Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sirefef-PL, Atraps-PF, Malware-gen, Bitcoin-A and BitCoinMiner-U [Solv

Started by flv , Jul 10 2012 06:13 AM

  • This topic is locked This topic is locked

#1
flv
Posted 10 July 2012 - 06:13 AM

flv

    Member

  • Member
  • PipPip
  • 10 posts
Hi,
my system is infected with Sirefef-PL, Atraps-PF, Malware-gen, Bitcoin-A and BitCoinMiner-U. I don't know how I got infected. The last thing I rembember is installing flash update. Few days earlier my friend changed (just for fun :D) my wallpaper to some gay porn picture. I asked him and he said he got it from 4fukr site that he visited on my pc so maybe this is the source of infection.

Timeline is following:

================================
5th july
================================

1. At 9:42am Avast (v.6.0.1289) starts complaining about Win32:Atraps-PF [Trj] and Win32:Malware-gen. Here are the entries from avast quarantine:

name: 80000032.@
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U
virus: Win32:Atraps-PF [Trj]

name: 80000064.@
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U
virus: Win32:Atraps-PF [Trj]

name: 80000000.@
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U
virus: Win32:Malware-gen

There are 30 such entries in avast quarantine between 9:42am and 10:20am.

2. At 10:23am avast detected Win32:Sirefef-PL [Rtk]. Here is the entry from avast quarantine:

name: n
original location: C:\Users\my_name_replaced\AppData\Local\{7eaaf632-a970-98b2-9551-9a43312dca11}
virus: Win32:Sirefef-PL [Rtk]

3. At 11:04am avast detected Java:Bitcoin-A [Trj]. Here's entry from avast quarantine:

name: com\bitcoinplus\applet\MiningApplet.class
original location: C:\Users\my_name_replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2e002d9c-64b4a7e8
virus: Java:Bitcoin-A [Trj]

4. At 11:11am avast detected Win32:Sirefef-PL [Rtk] in another two files. Entries from avast quarantine:

name: Desktop.ini
original location: C:\Windows\assembly\GAC_32
virus: Win32:Sirefef-PL [Rtk]

name: Desktop.ini
original location: C:\Windows\assembly\GAC_64
virus: Win32:Sirefef-PL [Rtk]

5. At 11:48 am avast detected Win32:Sirefef-PL [Rtk] in another file, Win32:Malware-gen in another file and also Win32:BitCoinMiner-U [PUP]. Entries from avast quarantine:

name: n
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}
virus: Win32:Sirefef-PL [Rtk]

name: 00000004.@
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U
virus: Win32:Malware-gen

name: 00000008.@
original location: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U
virus: Win32:BitCoinMiner-U [PUP]

Up till now, each time avast said that it moved infected file to quarantine and that no following actions were needed. This time it also said that no following actions are needed but a while later dialog box asking me to schedule virus scan before windows start. I agreed and rebooted the pc.

6. At 2pm avast scan finished and windows has started. Avast found 9 infected files:

name: C:\Users\my_name_replaced\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\2e002d9c-64b4a7e8|>com\bitcoinplus\applet\MiningApplet.class
state: threat: Java:Bitcoin-A [Trj]
action: move to quarantine [result: success]

name: C:\Windows\assembly\GAC_32\Desktop.ini
state: threat: Win32:Sirefef-PL [Rtk]
action: move to quarantine [result: success]

name: C:\Windows\assembly\GAC_64\Desktop.ini
state: threat: Win32:Sirefef-PL [Rtk]
action: move to quarantine [result: success]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\n|>[Embedded_I#5608]
state: threat: Win32:Sirefef-PL [Rtk]
action: move to quarantine [result: success]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\n|>[Embedded_I#6e08]
state: threat: Win32:Sirefef-PL [Rtk]
action: move to quarantine [result: no result specified]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\n
state: threat: Win32:Sirefef-PL [Rtk]
action: move to quarantine [result: no result specified]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U\00000004.@
state: threat: Win32:Malware-gen
action: move to quarantine [result: success]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U\00000008.@|>[Embedded_R#00310]
state: PNP: Win32:BitCoinMiner-U [PUP]
action: move to quarantine [result: success]

name: C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U\00000008.@
state: PNP: Win32:BitCoinMiner-U [PUP]
action: move to quarantine [result: no result specified]

7. Using MBAM

MBAM detected Trojan.Dropper.BCMiner:
C:\Windows\Installer\{7eaaf632-a970-98b2-9551-9a43312dca11}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

After reboot MBAM still detected BCMiner. I repeated this several times (MBAM, reboot) with no further success (BCMiner detected after reboot).

8. Since the time that avast has scanned the system before Windows start, avast quarantine contains entries only for Win32:Atraps-PF [Trj] and Win32:Malware-gen.

================================
6th july
================================

I didn't do anything - avast just kept complaining about Win32:Atraps-PF [Trj] and Win32:Malware-gen

================================
7th-8th july
================================

Pc was turned off.

