:09.0352 4020 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:01:09.0352 4020 PcaSvc - ok

23:01:09.0398 4020 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys

23:01:09.0398 4020 pccsmcfd - ok

23:01:09.0445 4020 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

23:01:09.0445 4020 pci - ok

23:01:09.0461 4020 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

23:01:09.0461 4020 pciide - ok

23:01:09.0492 4020 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

23:01:09.0492 4020 pcmcia - ok

23:01:09.0508 4020 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

23:01:09.0508 4020 pcw - ok

23:01:09.0539 4020 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:01:09.0554 4020 PEAUTH - ok

23:01:09.0601 4020 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

23:01:09.0617 4020 PeerDistSvc - ok

23:01:09.0742 4020 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

23:01:09.0757 4020 pla - ok

23:01:09.0820 4020 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:01:09.0820 4020 PlugPlay - ok

23:01:09.0835 4020 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:01:09.0835 4020 PNRPAutoReg - ok

23:01:09.0851 4020 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:01:09.0851 4020 PNRPsvc - ok

23:01:09.0898 4020 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:01:09.0913 4020 PolicyAgent - ok

23:01:09.0944 4020 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

23:01:09.0944 4020 Power - ok

23:01:09.0976 4020 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:01:09.0976 4020 PptpMiniport - ok

23:01:10.0007 4020 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:01:10.0007 4020 Processor - ok

23:01:10.0069 4020 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

23:01:10.0069 4020 ProfSvc - ok

23:01:10.0085 4020 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:01:10.0085 4020 ProtectedStorage - ok

23:01:10.0116 4020 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:01:10.0132 4020 Psched - ok

23:01:10.0178 4020 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

23:01:10.0194 4020 ql2300 - ok

23:01:10.0225 4020 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

23:01:10.0241 4020 ql40xx - ok

23:01:10.0272 4020 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

23:01:10.0272 4020 QWAVE - ok

23:01:10.0288 4020 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:01:10.0288 4020 QWAVEdrv - ok

23:01:10.0303 4020 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:01:10.0303 4020 RasAcd - ok

23:01:10.0350 4020 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:01:10.0350 4020 RasAgileVpn - ok

23:01:10.0366 4020 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

23:01:10.0366 4020 RasAuto - ok

23:01:10.0381 4020 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:01:10.0381 4020 Rasl2tp - ok

23:01:10.0428 4020 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

23:01:10.0428 4020 RasMan - ok

23:01:10.0444 4020 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:01:10.0444 4020 RasPppoe - ok

23:01:10.0475 4020 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:01:10.0475 4020 RasSstp - ok

23:01:10.0522 4020 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:01:10.0522 4020 rdbss - ok

23:01:10.0553 4020 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

23:01:10.0553 4020 rdpbus - ok

23:01:10.0584 4020 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:01:10.0584 4020 RDPCDD - ok

23:01:10.0631 4020 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

23:01:10.0631 4020 RDPDR - ok

23:01:10.0662 4020 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:01:10.0662 4020 RDPENCDD - ok

23:01:10.0693 4020 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:01:10.0693 4020 RDPREFMP - ok

23:01:10.0802 4020 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

23:01:10.0802 4020 RdpVideoMiniport - ok

23:01:10.0849 4020 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:01:10.0849 4020 RDPWD - ok

23:01:10.0912 4020 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:01:10.0912 4020 rdyboost - ok

23:01:10.0927 4020 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

23:01:10.0927 4020 RemoteAccess - ok

23:01:10.0974 4020 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:01:10.0974 4020 RemoteRegistry - ok

23:01:11.0005 4020 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

23:01:11.0005 4020 RFCOMM - ok

23:01:11.0068 4020 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

23:01:11.0068 4020 ROOTMODEM - ok

23:01:11.0114 4020 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:01:11.0114 4020 RpcEptMapper - ok

23:01:11.0146 4020 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

23:01:11.0146 4020 RpcLocator - ok

23:01:11.0161 4020 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

23:01:11.0161 4020 RpcSs - ok

23:01:11.0224 4020 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:01:11.0224 4020 rspndr - ok

23:01:11.0255 4020 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys

23:01:11.0255 4020 RTL8167 - ok

23:01:11.0302 4020 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

23:01:11.0302 4020 s3cap - ok

23:01:11.0317 4020 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

23:01:11.0317 4020 SamSs - ok

23:01:11.0348 4020 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:01:11.0348 4020 sbp2port - ok

23:01:11.0380 4020 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:01:11.0380 4020 SCardSvr - ok

23:01:11.0411 4020 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:01:11.0411 4020 scfilter - ok

23:01:11.0442 4020 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

23:01:11.0458 4020 Schedule - ok

23:01:11.0473 4020 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:01:11.0473 4020 SCPolicySvc - ok

23:01:11.0504 4020 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys

23:01:11.0504 4020 sdbus - ok

23:01:11.0551 4020 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:01:11.0551 4020 SDRSVC - ok

23:01:11.0582 4020 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:01:11.0582 4020 secdrv - ok

23:01:11.0614 4020 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

23:01:11.0614 4020 seclogon - ok

23:01:11.0629 4020 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

23:01:11.0629 4020 SENS - ok

23:01:11.0707 4020 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:01:11.0707 4020 SensrSvc - ok

23:01:11.0723 4020 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:01:11.0723 4020 Serenum - ok

23:01:11.0754 4020 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:01:11.0754 4020 Serial - ok

23:01:11.0801 4020 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

23:01:11.0801 4020 sermouse - ok

23:01:11.0879 4020 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

23:01:11.0894 4020 ServiceLayer - ok

23:01:11.0941 4020 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

23:01:11.0941 4020 SessionEnv - ok

23:01:11.0972 4020 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:01:11.0972 4020 sffdisk - ok

23:01:11.0988 4020 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:01:11.0988 4020 sffp_mmc - ok

23:01:12.0004 4020 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:01:12.0019 4020 sffp_sd - ok

23:01:12.0035 4020 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

23:01:12.0035 4020 sfloppy - ok

23:01:12.0082 4020 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:01:12.0082 4020 ShellHWDetection - ok

23:01:12.0097 4020 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

23:01:12.0113 4020 sisagp - ok

23:01:12.0128 4020 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:01:12.0128 4020 SiSRaid2 - ok

23:01:12.0160 4020 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

23:01:12.0160 4020 SiSRaid4 - ok

23:01:12.0253 4020 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

23:01:12.0253 4020 SkypeUpdate - ok

23:01:12.0284 4020 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:01:12.0284 4020 Smb - ok

23:01:12.0331 4020 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:01:12.0331 4020 SNMPTRAP - ok

23:01:12.0362 4020 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

23:01:12.0362 4020 spldr - ok

23:01:12.0409 4020 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

23:01:12.0409 4020 Spooler - ok

23:01:12.0518 4020 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

23:01:12.0550 4020 sppsvc - ok

23:01:12.0565 4020 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:01:12.0565 4020 sppuinotify - ok

23:01:12.0596 4020 [ C71392156FF968D94A11872C8D693953 ] sptd C:\Windows\System32\Drivers\sptd.sys

23:01:12.0612 4020 sptd - ok

23:01:12.0643 4020 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:01:12.0643 4020 srv - ok

23:01:12.0706 4020 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:01:12.0721 4020 srv2 - ok

23:01:12.0737 4020 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:01:12.0737 4020 srvnet - ok

23:01:12.0784 4020 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:01:12.0784 4020 SSDPSRV - ok

23:01:12.0799 4020 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:01:12.0799 4020 SstpSvc - ok

23:01:12.0830 4020 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

23:01:12.0830 4020 stexstor - ok

23:01:12.0877 4020 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

23:01:12.0877 4020 StiSvc - ok

23:01:12.0908 4020 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

23:01:12.0908 4020 storflt - ok

23:01:12.0955 4020 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

23:01:12.0955 4020 storvsc - ok

23:01:12.0971 4020 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

23:01:12.0971 4020 swenum - ok

23:01:13.0002 4020 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

23:01:13.0002 4020 swprv - ok

23:01:13.0018 4020 Synth3dVsc - ok

23:01:13.0064 4020 [ 964524A9EDCCE945E82419ABE9DB94EE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

23:01:13.0064 4020 SynTP - ok

23:01:13.0127 4020 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

23:01:13.0127 4020 SysMain - ok

23:01:13.0158 4020 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:01:13.0158 4020 TabletInputService - ok

23:01:13.0189 4020 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

23:01:13.0205 4020 TapiSrv - ok

23:01:13.0220 4020 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

23:01:13.0220 4020 TBS - ok

23:01:13.0283 4020 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:01:13.0298 4020 Tcpip - ok

23:01:13.0330 4020 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:01:13.0330 4020 TCPIP6 - ok

23:01:13.0376 4020 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:01:13.0376 4020 tcpipreg - ok

23:01:13.0423 4020 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:01:13.0423 4020 TDPIPE - ok

23:01:13.0439 4020 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:01:13.0439 4020 TDTCP - ok

23:01:13.0486 4020 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:01:13.0486 4020 tdx - ok

23:01:13.0517 4020 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

23:01:13.0517 4020 TermDD - ok

23:01:13.0564 4020 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

23:01:13.0564 4020 TermService - ok

23:01:13.0595 4020 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

23:01:13.0595 4020 Themes - ok

23:01:13.0626 4020 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

23:01:13.0626 4020 THREADORDER - ok

23:01:13.0688 4020 [ E4C85C291DDB3DC5E4A2F227CA465BA6 ] tifm21 C:\Windows\system32\drivers\tifm21.sys

23:01:13.0704 4020 tifm21 - ok

23:01:13.0782 4020 [ 3C47A2841BB479201CB356285BC2B18E ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

23:01:13.0782 4020 TOSHIBA Bluetooth Service - ok

23:01:13.0829 4020 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys

23:01:13.0829 4020 tosporte - ok

23:01:13.0876 4020 [ EB38D3D0EEF0588A4C0AEAF2825C066A ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys

23:01:13.0891 4020 tosrfbd - ok

23:01:13.0907 4020 [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys

23:01:13.0907 4020 tosrfbnp - ok

23:01:13.0922 4020 [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys

23:01:13.0922 4020 Tosrfcom - ok

23:01:13.0954 4020 [ 8A555DCF3DDAD3965DA11550491408F8 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys

23:01:13.0954 4020 tosrfec - ok

23:01:13.0969 4020 [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys

23:01:13.0969 4020 Tosrfhid - ok

23:01:14.0016 4020 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys

23:01:14.0016 4020 tosrfnds - ok

23:01:14.0032 4020 [ 3DE5CBB4F8EB64563CE08E8EC7458D03 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys

23:01:14.0032 4020 TosRfSnd - ok

23:01:14.0063 4020 [ 60380640BAF7700A19E9BF8C939EA958 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys

23:01:14.0078 4020 Tosrfusb - ok

23:01:14.0110 4020 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

23:01:14.0110 4020 TrkWks - ok

23:01:14.0156 4020 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:01:14.0156 4020 TrustedInstaller - ok

23:01:14.0203 4020 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:01:14.0203 4020 tssecsrv - ok

23:01:14.0219 4020 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:01:14.0219 4020 TsUsbFlt - ok

23:01:14.0234 4020 tsusbhub - ok

23:01:14.0281 4020 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:01:14.0281 4020 tunnel - ok

23:01:14.0312 4020 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

23:01:14.0312 4020 TVALZ - ok

23:01:14.0344 4020 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

23:01:14.0344 4020 uagp35 - ok

23:01:14.0375 4020 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:01:14.0390 4020 udfs - ok

23:01:14.0422 4020 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:01:14.0422 4020 UI0Detect - ok

23:01:14.0453 4020 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:01:14.0453 4020 uliagpkx - ok

23:01:14.0500 4020 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys

23:01:14.0500 4020 umbus - ok

23:01:14.0531 4020 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

23:01:14.0531 4020 UmPass - ok

23:01:14.0578 4020 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

23:01:14.0593 4020 UmRdpService - ok

23:01:14.0609 4020 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

23:01:14.0609 4020 upnphost - ok

23:01:14.0671 4020 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

23:01:14.0687 4020 upperdev - ok

23:01:14.0749 4020 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

23:01:14.0749 4020 USBAAPL - ok

23:01:14.0812 4020 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

23:01:14.0812 4020 usbaudio - ok

23:01:14.0843 4020 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:01:14.0843 4020 usbccgp - ok

23:01:14.0874 4020 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:01:14.0890 4020 usbcir - ok

23:01:14.0905 4020 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:01:14.0905 4020 usbehci - ok

23:01:14.0921 4020 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:01:14.0921 4020 usbhub - ok

23:01:14.0952 4020 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:01:14.0952 4020 usbohci - ok

23:01:14.0999 4020 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:01:14.0999 4020 usbprint - ok

23:01:15.0030 4020 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:01:15.0030 4020 usbscan - ok

23:01:15.0092 4020 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\DRIVERS\usbser.sys

23:01:15.0092 4020 usbser - ok

23:01:15.0124 4020 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

23:01:15.0124 4020 UsbserFilt - ok

23:01:15.0155 4020 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:01:15.0155 4020 USBSTOR - ok

23:01:15.0155 4020 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:01:15.0155 4020 usbuhci - ok

23:01:15.0217 4020 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

23:01:15.0217 4020 usbvideo - ok

23:01:15.0248 4020 [ 0D09F77F46DD3BE73C3E5949428D6995 ] UVCFTR C:\Windows\system32\DRIVERS\UVCFTR_S.SYS

23:01:15.0248 4020 UVCFTR - ok

23:01:15.0280 4020 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

23:01:15.0280 4020 UxSms - ok

23:01:15.0295 4020 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

23:01:15.0295 4020 VaultSvc - ok

23:01:15.0326 4020 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:01:15.0326 4020 vdrvroot - ok

23:01:15.0373 4020 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

23:01:15.0373 4020 vds - ok

23:01:15.0404 4020 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:01:15.0420 4020 vga - ok

23:01:15.0436 4020 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

23:01:15.0436 4020 VgaSave - ok

23:01:15.0451 4020 VGPU - ok

23:01:15.0482 4020 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:01:15.0482 4020 vhdmp - ok