================================
9th july
================================

Since avast couldn't handle the situation I started using other tools: OTL, Rogue Killer, aswMBR, FRST and FSS. If needed I may provide full logs.

First I used Rogue Killer. It deteced some infections (ZeroAcces, HJ). I ordered it to delete infected items and rebooted the pc. I repeated this (scan, delete, reboot) several times. Each of first 3 or 4 times made the situation better (less infections) and Avast stopped complaining at all. After this Rogue Killer couldn't do more. It still reported ZeroAccess infections in Desktop.ini in c:\windows\assembly\gac_32\desktop.ini and c:\windows\assembly\gac_64\desktop.ini).

Then I used aswMBR. The log contained following suspicious entries:

15:07:24.766 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:07:27.873 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80036a22c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:07:27.903 \Driver\atapi[0xfffffa8004490420] -> IRP_MJ_CREATE -> 0xfffffa80036a22c0
15:08:37.814 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:08:39.452 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]

Then I used FSS. It complained about bad md5 of following files: afd.sys, tcpip.sys, mpssvc.dll, SDRSVC.dll, cryptsvc.dll. It also complained about nonexistent Action Center and Windows Defender service keys.

At last I used FRST. It found ZeroAccess in C:\Windows\assembly\GAC_32\Desktop.ini, C:\Windows\assembly\GAC_64\Desktop.ini and in C:\Windows\System32\services.exe.

Oh, I also used TDSSKiller. The results were:

Unsigned file
Service: nlsvc
Suspicious object, medium risk

Locked file
Service: sptd
Suspicious object, medium risk


==========================================
OTL log
==========================================

OTL logfile created on: 2012-07-10 11:54:50 - Run 5
OTL by OldTimer - Version 3.2.53.1 Folder = D:\virus
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,34% Memory free
8,00 Gb Paging File | 5,93 Gb Available in Paging File | 74,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 73,02 Gb Free Space | 48,71% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 20,38 Gb Free Space | 6,46% Space Free | Partition Type: NTFS

Computer Name: fl-PC | User Name: my_name_replaced | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-05 14:47:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\virus\OTL.exe
PRC - [2012-06-21 10:41:35 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012-05-28 17:43:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-05-24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\my_name_replaced\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-12-06 17:05:28 | 000,024,424 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-09-06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-08-02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011-01-17 18:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 18:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2012-07-05 09:44:13 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012-06-21 10:41:40 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012-06-21 10:41:40 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012-06-21 10:41:40 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012-06-21 10:41:40 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012-06-21 10:41:40 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012-06-21 10:41:39 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012-06-21 10:41:39 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012-06-21 10:41:39 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012-06-21 10:41:39 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012-06-21 10:41:39 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012-06-21 10:41:39 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012-06-21 10:41:39 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012-06-21 10:41:39 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2011-10-28 14:34:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011-10-22 10:16:18 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009-07-14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-05 15:45:14 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-11-08 02:19:36 | 004,761,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012-07-05 09:44:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-28 17:43:02 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-12-06 17:05:28 | 000,024,424 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe -- (VisualSVNServer)
SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-11-11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-02 18:37:10 | 000,348,560 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2011-10-27 12:29:49 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011-09-06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011-09-06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011-09-06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011-09-06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011-09-06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-09-06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011-06-01 05:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011-03-21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-08-13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)