23:01:15.0529 4020 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

23:01:15.0529 4020 viaagp - ok

23:01:15.0545 4020 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

23:01:15.0545 4020 ViaC7 - ok

23:01:15.0560 4020 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

23:01:15.0560 4020 viaide - ok

23:01:15.0592 4020 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

23:01:15.0592 4020 vmbus - ok

23:01:15.0607 4020 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

23:01:15.0607 4020 VMBusHID - ok

23:01:15.0638 4020 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:01:15.0638 4020 volmgr - ok

23:01:15.0685 4020 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:01:15.0685 4020 volmgrx - ok

23:01:15.0748 4020 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:01:15.0748 4020 volsnap - ok

23:01:15.0763 4020 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

23:01:15.0779 4020 vsmraid - ok

23:01:15.0826 4020 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

23:01:15.0841 4020 VSS - ok

23:01:15.0857 4020 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:01:15.0857 4020 vwifibus - ok

23:01:15.0950 4020 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

23:01:15.0950 4020 W32Time - ok

23:01:15.0997 4020 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

23:01:15.0997 4020 WacomPen - ok

23:01:16.0044 4020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:01:16.0044 4020 WANARP - ok

23:01:16.0044 4020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:01:16.0044 4020 Wanarpv6 - ok

23:01:16.0122 4020 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:01:16.0153 4020 WatAdminSvc - ok

23:01:16.0200 4020 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

23:01:16.0216 4020 wbengine - ok

23:01:16.0247 4020 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:01:16.0262 4020 WbioSrvc - ok

23:01:16.0294 4020 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:01:16.0294 4020 wcncsvc - ok

23:01:16.0309 4020 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:01:16.0325 4020 WcsPlugInService - ok

23:01:16.0340 4020 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

23:01:16.0356 4020 Wd - ok

23:01:16.0403 4020 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:01:16.0403 4020 Wdf01000 - ok

23:01:16.0418 4020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:01:16.0418 4020 WdiServiceHost - ok

23:01:16.0434 4020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:01:16.0434 4020 WdiSystemHost - ok

23:01:16.0481 4020 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

23:01:16.0481 4020 WebClient - ok

23:01:16.0512 4020 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:01:16.0528 4020 Wecsvc - ok

23:01:16.0528 4020 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:01:16.0528 4020 wercplsupport - ok

23:01:16.0574 4020 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

23:01:16.0574 4020 WerSvc - ok

23:01:16.0621 4020 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:01:16.0621 4020 WfpLwf - ok

23:01:16.0637 4020 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:01:16.0637 4020 WIMMount - ok

23:01:16.0652 4020 WinHttpAutoProxySvc - ok

23:01:16.0824 4020 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:01:16.0855 4020 Winmgmt - ok

23:01:17.0011 4020 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

23:01:17.0027 4020 WinRM - ok

23:01:17.0120 4020 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:01:17.0120 4020 WinUsb - ok

23:01:17.0276 4020 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

23:01:17.0276 4020 Wlansvc - ok

23:01:17.0339 4020 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:01:17.0354 4020 WmiAcpi - ok

23:01:17.0417 4020 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:01:17.0417 4020 wmiApSrv - ok

23:01:17.0526 4020 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

23:01:17.0542 4020 WMPNetworkSvc - ok

23:01:17.0573 4020 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:01:17.0573 4020 WPCSvc - ok

23:01:17.0635 4020 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:01:17.0635 4020 WPDBusEnum - ok

23:01:17.0666 4020 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:01:17.0666 4020 ws2ifsl - ok

23:01:17.0682 4020 WSearch - ok

23:01:17.0729 4020 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:01:17.0729 4020 WudfPf - ok

23:01:17.0744 4020 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:01:17.0744 4020 WUDFRd - ok

23:01:17.0791 4020 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:01:17.0807 4020 wudfsvc - ok

23:01:17.0838 4020 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll

23:01:17.0838 4020 WwanSvc - ok

23:01:17.0900 4020 ================ Scan global ===============================

23:01:17.0947 4020 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

23:01:17.0978 4020 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

23:01:17.0994 4020 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

23:01:18.0010 4020 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

23:01:18.0041 4020 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

23:01:18.0056 4020 [Global] - ok

23:01:18.0056 4020 ================ Scan MBR ==================================

23:01:18.0056 4020 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:01:18.0446 4020 \Device\Harddisk0\DR0 - ok

23:01:18.0446 4020 ================ Scan VBR ==================================

23:01:18.0446 4020 [ D87792B19FFCDD3F4C9A3EAA344A553F ] \Device\Harddisk0\DR0\Partition1

23:01:18.0446 4020 \Device\Harddisk0\DR0\Partition1 - ok

23:01:18.0462 4020 [ 9FF70B442212E7C2E57E9227543A768E ] \Device\Harddisk0\DR0\Partition2

23:01:18.0462 4020 \Device\Harddisk0\DR0\Partition2 - ok

23:01:18.0478 4020 [ 78B7133D03728119F5339C503FBF52F7 ] \Device\Harddisk0\DR0\Partition3

23:01:18.0493 4020 \Device\Harddisk0\DR0\Partition3 - ok

23:01:18.0493 4020 ============================================================

23:01:18.0493 4020 Scan finished

23:01:18.0493 4020 ============================================================

23:01:18.0509 1880 Detected object count: 1

23:01:18.0509 1880 Actual detected object count: 1

23:01:36.0386 1880 C:\Windows\system32\DRIVERS\dtsoftbus01.sys - copied to quarantine

23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\@ - copied to quarantine

23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\Desktop.ini - copied to quarantine

23:01:37.0915 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ - copied to quarantine

23:01:37.0946 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde - copied to quarantine

23:01:37.0962 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 - copied to quarantine

23:01:37.0978 1880 C:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk - copied to quarantine

23:01:38.0009 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000004.@ - copied to quarantine

23:01:38.0024 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000008.@ - copied to quarantine

23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\000000cb.@ - copied to quarantine

23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000000.@ - copied to quarantine

23:01:38.0040 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000032.@ - copied to quarantine

23:01:38.0867 1880 Backup copy found, using it..

23:01:38.0898 1880 C:\Windows\system32\DRIVERS\dtsoftbus01.sys - will be cured on reboot

23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\2469768004 - will be deleted on reboot

23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\4166637092\@ - will be deleted on reboot

23:01:38.0945 1880 C:\Windows\$NtUninstallKB11901$\4166637092\Desktop.ini - will be deleted on reboot

23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000004.@ - will be deleted on reboot

23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\00000008.@ - will be deleted on reboot

23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\000000cb.@ - will be deleted on reboot

23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000000.@ - will be deleted on reboot

23:01:38.0960 1880 C:\Windows\$NtUninstallKB11901$\4166637092\U\80000032.@ - will be deleted on reboot

23:01:38.0976 1880 dtsoftbus01 ( Virus.Win32.ZAccess.aml ) - User select action: Cure

23:01:43.0641 0192 Deinitialize success

kalniss · May 30, 2013

The rest of logs:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.30.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16576

Kaspars :: TOSIS [administrator]

2013.05.30. 23:08:01

mbar-log-2013-05-30 (23-08-01).txt

Scan type: Quick scan

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 251185

Time elapsed: 49 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 3

c:\Windows\$NtUninstallKB11901$\4166637092\L (Backdoor.0Access) -> Delete on reboot.

c:\Windows\$NtUninstallKB11901$\4166637092\U (Backdoor.0Access) -> Delete on reboot.

c:\Windows\$NtUninstallKB11901$\4166637092 (Backdoor.0Access) -> Delete on reboot.

Files Detected: 4

c:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.

c:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde (Backdoor.0Access) -> Delete on reboot.

c:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 (Backdoor.0Access) -> Delete on reboot.

c:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk (Backdoor.0Access) -> Delete on reboot.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.30.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16576

Kaspars :: TOSIS [administrator]

2013.05.31. 0:01:47

mbar-log-2013-05-31 (00-01-47).txt

Scan type: Quick scan

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 251234

Time elapsed: 47 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_23

File system is: NTFS

Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3219251200, free: 2273050624

Downloaded database version: v2013.05.30.06

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

05/30/2013 23:07:55

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\15878117.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\sptd.sys

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\LPCFilter.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\pcmcia.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\System32\Drivers\tosrfcom.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\netw5v32.sys

\SystemRoot\system32\DRIVERS\Rt86win7.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\tifm21.sys

\SystemRoot\system32\drivers\sdbus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\system32\DRIVERS\tosporte.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\avgidsfilterx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8687c030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xffffffff86792030

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8687ccb0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86795830, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff86792030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4B1C7CD8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 164459402

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 164666250 Numsec = 812102774

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Read File: File "c:\programdata\avg2012\chjw\18c40bcfc40badd6.dat:e544891c-b4e6-4242-8033-fe12f374ff46" is sparse (flags = 32768)

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\00000004.@ --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\201d3dde --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\76603ac3 --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L\xadqgnnk --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\L --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092\U --> [backdoor.0Access]

Infected: c:\Windows\$NtUninstallKB11901$\4166637092 --> [backdoor.0Access]

Scan finished

Creating System Restore point...

Could not create restore point...

Cleaning up...

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal successful. No system shutdown is required.

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_23

File system is: NTFS

Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 3219251200, free: 2221551616

Initializing...

------------ Kernel report ------------

05/31/2013 00:01:41

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\15878117.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\sptd.sys

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\LPCFilter.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\DRIVERS\pcmcia.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ_O.SYS

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\System32\Drivers\tosrfcom.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\netw5v32.sys

\SystemRoot\system32\DRIVERS\Rt86win7.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\tifm21.sys

\SystemRoot\system32\drivers\sdbus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\System32\Drivers\RootMdm.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHDA.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\AGRSM.sys

\SystemRoot\system32\DRIVERS\tosporte.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\avgidsfilterx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8687c030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xffffffff86792030

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8687ccb0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff8687c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff86795830, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff86792030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 4B1C7CD8

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 164459402

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 164666250 Numsec = 812102774

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Read File: File "c:\programdata\avg2012\chjw\18c40bcfc40badd6.dat:e544891c-b4e6-4242-8033-fe12f374ff46" is sparse (flags = 32768)

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

ComboFix 13-05-30.02 - Kaspars 013.05.31. 1:08.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1257.371.1033.18.3070.2168 [GMT -3:00]

Running from: c:\users\Kaspars\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

c:\windows\$NtUninstallKB11901$

c:\windows\system32\lsprst7.dll

c:\windows\system32\ssprs.dll

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-31 )))))))))))))))))))))))))))))))

.

2013-05-31 03:58 . 2013-05-31 03:58 -------- d-----w- c:\users\Kaspars\AppData\Roaming\TuneUp Software

2013-05-31 02:07 . 2013-05-31 03:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-31 02:01 . 2013-05-31 02:01 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\users\Kaspars\AppData\Roaming\Malwarebytes

2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\programdata\Malwarebytes

2013-05-30 23:02 . 2013-05-30 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-30 23:02 . 2013-04-04 17:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-30 23:01 . 2013-05-30 23:01 -------- d-----w- c:\users\Kaspars\AppData\Local\Programs

2013-05-29 17:37 . 2004-07-16 03:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll

2013-05-29 17:37 . 2004-07-16 03:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll

2013-05-29 17:37 . 2004-07-16 03:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll

2013-05-29 17:37 . 2004-07-16 03:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll

2013-05-29 17:37 . 2004-07-16 03:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe

2013-05-29 17:37 . 2013-05-29 17:37 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll

2013-05-29 17:37 . 2013-05-29 17:37 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll

2013-05-29 01:10 . 2013-05-29 01:11 -------- d-----w- c:\program files\x264 Video Codec

2013-05-25 21:09 . 2013-05-25 21:14 -------- d-----w- c:\program files\Sublime Text 2

2013-05-25 17:59 . 2013-05-25 17:59 -------- d-----w- c:\programdata\MetaQuotes

2013-05-25 17:55 . 2013-05-26 23:33 -------- d-----w- c:\program files\MetaTrader 4 at FOREX.com

2013-05-21 20:32 . 2013-05-21 20:32 -------- d-----w- c:\program files\Common Files\Skype

2013-05-20 18:41 . 2013-05-20 18:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2013-05-20 18:30 . 2013-05-31 00:08 -------- d-----w- c:\program files\GTR2

2013-05-18 20:35 . 2013-05-18 20:35 -------- d-----w- c:\program files\Calibre2

2013-05-16 16:37 . 2013-05-31 00:08 -------- d-----w- c:\program files\Codemasters

2013-05-16 16:36 . 2000-01-04 09:39 212992 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\ILog.dll

2013-05-15 15:33 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 15:33 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 15:33 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 15:30 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 15:30 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 15:30 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe

2013-05-15 15:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll

2013-05-15 15:30 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-31 02:02 . 2011-02-10 12:10 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2013-05-15 16:03 . 2013-04-06 02:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-15 16:03 . 2011-06-16 06:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-21 02:29 . 2013-04-21 02:29 3584 ----a-r- c:\users\Kaspars\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2013-04-13 04:45 . 2013-05-15 15:33 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 15:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45 . 2013-04-24 08:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-08 16:01 . 2013-04-08 16:01 52171 ----a-w- c:\windows\RFC4DPluginUninstall.exe

2013-04-05 06:03 . 2013-04-05 06:03 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-05 06:03 . 2013-04-05 06:03 185344 ----a-w- c:\windows\system32\elshyph.dll

2013-04-05 06:03 . 2013-04-05 06:03 158720 ----a-w- c:\windows\system32\msls31.dll

2013-04-05 06:03 . 2013-04-05 06:03 150528 ----a-w- c:\windows\system32\iexpress.exe

2013-04-05 06:03 . 2013-04-05 06:03 138752 ----a-w- c:\windows\system32\wextract.exe

2013-04-05 06:03 . 2013-04-05 06:03 523264 ----a-w- c:\windows\system32\vbscript.dll

2013-04-05 06:03 . 2013-04-05 06:03 137216 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-05 06:03 . 2013-04-05 06:03 12800 ----a-w- c:\windows\system32\mshta.exe

2013-04-05 06:03 . 2013-04-05 06:03 38400 ----a-w- c:\windows\system32\imgutil.dll