O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (COmeaHelper Object) - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {35402C01-1777-4159-9ABA-3480BA70D90A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKU\S-1-5-21-2230560716-1881926867-1619574448-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2230560716-1881926867-1619574448-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\my_name_replaced\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip and Edit - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8:64bit: - Extra context menu item: Clip and Save - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8:64bit: - Extra context menu item: Subscribe to Feed - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Clip and Edit - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Clip and Save - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Subscribe to Feed - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.11 217.8.168.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RealityPump.pl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5162EC37-A7E0-4DF9-9352-23785F2C3BE2}: DhcpNameServer = 192.168.100.11 217.8.168.244
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67387440-008c-11e1-bd7e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67387440-008c-11e1-bd7e-806e6f6e6963}\Shell\AutoRun\command - "" = M:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (SeDAEMON Tools LiteaswTdi.sys -- (aswTdi)
DRV:64bit: - [2011-09-06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System |assemblydrivers Running] -- C:rverDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-10 20:11:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012-07-09 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\my_name_replaced\Desktop\RK_Quarantine
[2012-07-05 14:29:29 | 000,000,000 | ---D | C] -- C:\UParameters: DhcpNameServer = 192.168.100.11 217.8.168.244
O17 - HKLMsers\my_name_replaced\AppData\Roaming\Malwarebytes
[2012-07-05 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-07-05 14:29:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-07-05 14:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-07-05 14:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-07-05 09:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-06-27 17:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpiderOak
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-07-10 11:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-10 10:25:23 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-10 10:25:23 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-10 10:17:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-10 10:17:41 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-09 13:59:41 | 000,002,068 | ---- | M] () -- C:\Users\my_name_replaced\Documents\Default.rdp
[2012-07-03 11:41:28 | 000,016,250 | ---- | M] () -- C:\Users\my_name_replaced\_viminfo
[2012-07-03 11:40:24 | 000,000,987 | ---- | M] () -- C:\Users\my_name_replaced\.gitk
[2012-06-29 18:24:21 | 000,003,916 | ---- | M] () -- C:\Users\my_name_replaced\.bash_history
[2012-06-15 10:01:45 | 002,146,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-15 10:01:45 | 000,679,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-06-15 10:01:45 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-15 10:01:45 | 000,468,808 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012-06-15 10:01:45 | 000,128,620 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-06-15 10:01:45 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-15 10:01:45 | 000,093,466 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012-06-14 10:16:19 | 000,003,584 | ---- | M] () -- C:\Users\my_name_replaced\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-14 10:01:40 | 000,001,020 | ---- | M] () -- C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012-06-14 09:42:16 | 000,293,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-07-05 09:42:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-14 10:16:19 | 000,003,584 | ---- | C] () -- C:\Users\my_name_replaced\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-22 10:43:17 | 000,000,035 | ---- | C] () -- C:\Users\my_name_replaced\.lesshst
[2012-03-15 17:47:51 | 000,358,912 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2012-03-15 17:47:51 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2012-03-15 17:47:51 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2012-03-01 16:17:16 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-01 16:17:10 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012-03-01 16:17:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-02-03 11:48:05 | 000,000,000 | ---- | C] () -- C:\Users\my_name_replaced\mydump
[2012-01-24 18:15:36 | 000,000,147 | ---- | C] () -- C:\Users\my_name_replaced\.bash_profile
[2011-10-28 16:31:51 | 000,016,250 | ---- | C] () -- C:\Users\my_name_replaced\_viminfo
[2011-10-28 16:13:39 | 000,003,916 | ---- | C] () -- C:\Users\my_name_replaced\.bash_history
[2011-10-28 14:38:32 | 000,000,987 | ---- | C] () -- C:\Users\my_name_replaced\.gitk
[2011-10-28 11:18:27 | 000,000,017 | ---- | C] () -- C:\Users\my_name_replaced\AppData\Local\resmon.resmoncfg
[2011-10-28 11:06:32 | 000,000,055 | ---- | C] () -- C:\Users\my_name_replaced\.gitconfig
[2011-10-27 13:24:49 | 002,099,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-10-27 11:35:44 | 000,003,048 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012-03-05 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Autodesk
[2012-05-17 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Awasu
[2011-10-27 13:19:33 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\DAEMON Tools Lite
[2012-07-10 10:18:51 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Dropbox
[2012-03-12 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Eric4
[2012-05-17 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Feedreader
[2011-12-13 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\GHISLER
[2012-03-19 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\IrfanView
[2012-05-22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\JetBrains
[2012-03-05 16:37:03 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Notepad++
[2011-10-28 14:36:07 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\OpenOffice.org
[2011-10-27 11:52:22 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Opera
[2012-03-01 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Origin
[2012-06-29 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\SpiderOak
[2011-10-28 12:00:53 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Subversion
[2012-06-26 14:59:41 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\uTorrent
[2012-07-04 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\VisualAssist
[2012-03-26 13:27:39 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Wuala
[2012-03-21 10:49:21 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >Usersmy_name_replaced

Edited by flv, 10 July 2012 - 06:28 AM.

  • 0

Advertisements

#2
Render
Posted 10 July 2012 - 08:16 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#3
flv
Posted 10 July 2012 - 09:16 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I've done everything you asked me to but I've had some issues. First, I tried to turn off Windows Firewall in control panel but I couldn't do that - a dialog was shown saying that this can't be done (hex value of error was given but I lost it :///). Second, combo fix complained about avast resident protection being active although I explicitly disabled all avast shields. Then I pressed OK in combo fix dialog that was telling me to turn off avast. Another dialog appeared - it was empty, the caption was "Error". I closed it and combo fix began. After reboot, while combo fix was doing something, I quickly disabled all avast shields as they were in operation again.

Oh, now, after combo fix has finished, I'm able to access Windows Firewall settings..