2013-04-05 06:03 . 2013-04-05 06:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-05 06:03 . 2013-04-05 06:03 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-05 06:03 . 2013-04-05 06:03 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-05 06:03 . 2013-04-05 06:03 61952 ----a-w- c:\windows\system32\tdc.ocx

2013-04-05 06:03 . 2013-04-05 06:03 361984 ----a-w- c:\windows\system32\html.iec

2013-04-05 06:03 . 2013-04-05 06:03 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-05 06:03 . 2013-04-05 06:03 23040 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-05 06:03 . 2013-04-05 06:03 1441280 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-05 06:02 . 2013-04-05 06:02 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-04-05 06:02 . 2013-04-05 06:02 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-04-05 06:02 . 2013-04-05 06:02 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-05 06:02 . 2013-04-05 06:02 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-04-05 06:02 . 2013-04-05 06:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-04-05 06:02 . 2013-04-05 06:02 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-04-05 06:02 . 2013-04-05 06:02 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-04-05 06:02 . 2013-04-05 06:02 1504768 ----a-w- c:\windows\system32\d3d11.dll

2013-04-05 06:02 . 2013-04-05 06:02 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-04-05 06:02 . 2013-04-05 06:02 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-04-05 06:02 . 2013-04-05 06:02 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-04-05 06:02 . 2013-04-05 06:02 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-04-05 06:02 . 2013-04-05 06:02 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-04-05 06:02 . 2013-04-05 06:02 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-04-05 06:02 . 2013-04-05 06:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-04-05 06:02 . 2013-04-05 06:02 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-04-05 06:02 . 2013-04-05 06:02 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-04-05 06:02 . 2013-04-05 06:02 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-04-05 06:02 . 2013-04-05 06:02 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-04-04 08:35 . 2013-04-30 17:50 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-19 05:04 . 2013-04-10 06:15 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 06:15 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 04:48 . 2013-04-10 06:15 38912 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 02:49 . 2013-04-10 06:15 69632 ----a-w- c:\windows\system32\smss.exe

2013-03-09 01:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2013-03-08 21:57 . 2012-12-14 09:56 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-08 21:57 . 2010-12-10 15:15 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-28 19:49 . 2011-05-31 10:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MediaIconsOverlay]

@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}"

[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}]

2013-05-29 01:11 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-13 413696]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]

"Facebook Update"="c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-04-04 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13601312]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-9 2749856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 16:03]

.

2013-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job

- c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 18:45]

.

2013-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job

- c:\users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-04 18:45]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job

- c:\users\Kaspars\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 15:14]

.

2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job

- c:\users\Kaspars\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 15:14]

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 200.42.4.204 200.49.130.41

FF - ProfilePath - c:\users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://mysql.soon.lv/eklinda/

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe

SafeBoot-04407837.sys

AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:e6,05,a7,89,08,f4,81,fb,a1,e1,5b,fd,87,02,e9,3c,a1,b3,f7,33,85,

37,92,49,24,f4,12,3e,47,aa,7e,b9,fe,35,e8,99,fd,76,be,97,cd,81,c0,bc,5c,98,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:e6,05,a7,89,08,f4,81,fb,a1,e1,5b,fd,87,02,e9,3c,a1,b3,f7,33,85,

37,92,49,24,f4,12,3e,47,aa,7e,b9,fe,35,e8,99,fd,76,be,97,cd,81,c0,bc,5c,98,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wondershare\Wondershare Helper Compact\1179606866\_PROCESSORS=2*OS=Windows_NT*Path=c:\users\Kaspars\AppData\Local\Google\Chrome\Application;c:\python27\Lib\site-packages\PyQt4\bin;c:\program files\NVIDIA Corporation\PhysX\Common;c:\program files\PC Connectivity Solution\;c:\windows\system32;C:\Windows;C:]

"JoinUserExperience"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4936)

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng-us.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\program files\Synaptics\SynTP\SynToshiba.exe

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2013-05-31 01:30:46 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-31 04:30

.

Pre-Run: 23 624 122 368 bytes free

Post-Run: 28 226 064 384 bytes free

.

- - End Of File - - C7D44D8E0277163CA0EC45449D14EC41

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java DB 10.5.3.0

Java™ 6 Update 23

Java 7 Update 21

Java™ SE Development Kit 6 Update 23

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.7 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 26.0.1410.64