Here's combo fix log:

ComboFix 12-07-10.01 - Szymon.Iwanski 2012-07-10 16:38:58.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1250.48.1033.18.4094.1975 [GMT 2:00]
Uruchomiony z: c:\users\Szymon.Iwanski\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Usuniŕto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Zainfekowana kopia c:\windows\system32\Services.exe zosta│a znaleziona. Problem naprawiono
Plik odzyskano z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-06-10 do 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 18:11 . 2012-07-10 18:11 -------- d-----w- C:\FRST
2012-07-10 14:46 . 2012-07-10 14:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-10 14:46 . 2012-07-10 14:46 -------- d-----w- c:\users\SZYMON~1~IWA\AppData\Local\temp
2012-07-10 14:46 . 2012-07-10 14:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 12:29 . 2012-07-05 12:29 -------- d-----w- c:\users\Szymon.Iwanski\AppData\Roaming\Malwarebytes
2012-07-05 12:29 . 2012-07-05 12:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 12:29 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 12:29 . 2012-07-05 12:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 07:42 . 2012-07-05 07:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 07:42 . 2012-07-05 07:42 -------- d-----w- c:\windows\system32\Macromed
2012-07-03 07:40 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F450719-CA9F-48D4-B7CA-E3A395B9F7D3}\mpengine.dll
2012-06-27 15:09 . 2012-06-27 15:09 -------- d-----w- c:\program files (x86)\SpiderOak
2012-06-21 07:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:34 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:34 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:34 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:34 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:34 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 07:42 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 07:44 . 2011-11-02 09:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-28 15:43 . 2012-03-01 14:17 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-28 15:42 . 2012-03-01 16:21 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-28 15:42 . 2012-03-01 14:17 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-28 15:30 . 2012-03-01 14:17 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-26 12:48 . 2012-04-26 12:48 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-04-26 12:48 . 2012-04-26 12:48 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2012-04-25 01:30 . 2011-10-27 11:36 1280384 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyťlne, prawid│owe wpisy nie s╣ pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{A66DF64D-9267-40FF-8B6C-BA9517E679AF}"
[HKEY_CLASSES_ROOT\CLSID\{A66DF64D-9267-40FF-8B6C-BA9517E679AF}]
2011-12-02 16:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 16:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Szymon.Iwanski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-05 1431888]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-27 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 348560]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2011-03-21 88200]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 VisualSVNServer;VisualSVN Server;c:\program files (x86)\VisualSVN Server\bin\VisualSVNServer.exe [2011-12-06 24424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2011-03-21 33416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]
.
.
--- Inne Us│ugi/Sterowniki w Pamiŕci ---
.
*NewlyCreated* - WS2IFSL
.
ZawartoťŠ folderu 'Zaplanowane zadania'
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 07:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{A66DF64D-9267-40FF-8B6C-BA9517E679AF}"
[HKEY_CLASSES_ROOT\CLSID\{A66DF64D-9267-40FF-8B6C-BA9517E679AF}]
2011-12-02 16:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Szymon.Iwanski\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 16:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Skan uzupe│niaj╣cy -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Clip and Edit - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1000
IE: Clip and Save - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1001
IE: Subscribe to Feed - c:\program files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll/1002
TCP: DhcpNameServer = 192.168.100.11 217.8.168.244
.
- - - - USUNI╩TO PUSTE WPISY - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1335383598-3148590315-1204926149-1629\Software\SecuROM\License information*]
"datasecu"=hex:9b,c1,db,51,c7,65,ef,ef,62,32,e9,51,96,c1,37,10,34,9d,d4,b8,92,
07,be,f0,10,01,70,ee,f3,e7,7c,87,2c,4f,dc,1b,dd,29,d5,1a,cd,04,e6,39,27,ee,\
"rkeysecu"=hex:ea,58,f9,89,ef,2a,1f,81,09,13,02,3f,dd,b3,13,80
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Pozosta│e uruchomione procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Czas uko˝czenia: 2012-07-10 16:55:25 - komputer zosta│ uruchomiony ponownie
ComboFix-quarantined-files.txt 2012-07-10 14:55
.
Przed: 78á030á696á448 bytes free
Po: 81á293á549á568 bytes free
.
- - End Of File - - 7B2994E60BFD21716A396217310BE98C

Edited by flv, 10 July 2012 - 09:17 AM.

  • 0

#4
Render
Posted 10 July 2012 - 09:55 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please delete your copies of aswMBR and TDSSKiller. We will download fresh ones.

Step 1

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK button.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Please copy and paste its contents on your next reply.

When completed the above, please post back the following in the order asked for:
  • aswMBR log and attached zipped MBR.dat file
  • TDSSKiller log

  • 0

#5
flv
Posted 11 July 2012 - 02:15 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
DeFogger successfully disabled emulator drivers.

===============================
aswMBR log
===============================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 09:45:51
-----------------------------
09:45:51.860 OS Version: Windows x64 6.1.7600
09:45:51.860 Number of processors: 4 586 0xF0B
09:45:51.860 ComputerName: fl-PC UserName:
09:45:52.855 Initialize success
09:45:53.395 AVAST engine defs: 12071100
09:46:02.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
09:46:02.250 Disk 0 Vendor: ST500DM002-1BD142 KC43 Size: 476938MB BusType: 3
09:46:02.260 Disk 0 MBR read successfully
09:46:02.260 Disk 0 MBR scan
09:46:02.270 Disk 0 Windows 7 default MBR code
09:46:02.270 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:46:02.290 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 153499 MB offset 206848
09:46:02.300 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 323339 MB offset 314572800
09:46:02.340 Disk 0 scanning C:\Windows\system32\drivers
09:46:14.020 Service scanning
09:46:45.022 Modules scanning
09:46:45.022 Disk 0 trace - called modules:
09:46:45.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:46:45.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004720060]
09:46:45.062 3 CLASSPNP.SYS[fffff880019a843f] -> nt!IofCallDriver -> [0xfffffa800414e520]
09:46:45.062 5 ACPI.sys[fffff88000eed781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004156680]
09:46:53.417 AVAST engine scan C:\Windows
09:47:04.280 AVAST engine scan C:\Windows\system32
09:48:21.380 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:48:23.595 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:50:17.910 AVAST engine scan C:\Windows\system32\drivers
09:50:40.595 AVAST engine scan C:\Users\my_name_replaced
09:55:33.648 File: C:\Users\my_name_replaced\Desktop\RK_Quarantine\[email protected] **INFECTED** Win32:Malware-gen
09:55:49.613 AVAST engine scan C:\ProgramData
09:56:54.616 Scan finished successfully
09:57:25.261 Disk 0 MBR has been saved successfully to "C:\Users\my_name_replaced\Desktop\MBR.dat"
09:57:25.271 The log file has been saved successfully to "C:\Users\my_name_replaced\Desktop\aswMBR.txt"