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7%

````````````````````End of Log``````````````````````

D-FRED-BROWN · May 31, 2013

Looking better. You had some pretty nasty malware- I'd like to run a few more scans to verify we haven't missed anything:

Please download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

kalniss · May 31, 2013

Looks like it found something!

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Kaspars [Admin rights]

Mode : Scan -- Date : 05/31/2013 20:52:22

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++

--- User ---

[MBR] dadd07ddb5fdbb68642b2e358eadfda0

[bSP] 5d2c7ac1075dff58bdea5b4c892ba794 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 80302 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 164666250 | Size: 396534 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05312013_02d2052.txt >>

RKreport[1]_S_05312013_02d2052.txt

D-FRED-BROWN · May 31, 2013

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
[*]Save it to your desktop.
[*]Double click on the icon on your desktop.
[*]Click the "Scan All Users" checkbox.
[*]Change the "Extra Registry" option to "SafeList"
[*]Push the button.
[*]Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

kalniss · May 31, 2013

OTL logfile created on: 2013.06.01. 0:04:48 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaspars\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd.

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,22% Memory free

5,99 Gb Paging File | 4,84 Gb Available in Paging File | 80,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 78,42 Gb Total Space | 25,75 Gb Free Space | 32,84% Space Free | Partition Type: NTFS

Computer Name: TOSIS | User Name: Kaspars | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.01 00:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe

PRC - [2013.05.10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe

PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe

PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013.02.19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe

PRC - [2012.11.22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.06.26 13:10:30 | 001,516,632 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

PRC - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

PRC - [2012.06.11 11:33:14 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

PRC - [2012.06.11 11:33:10 | 000,148,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

PRC - [2012.06.11 11:33:06 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

PRC - [2011.05.18 16:56:08 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe

PRC - [2011.02.25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.13 07:29:06 | 000,840,000 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe

PRC - [2010.12.09 15:52:46 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2010.11.19 06:50:32 | 002,885,056 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2010.11.02 05:38:00 | 000,341,392 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2010.09.06 11:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2010.08.23 11:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2010.08.23 11:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe

PRC - [2010.04.12 05:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe

PRC - [2009.04.03 13:17:00 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe

PRC - [2009.03.27 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe

PRC - [2008.06.20 02:14:00 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2007.04.17 14:43:16 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2006.11.13 04:06:54 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2006.11.06 12:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.28 22:11:18 | 000,225,280 | ---- | M] () -- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll

MOD - [2012.06.26 13:11:10 | 000,345,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll

MOD - [2012.06.26 13:11:08 | 000,282,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll

MOD - [2012.06.26 13:11:02 | 008,197,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll

MOD - [2012.06.26 13:11:00 | 002,302,040 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll

MOD - [2012.06.26 13:10:58 | 000,202,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll

MOD - [2012.06.26 13:10:58 | 000,027,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll

MOD - [2011.06.24 16:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 16:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2006.11.06 12:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

========== Services (SafeList) ==========

SRV - [2013.05.15 13:03:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013.05.10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013.04.20 16:32:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013.03.28 16:49:13 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.12.02 21:11:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.04.12 05:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2009.07.13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.03.27 13:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.04.17 14:43:16 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kaspars\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2013.05.30 23:02:40 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)

DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)

DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)

DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)

DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2012.01.09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2012.01.09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011.05.10 02:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2010.12.11 19:08:40 | 000,234,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2010.12.02 14:29:00 | 000,056,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2010.11.29 06:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2010.11.20 07:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.11.11 05:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2010.08.30 05:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2010.08.19 15:42:38 | 000,074,832 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SPTD.SYS -- (sptd)

DRV - [2010.06.18 11:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2010.04.26 06:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2009.07.30 16:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)

DRV - [2009.07.24 06:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2009.07.21 09:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2009.07.13 20:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009.07.13 19:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

DRV - [2009.06.17 06:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)

DRV - [2009.03.27 09:52:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.11.09 00:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007.01.26 12:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007.01.24 02:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = lv-LV

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 19 55 BD B7 2F CE 01 [binary data]

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://mysql.soon.lv/eklinda/"

FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1

FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2

FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:3.1.4

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kaspars\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2013.03.16 18:59:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.02 11:16:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:09:45 | 000,000,000 | ---D | M]

[2011.02.17 05:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Extensions

[2011.02.17 05:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn

[2013.03.28 17:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions

[2011.01.27 10:01:47 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2013.03.28 16:29:23 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\https-everywhere@eff.org

[2013.03.25 14:48:45 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Kaspars\AppData\Roaming\Mozilla\Firefox\Profiles\x022xa6b.default\extensions\firebug@software.joehewitt.com.xpi

[2013.03.28 17:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\USERS\KASPARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X022XA6B.DEFAULT\EXTENSIONS\AVG@TOOLBAR

[2013.03.28 16:49:14 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013.03.28 16:49:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013.03.28 16:49:11 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.pandora.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Kaspars\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Media Hint = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.12_0\

CHR - Extension: YouTube = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\Kaspars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013.05.31 01:24:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iTSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [Facebook Update] C:\Users\Kaspars\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)

O4 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.21.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.42.4.204 200.49.130.41

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67DEF535-16C2-4DB5-88EF-D7A63E5793FB}: DhcpNameServer = 200.42.4.204 200.49.130.41

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEEA6FAA-3736-4FEC-8875-49DF021D7414}: DhcpNameServer = 213.110.77.2 213.110.93.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F58BCF43-D3A5-416E-9DB6-A4F259D27AE9}: DhcpNameServer = 212.93.96.4 212.93.96.2

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.01 00:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe

[2013.05.31 20:48:15 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\Desktop\RK_Quarantine

[2013.05.31 03:10:15 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\AVG2013

[2013.05.31 03:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013.05.31 03:09:05 | 000,000,000 | -H-D | C] -- C:\$AVG

[2013.05.31 03:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2013.05.31 03:03:43 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\MFAData

[2013.05.31 03:03:43 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\Avg2013

[2013.05.31 03:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2013.05.31 01:30:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.05.31 01:24:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.05.31 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\temp

[2013.05.31 00:58:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.05.31 00:58:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.05.31 00:58:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.05.31 00:58:13 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\TuneUp Software

[2013.05.31 00:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.05.31 00:55:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.05.30 23:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013.05.30 23:05:11 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003