===============================
TDSSKiller log
===============================

09:59:48.0394 3352 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
09:59:48.0544 3352 ============================================================
09:59:48.0544 3352 Current date / time: 2012/07/11 09:59:48.0544
09:59:48.0544 3352 SystemInfo:
09:59:48.0544 3352
09:59:48.0544 3352 OS Version: 6.1.7600 ServicePack: 0.0
09:59:48.0544 3352 Product type: Workstation
09:59:48.0544 3352 ComputerName: fl-PC
09:59:48.0544 3352 UserName: my_name_replaced
09:59:48.0544 3352 Windows directory: C:\Windows
09:59:48.0544 3352 System windows directory: C:\Windows
09:59:48.0544 3352 Running under WOW64
09:59:48.0544 3352 Processor architecture: Intel x64
09:59:48.0544 3352 Number of processors: 4
09:59:48.0544 3352 Page size: 0x1000
09:59:48.0544 3352 Boot type: Normal boot
09:59:48.0544 3352 ============================================================
09:59:49.0219 3352 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:59:49.0229 3352 ============================================================
09:59:49.0229 3352 \Device\Harddisk0\DR0:
09:59:49.0229 3352 MBR partitions:
09:59:49.0229 3352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:59:49.0229 3352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x12BCD800
09:59:49.0229 3352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12C00000, BlocksNum 0x27785800
09:59:49.0229 3352 ============================================================
09:59:49.0279 3352 C: <-> \Device\Harddisk0\DR0\Partition1
09:59:49.0309 3352 D: <-> \Device\Harddisk0\DR0\Partition2
09:59:49.0309 3352 ============================================================
09:59:49.0309 3352 Initialize success
09:59:49.0309 3352 ============================================================
10:00:01.0309 4936 ============================================================
10:00:01.0309 4936 Scan started
10:00:01.0309 4936 Mode: Manual; SigCheck; TDLFS;
10:00:01.0309 4936 ============================================================
10:00:02.0009 4936 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:00:02.0164 4936 1394ohci - ok
10:00:02.0184 4936 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:00:02.0204 4936 ACPI - ok
10:00:02.0224 4936 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:00:02.0274 4936 AcpiPmi - ok
10:00:02.0414 4936 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:00:02.0434 4936 AdobeFlashPlayerUpdateSvc - ok
10:00:02.0474 4936 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:00:02.0504 4936 adp94xx - ok
10:00:02.0544 4936 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:00:02.0569 4936 adpahci - ok
10:00:02.0594 4936 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:00:02.0612 4936 adpu320 - ok
10:00:02.0632 4936 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:00:02.0687 4936 AeLookupSvc - ok
10:00:02.0747 4936 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
10:00:02.0794 4936 AFD - ok
10:00:02.0824 4936 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:00:02.0844 4936 agp440 - ok
10:00:02.0874 4936 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:00:02.0904 4936 ALG - ok
10:00:02.0924 4936 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:00:02.0944 4936 aliide - ok
10:00:02.0944 4936 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:00:02.0964 4936 amdide - ok
10:00:03.0014 4936 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:00:03.0054 4936 AmdK8 - ok
10:00:03.0074 4936 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:00:03.0114 4936 AmdPPM - ok
10:00:03.0134 4936 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:00:03.0154 4936 amdsata - ok
10:00:03.0194 4936 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:00:03.0204 4936 amdsbs - ok
10:00:03.0224 4936 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:00:03.0244 4936 amdxata - ok
10:00:03.0264 4936 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:00:03.0314 4936 AppID - ok
10:00:03.0334 4936 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:00:03.0404 4936 AppIDSvc - ok
10:00:03.0434 4936 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
10:00:03.0464 4936 Appinfo - ok
10:00:03.0524 4936 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:00:03.0567 4936 AppMgmt - ok
10:00:03.0597 4936 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:00:03.0619 4936 arc - ok
10:00:03.0649 4936 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:00:03.0664 4936 arcsas - ok
10:00:03.0739 4936 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:00:03.0754 4936 aspnet_state - ok
10:00:03.0794 4936 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
10:00:03.0854 4936 aswFsBlk - ok
10:00:03.0924 4936 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
10:00:03.0934 4936 aswMonFlt - ok
10:00:03.0974 4936 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
10:00:03.0984 4936 aswRdr - ok
10:00:04.0044 4936 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
10:00:04.0067 4936 aswSnx - ok
10:00:04.0097 4936 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
10:00:04.0117 4936 aswSP - ok
10:00:04.0127 4936 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
10:00:04.0147 4936 aswTdi - ok
10:00:04.0167 4936 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:04.0217 4936 AsyncMac - ok
10:00:04.0227 4936 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:00:04.0247 4936 atapi - ok
10:00:04.0287 4936 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:00:04.0347 4936 AudioEndpointBuilder - ok
10:00:04.0347 4936 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
10:00:04.0397 4936 AudioSrv - ok
10:00:04.0477 4936 avast! Antivirus (c76769f246250edad34a5581419e9d60) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:00:04.0497 4936 avast! Antivirus - ok
10:00:04.0829 4936 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
10:00:04.0889 4936 AxInstSV - ok
10:00:05.0009 4936 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:00:05.0049 4936 b06bdrv - ok
10:00:05.0099 4936 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:00:05.0139 4936 b57nd60a - ok
10:00:05.0159 4936 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:00:05.0229 4936 BDESVC - ok
10:00:05.0259 4936 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:00:05.0349 4936 Beep - ok
10:00:05.0389 4936 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
10:00:05.0449 4936 BFE - ok
10:00:05.0489 4936 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
10:00:05.0539 4936 BITS - ok
10:00:05.0599 4936 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:00:05.0629 4936 blbdrive - ok
10:00:05.0679 4936 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:00:05.0719 4936 bowser - ok
10:00:05.0729 4936 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:00:05.0779 4936 BrFiltLo - ok
10:00:05.0789 4936 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:00:05.0809 4936 BrFiltUp - ok
10:00:05.0869 4936 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:00:05.0919 4936 BridgeMP - ok
10:00:05.0949 4936 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
10:00:05.0989 4936 Browser - ok
10:00:06.0009 4936 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:00:06.0039 4936 Brserid - ok
10:00:06.0059 4936 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:00:06.0089 4936 BrSerWdm - ok
10:00:06.0099 4936 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:00:06.0149 4936 BrUsbMdm - ok
10:00:06.0159 4936 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:00:06.0189 4936 BrUsbSer - ok
10:00:06.0199 4936 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:00:06.0229 4936 BTHMODEM - ok
10:00:06.0249 4936 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:00:06.0299 4936 bthserv - ok
10:00:06.0389 4936 cbfs3 (500d11b4dc045af6eb7ec4d4f0f5cf08) C:\Windows\system32\drivers\cbfs3.sys
10:00:06.0419 4936 cbfs3 - ok
10:00:06.0439 4936 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:00:06.0529 4936 cdfs - ok
10:00:06.0559 4936 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:00:06.0589 4936 cdrom - ok
10:00:06.0639 4936 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:00:06.0739 4936 CertPropSvc - ok
10:00:06.0762 4936 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:00:06.0784 4936 circlass - ok
10:00:06.0814 4936 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:00:06.0834 4936 CLFS - ok
10:00:06.0904 4936 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:00:06.0924 4936 clr_optimization_v2.0.50727_32 - ok
10:00:06.0964 4936 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:00:06.0974 4936 clr_optimization_v2.0.50727_64 - ok
10:00:07.0044 4936 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:00:07.0074 4936 clr_optimization_v4.0.30319_32 - ok
10:00:07.0094 4936 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:00:07.0104 4936 clr_optimization_v4.0.30319_64 - ok
10:00:07.0134 4936 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:00:07.0164 4936 CmBatt - ok
10:00:07.0174 4936 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:00:07.0184 4936 cmdide - ok
10:00:07.0244 4936 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:00:07.0274 4936 CNG - ok
10:00:07.0284 4936 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:00:07.0304 4936 Compbatt - ok
10:00:07.0324 4936 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:00:07.0354 4936 CompositeBus - ok
10:00:07.0364 4936 COMSysApp - ok
10:00:07.0374 4936 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:00:07.0394 4936 crcdisk - ok
10:00:07.0444 4936 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
10:00:07.0494 4936 CryptSvc - ok
10:00:07.0524 4936 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
10:00:07.0554 4936 CSC - ok
10:00:07.0664 4936 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
10:00:07.0714 4936 CscService - ok
10:00:07.0774 4936 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
10:00:07.0827 4936 DcomLaunch - ok
10:00:07.0877 4936 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:00:07.0927 4936 defragsvc - ok
10:00:07.0977 4936 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:00:08.0007 4936 DfsC - ok
10:00:08.0047 4936 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
10:00:08.0097 4936 Dhcp - ok
10:00:08.0117 4936 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:00:08.0177 4936 discache - ok
10:00:08.0227 4936 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:00:08.0247 4936 Disk - ok
10:00:08.0297 4936 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
10:00:08.0327 4936 Dnscache - ok
10:00:08.0377 4936 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
10:00:08.0437 4936 dot3svc - ok
10:00:08.0447 4936 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
10:00:08.0497 4936 DPS - ok
10:00:08.0527 4936 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:00:08.0557 4936 drmkaud - ok
10:00:08.0607 4936 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:00:08.0637 4936 DXGKrnl - ok
10:00:08.0667 4936 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:00:08.0727 4936 EapHost - ok
10:00:08.0839 4936 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:00:08.0929 4936 ebdrv - ok
10:00:09.0019 4936 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
10:00:09.0069 4936 EFS - ok
10:00:09.0119 4936 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
10:00:09.0159 4936 ehRecvr - ok
10:00:09.0179 4936 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:00:09.0209 4936 ehSched - ok
10:00:09.0289 4936 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:00:09.0319 4936 elxstor - ok
10:00:09.0339 4936 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:00:09.0369 4936 ErrDev - ok
10:00:09.0409 4936 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:00:09.0469 4936 EventSystem - ok
10:00:09.0499 4936 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:00:09.0549 4936 exfat - ok
10:00:09.0569 4936 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:00:09.0639 4936 fastfat - ok
10:00:09.0679 4936 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
10:00:09.0724 4936 Fax - ok
10:00:09.0744 4936 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:00:09.0774 4936 fdc - ok
10:00:09.0804 4936 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:00:09.0864 4936 fdPHost - ok
10:00:09.0874 4936 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:00:09.0929 4936 FDResPub - ok
10:00:09.0952 4936 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:00:09.0967 4936 FileInfo - ok
10:00:09.0974 4936 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:00:10.0029 4936 Filetrace - ok
10:00:10.0194 4936 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:00:10.0244 4936 FLEXnet Licensing Service 64 - ok
10:00:10.0364 4936 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:00:10.0397 4936 flpydisk - ok
10:00:10.0424 4936 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:00:10.0444 4936 FltMgr - ok
10:00:10.0499 4936 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
10:00:10.0547 4936 FontCache - ok
10:00:10.0619 4936 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:00:10.0637 4936 FontCache3.0.0.0 - ok
10:00:10.0699 4936 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:00:10.0724 4936 FsDepends - ok
10:00:10.0737 4936 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
10:00:10.0752 4936 Fs_Rec - ok
10:00:10.0824 4936 Futuremark SystemInfo Service (434b6251710f3f2d19d5e040d336300d) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
10:00:10.0844 4936 Futuremark SystemInfo Service - ok
10:00:10.0887 4936 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:00:10.0909 4936 fvevol - ok
10:00:10.0929 4936 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:00:10.0944 4936 gagp30kx - ok
10:00:10.0984 4936 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
10:00:11.0022 4936 gpsvc - ok
10:00:11.0034 4936 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:00:11.0059 4936 hcw85cir - ok
10:00:11.0097 4936 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:00:11.0147 4936 HdAudAddService - ok
10:00:11.0167 4936 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:00:11.0197 4936 HDAudBus - ok
10:00:11.0217 4936 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:00:11.0227 4936 HidBatt - ok