[2013.05.30 23:01:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013.05.30 23:00:20 | 002,240,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kaspars\Desktop\tdsskiller.exe

[2013.05.30 23:00:19 | 005,074,935 | R--- | C] (Swearware) -- C:\Users\Kaspars\Desktop\ComboFix.exe

[2013.05.30 20:02:11 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\Malwarebytes

[2013.05.30 20:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.05.30 20:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.05.30 20:02:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013.05.30 20:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013.05.30 20:01:53 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Local\Programs

[2013.05.29 15:21:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll

[2013.05.28 22:11:06 | 000,000,000 | ---D | C] -- C:\Users\Kaspars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec

[2013.05.28 22:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\x264 Video Codec

[2013.05.25 18:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sublime Text 2

[2013.05.25 14:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MetaQuotes

[2013.05.25 14:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\MetaTrader 4 at FOREX.com

[2013.05.21 17:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2013.05.20 15:41:52 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2013.05.20 15:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\GTR2

[2013.05.18 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2

[2013.05.18 17:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

[2013.05.16 13:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters

[2013.05.16 13:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters

[2013.05.16 03:10:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013.05.16 03:10:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013.05.16 03:10:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013.05.16 03:10:28 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013.05.16 03:10:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013.05.16 03:10:26 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013.05.16 03:10:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013.05.16 03:10:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013.05.16 03:10:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013.05.16 03:10:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013.05.15 12:33:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll

[2013.05.15 12:33:50 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013.05.15 12:30:11 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys

[2013.05.15 12:30:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013.05.15 12:30:02 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

========== Files - Modified Within 30 Days ==========

[2013.06.01 00:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.06.01 00:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaspars\Desktop\OTL.exe

[2013.05.31 23:13:02 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job

[2013.05.31 21:50:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001UA.job

[2013.05.31 18:16:42 | 000,624,334 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.05.31 18:16:42 | 000,109,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.05.31 17:41:48 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.05.31 17:41:48 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.05.31 17:34:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.05.31 17:34:03 | 2414,436,352 | -HS- | M] () -- C:\hiberfil.sys

[2013.05.31 03:09:34 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013.05.31 01:24:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013.05.30 23:02:40 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys

[2013.05.30 20:02:08 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.05.30 16:55:50 | 013,169,742 | ---- | M] () -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003.zip

[2013.05.30 16:54:40 | 000,890,839 | ---- | M] () -- C:\Users\Kaspars\Desktop\SecurityCheck.exe

[2013.05.30 16:54:18 | 005,074,935 | R--- | M] (Swearware) -- C:\Users\Kaspars\Desktop\ComboFix.exe

[2013.05.30 16:51:22 | 002,240,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kaspars\Desktop\tdsskiller.exe

[2013.05.29 15:50:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job

[2013.05.28 10:13:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1418722034-3009943260-4089739646-1001Core.job

[2013.05.26 14:10:00 | 000,003,082 | ---- | M] () -- C:\Users\Kaspars\Desktop\class generator.mq4

[2013.05.25 16:30:16 | 000,003,134 | ---- | M] () -- C:\Users\Kaspars\Desktop\Linear Regression.mq4

[2013.05.20 15:41:52 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll

[2013.05.16 03:32:54 | 003,781,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013.05.15 13:03:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013.05.15 13:03:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.05.31 03:09:34 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013.05.31 00:58:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.05.31 00:58:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.05.31 00:58:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.05.31 00:58:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.05.31 00:58:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.05.30 23:00:20 | 000,890,839 | ---- | C] () -- C:\Users\Kaspars\Desktop\SecurityCheck.exe

[2013.05.30 23:00:19 | 013,169,742 | ---- | C] () -- C:\Users\Kaspars\Desktop\mbar-1.06.0.1003.zip

[2013.05.30 20:02:08 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.05.26 20:03:10 | 000,003,134 | ---- | C] () -- C:\Users\Kaspars\Desktop\Linear Regression.mq4

[2013.05.26 20:02:44 | 000,003,082 | ---- | C] () -- C:\Users\Kaspars\Desktop\class generator.mq4

[2013.05.25 18:09:22 | 000,000,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk

[2013.04.30 11:55:09 | 000,003,865 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\recently-used.xbel

[2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll

[2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll

[2013.04.20 17:06:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll

[2013.04.20 17:06:49 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

[2013.04.08 13:01:30 | 000,052,171 | ---- | C] () -- C:\Windows\RFC4DPluginUninstall.exe

[2013.03.08 21:32:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2013.03.08 21:31:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2013.02.10 11:15:02 | 000,247,920 | ---- | C] () -- C:\Windows\System32\avutil-lav-52.dll

[2013.02.10 11:15:02 | 000,165,160 | ---- | C] () -- C:\Windows\System32\avresample-lav-1.dll

[2011.12.07 16:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll

[2011.11.08 06:00:31 | 000,000,132 | ---- | C] () -- C:\Users\Kaspars\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011.11.02 11:31:59 | 000,001,631 | ---- | C] () -- C:\Users\Kaspars\.bash_history

[2011.10.12 11:23:34 | 000,354,304 | ---- | C] () -- C:\Windows\System32\pythoncom27.dll

[2011.10.12 11:23:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\pywintypes27.dll

[2011.09.07 04:54:57 | 000,000,081 | ---- | C] () -- C:\Users\Kaspars\.gitconfig

[2011.08.28 15:20:10 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin

[2011.08.02 08:50:32 | 000,162,696 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.07.20 08:56:33 | 000,009,898 | ---- | C] () -- C:\Users\Kaspars\_viminfo

[2011.06.24 00:58:32 | 000,242,259 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.06.01 10:59:13 | 000,000,390 | ---- | C] () -- C:\Users\Kaspars\gate.session

[2011.06.01 10:59:11 | 000,000,573 | ---- | C] () -- C:\Users\Kaspars\gate.xml

[2011.05.23 04:39:32 | 000,000,132 | ---- | C] () -- C:\Users\Kaspars\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.02.10 10:53:50 | 000,002,913 | ---- | C] () -- C:\Users\Kaspars\jtview.xml

[2011.01.21 03:40:45 | 000,013,824 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.01.13 09:40:39 | 000,000,600 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\PUTTY.RND

[2010.12.10 12:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Kaspars\.javafx_eula_accepted

[2010.12.08 08:58:26 | 000,001,456 | ---- | C] () -- C:\Users\Kaspars\AppData\Local\Adobe Save for Web 12.0 Prefs

========== ZeroAccess Check ==========

[2009.07.14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1063995

< End of report >

OTL Extras logfile created on: 2013.06.01. 0:04:48 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaspars\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000426 | Country: Latvija | Language: LVI | Date Format: yyyy.MM.dd.

3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,22% Memory free

5,99 Gb Paging File | 4,84 Gb Available in Paging File | 80,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 78,42 Gb Total Space | 25,75 Gb Free Space | 32,84% Space Free | Partition Type: NTFS

Computer Name: TOSIS | User Name: Kaspars | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L"

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007B3514-F014-4A1E-9E41-71F6F375C82F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{10807CA6-5176-4F0F-9BAC-1B51DD3079EE}" = lport=139 | protocol=6 | dir=in | app=system |

"{499BD57E-5F70-4443-8179-97E3B7F48169}" = rport=138 | protocol=17 | dir=out | app=system |

"{4FE364F4-A283-4503-BE7E-DEB48653B8FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{53B04255-AA43-4BD2-8A24-337B96B76EF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{76D199CD-B6BD-4A46-91BA-BCA268058A9C}" = lport=137 | protocol=17 | dir=in | app=system |

"{8C28ECF1-61E3-4BF3-ADFC-83D9EB40316E}" = rport=137 | protocol=17 | dir=out | app=system |

"{B9DC7D44-6078-44E2-A36B-AECB17339213}" = rport=139 | protocol=6 | dir=out | app=system |

"{CBF24952-4036-4A1E-9CF5-B2A379AF2C37}" = lport=138 | protocol=17 | dir=in | app=system |

"{DD6825E9-6E2C-4448-9C3B-5065ACB98ADE}" = lport=445 | protocol=6 | dir=in | app=system |

"{DF33AA4B-1A31-4567-8135-3D7D52EA4152}" = rport=445 | protocol=6 | dir=out | app=system |

"{E6982748-22C1-41D6-90F1-BFD2D2A4411B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{037F15E9-B8BF-421B-AB82-DD7CD777F58E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{09251B70-BEA1-4ECC-89C2-395A1E8FA106}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{29F9394A-9432-473D-AC0B-68CC4AD644C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |

"{4217BCA9-16B2-40B7-BE38-90F4CF9C3A4C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{429B9CC0-0CF8-4C20-9E56-757AD6693372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{5263558C-3A58-462C-92FE-F1C2EE156213}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{661D885E-F920-4CE5-A473-F288CA19A54D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |

"{6822CD75-CC3D-41F6-9259-693D0F8F5C2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{A72AFD39-953F-4826-B3F0-3D9DD0B020F9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{B56D32EB-512E-488F-9C6E-662C171B2063}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |

"{E3AA4A42-05B5-41BA-8046-E54DC56A2AA9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |

"{F669A4CC-6575-4A3B-B577-A04D4D9FCB75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"TCP Query User{18B771D0-EC78-4A6A-B1A7-E47B58575BC8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{42CA4328-E20E-4FA3-9380-A0495DCF1F25}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{EC73AA48-676E-4787-AD46-EE4560825DCC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{FCDEEBC5-50DF-4785-B6F1-8EB703712E02}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0

"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5

"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes

"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java 6 Update 23

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2

"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java SE Development Kit 6 Update 23

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player

"{56B116A2-FF34-4923-B1A7-1DFAB0B6E186}" = Utility support driver

"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{5FD4B351-1567-426F-AEB4-08F41E3FA6C5}" = calibre

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud

"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{9782762F-639B-499B-A23D-5EBEAFC160E6}" = Microsoft Tool Web Package:diskpart.exe

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B3A1BF34-A336-450D-BC3E-3A854AD270A0}" = AVG 2013

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI

"{DEE76D44-8D7C-4A32-8FAE-A813817631FC}" = AVG 2013

"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AVG" = AVG 2013

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"Crazybump" = Crazybump (remove only)

"DAEMON Tools Pro" = DAEMON Tools Pro

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)

"FileZilla Client" = FileZilla Client 3.5.2

"In The Groove" = In The Groove (remove only)

"Inkscape" = Inkscape 0.48.4

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"KaM - The Peasants Rebellion" = KaM - The Peasants Rebellion

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MaPZone2.Free" = Allegorithmic MaPZone2.Free

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1

"networkx-py2.7" = Python 2.7 networkx-1.5

"nltk-py2.7" = Python 2.7 nltk-2.0b9

"Nokia PC Suite" = Nokia PC Suite

"Notepad++" = Notepad++

"numpy-py2.6" = Python 2.6 numpy-1.4.1

"numpy-py2.7" = Python 2.7 numpy-1.5.1

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PDF to Kindle Converter_is1" = PDF to Kindle Converter 3.0.5

"PIL-py2.6" = Python 2.6 PIL-1.1.6

"PIL-py2.7" = Python 2.7 PIL-1.1.7

"pp-py2.7" = Python 2.7 pp-1.6.1

"PyQt GPL v4.5.4 for Python v2.6" = PyQt GPL v4.5.4 for Python v2.6

"PyQt GPL v4.8.1 for Python v2.7" = PyQt GPL v4.8.1 for Python v2.7

"PyQt4.Qwt5-py2.7" = Python 2.7 PyQt4.Qwt5-5.2.1

"PyQwt5" = PyQwt-5.2.0

"pywin32-py2.6" = Python 2.6 pywin32-214

"pywin32-py2.7" = Python 2.7 pywin32-214

"PyYAML-py2.7" = Python 2.7 PyYAML-3.10

"RealFlow 2012" = RealFlow 2012

"RealFlowC4D" = RealFlow Plug-in for Cinema4D

"RegexBuddy 3" = JGsoft RegexBuddy 3 v.3.2.1

"setuptools-py2.6" = Python 2.6 setuptools-0.6c11

"setuptools-py2.7" = Python 2.7 setuptools-0.6c11

"Sublime Text 2_is1" = Sublime Text 2.0.1

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.6

"Weka 3.6.4" = Weka 3.6.4

"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1418722034-3009943260-4089739646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013.05.30. 23:58:01 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.30. 23:58:39 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.30. 23:58:39 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.30. 23:59:05 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 2:08:48 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 2:08:49 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 2:08:55 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 2:08:58 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 17:00:44 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 17:04:20 | Computer Name = Tosis | Source = System Restore | ID = 8193

Description =

Error - 2013.05.31. 17:50:05 | Computer Name = Tosis | Source = Google Update | ID = 20

Description =

[ System Events ]

Error - 2013.05.30. 22:58:40 | Computer Name = Tosis | Source = Service Control Manager | ID = 7001

Description = The Windows Firewall service depends on the Base Filtering Engine

service which failed to start because of the following error: %%1290

Error - 2013.05.30. 22:58:42 | Computer Name = Tosis | Source = Service Control Manager | ID = 7000

Description = The Security Center service failed to start due to the following error:

%%1314

Error - 2013.05.30. 23:01:24 | Computer Name = Tosis | Source = Service Control Manager | ID = 7024

Description = The HomeGroup Listener service terminated with service-specific error

%%-2147023143.

Error - 2013.05.31. 0:00:51 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 2013.05.31. 0:07:26 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 2013.05.31. 0:08:52 | Computer Name = Tosis | Source = WMPNetworkSvc | ID = 866300

Description =

Error - 2013.05.31. 0:17:47 | Computer Name = Tosis | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 2013.05.31. 0:23:37 | Computer Name = Tosis | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:21:55 on ?2013.?05.?31. was unexpected.

Error - 2013.05.31. 0:53:32 | Computer Name = Tosis | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:50:19 on ?2013.?05.?31. was unexpected.

Error - 2013.05.31. 4:56:09 | Computer Name = Tosis | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

< End of report >

D-FRED-BROWN · May 31, 2013

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:OTL
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A1063995

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

kalniss · May 31, 2013

All processes killed

========== OTL ==========

ADS C:\ProgramData\TEMP:94A19129 deleted successfully.

ADS C:\ProgramData\TEMP:A1063995 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56475 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kaspars

->Temp folder emptied: 3053768 bytes

->Temporary Internet Files folder emptied: 1472143 bytes

->Java cache emptied: 3682478 bytes

->FireFox cache emptied: 101245294 bytes

->Google Chrome cache emptied: 246625664 bytes

->Apple Safari cache emptied: 18015232 bytes

->Flash cache emptied: 115878 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2176 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 890839 bytes

Total Files Cleaned = 358,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kaspars

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Kaspars

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06012013_013205

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

D-FRED-BROWN · May 31, 2013

Looks good.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
[*]Check
[*]Click the button.
[*]Accept any security warnings from your browser.
[*]Check
[*]Push the Start button.
[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
[*]When the scan completes, push
[*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
[*]Push the button.
[*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

kalniss · June 1, 2013

Ok, it did take a while

Here's what it found:

C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0001.dta Win32/Sirefef.EZ trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0006.dta Win32/Conedex.D trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0008.dta Win32/Conedex.E trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0009.dta Win32/Sirefef.FA trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\30.05.2013_23.00.34\rtkt0000\zafs0000\tsk0010.dta a variant of Win32/Sirefef.FV trojan cleaned by deleting - quarantined

Looks like nothing new, just something that TDSSKiller had already quarantined.

So, how does it look now?

D-FRED-BROWN · June 1, 2013

Your logs appear to be clean .

Before we move on, please take the time to install the following updates. Program updates are an important way to keep your computer safe, as oudated applications leave you vulnerable to malware.

---------------

Upgrade Java : (32 bits)

Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
Accept License Agreement.".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-i586.exe and select "Run as an Administrator.")

----------------

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

Download the latest version of Adobe Reader and save it to your desktop.
Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
Click the download button at the bottom.
If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
Then from your desktop double-click on Adobe Reader to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the "Adobe Setup - Welcome" window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

kalniss · June 1, 2013

Ok, updates are done.

So as I understand everything looks clean and there should be no security risks, right? I can use my e-mail, facebook and online banking no problem? Or is there a chance that some can still steel my personal info? Also what is the possibility that it has already been stolen?

Can I uninstall all the software I downloaded as instructed? What about all different files and folders that have been created in the process?

Be as it may, thank you for your help so far. You have been a great help.

K.

D-FRED-BROWN · June 1, 2013

So as I understand everything looks clean and there should be no security risks, right? I can use my e-mail, facebook and online banking no problem? Or is there a chance that some can still steel my personal info? Also what is the possibility that it has already been stolen?

Yes, you should be fine. Your logs indicate you're all clean.

If you did any online banking or transactions while you were infected, I would definitely contact your financial institutions to let them know of the situation. You should also change your passwords to any personal online accounts, as they may have been compromised as a result of the malware on your system.

If you didn't do any banking/transactions while you were infected, I wouldn't worry, but you may want to change your passwords anyway just to be on the safe side.

Can I uninstall all the software I downloaded as instructed? What about all different files and folders that have been created in the process?

I'll provide you with instructions on doing so below .

---------

Unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

kalniss · June 1, 2013

Great. So I will continue to use my AVG! I know how I got infected, it was a stupid action on my part, I knew that instant what I had done. Well, I guess you live and you learn. All in all, I believe I know how to behave safely online.

Anyway after clean up and uninstallation of ComboFix there are three more folders on my C and A drives, that seem to be related to all the actions taken to remove infection. Particular I'm worried about a folders named TDSSKiller_Quarantine and found.000. Can/should I delete those?

Again thank you very much for the help!

Cheers!

D-FRED-BROWN · June 2, 2013

Anyway after clean up and uninstallation of ComboFix there are three more folders on my C and A drives, that seem to be related to all the actions taken to remove infection. Particular I'm worried about a folders named TDSSKiller_Quarantine and found.000. Can/should I delete those?

Yep, you can go ahead and delete those.

Again thank you very much for the help!

No problem!

LDTate · June 6, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

I'm infected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information