10:00:11.0247 4936 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:00:11.0277 4936 HidBth - ok
10:00:11.0297 4936 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:00:11.0327 4936 HidIr - ok
10:00:11.0357 4936 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:00:11.0407 4936 hidserv - ok
10:00:11.0437 4936 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:00:11.0467 4936 HidUsb - ok
10:00:11.0487 4936 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
10:00:11.0539 4936 hkmsvc - ok
10:00:11.0559 4936 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
10:00:11.0589 4936 HomeGroupListener - ok
10:00:11.0614 4936 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
10:00:11.0634 4936 HomeGroupProvider - ok
10:00:11.0647 4936 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:00:11.0657 4936 HpSAMD - ok
10:00:11.0714 4936 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:00:11.0774 4936 HTTP - ok
10:00:11.0789 4936 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:00:11.0802 4936 hwpolicy - ok
10:00:11.0832 4936 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:00:11.0852 4936 i8042prt - ok
10:00:11.0882 4936 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:00:11.0902 4936 iaStorV - ok
10:00:11.0992 4936 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:00:12.0032 4936 idsvc - ok
10:00:12.0062 4936 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:00:12.0072 4936 iirsp - ok
10:00:12.0122 4936 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
10:00:12.0182 4936 IKEEXT - ok
10:00:12.0192 4936 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:00:12.0212 4936 intelide - ok
10:00:12.0232 4936 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:00:12.0252 4936 intelppm - ok
10:00:12.0272 4936 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:00:12.0322 4936 IPBusEnum - ok
10:00:12.0332 4936 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:00:12.0382 4936 IpFilterDriver - ok
10:00:12.0472 4936 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
10:00:12.0542 4936 iphlpsvc - ok
10:00:12.0562 4936 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:00:12.0582 4936 IPMIDRV - ok
10:00:12.0652 4936 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:00:12.0712 4936 IPNAT - ok
10:00:12.0752 4936 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:00:12.0772 4936 IRENUM - ok
10:00:12.0792 4936 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:00:12.0812 4936 isapnp - ok
10:00:12.0832 4936 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:00:12.0852 4936 iScsiPrt - ok
10:00:12.0872 4936 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:00:12.0882 4936 kbdclass - ok
10:00:12.0902 4936 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:00:12.0932 4936 kbdhid - ok
10:00:12.0962 4936 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:00:12.0982 4936 KeyIso - ok
10:00:12.0992 4936 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:00:13.0012 4936 KSecDD - ok
10:00:13.0022 4936 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:00:13.0042 4936 KSecPkg - ok
10:00:13.0052 4936 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:00:13.0102 4936 ksthunk - ok
10:00:13.0142 4936 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:00:13.0202 4936 KtmRm - ok
10:00:13.0232 4936 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
10:00:13.0252 4936 LanmanServer - ok
10:00:13.0282 4936 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
10:00:13.0342 4936 LanmanWorkstation - ok
10:00:13.0372 4936 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:00:13.0422 4936 lltdio - ok
10:00:13.0452 4936 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:00:13.0512 4936 lltdsvc - ok
10:00:13.0522 4936 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:00:13.0569 4936 lmhosts - ok
10:00:13.0587 4936 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:00:13.0602 4936 LSI_FC - ok
10:00:13.0629 4936 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:00:13.0644 4936 LSI_SAS - ok
10:00:13.0667 4936 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:00:13.0682 4936 LSI_SAS2 - ok
10:00:13.0724 4936 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:00:13.0739 4936 LSI_SCSI - ok
10:00:13.0762 4936 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:00:13.0802 4936 luafv - ok
10:00:13.0842 4936 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:00:13.0872 4936 MBAMProtector - ok
10:00:13.0962 4936 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:00:13.0992 4936 MBAMService - ok
10:00:14.0022 4936 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
10:00:14.0052 4936 Mcx2Svc - ok
10:00:14.0082 4936 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:00:14.0092 4936 megasas - ok
10:00:14.0112 4936 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:00:14.0132 4936 MegaSR - ok
10:00:14.0142 4936 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:14.0182 4936 MMCSS - ok
10:00:14.0202 4936 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:00:14.0242 4936 Modem - ok
10:00:14.0262 4936 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:00:14.0282 4936 monitor - ok
10:00:14.0302 4936 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:00:14.0312 4936 mouclass - ok
10:00:14.0342 4936 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:00:14.0372 4936 mouhid - ok
10:00:14.0392 4936 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:00:14.0412 4936 mountmgr - ok
10:00:14.0442 4936 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:00:14.0452 4936 mpio - ok
10:00:14.0472 4936 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:00:14.0502 4936 mpsdrv - ok
10:00:14.0582 4936 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
10:00:14.0642 4936 MpsSvc - ok
10:00:14.0662 4936 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:00:14.0694 4936 MRxDAV - ok
10:00:14.0717 4936 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:00:14.0742 4936 mrxsmb - ok
10:00:14.0762 4936 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:00:14.0792 4936 mrxsmb10 - ok
10:00:14.0812 4936 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:00:14.0842 4936 mrxsmb20 - ok
10:00:14.0862 4936 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:00:14.0882 4936 msahci - ok
10:00:14.0892 4936 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:00:14.0912 4936 msdsm - ok
10:00:14.0932 4936 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:00:14.0962 4936 MSDTC - ok
10:00:14.0982 4936 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:00:15.0022 4936 Msfs - ok
10:00:15.0022 4936 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:00:15.0072 4936 mshidkmdf - ok
10:00:15.0132 4936 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:00:15.0152 4936 msisadrv - ok
10:00:15.0262 4936 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:00:15.0322 4936 MSiSCSI - ok
10:00:15.0332 4936 msiserver - ok
10:00:15.0362 4936 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:00:15.0402 4936 MSKSSRV - ok
10:00:15.0422 4936 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:00:15.0472 4936 MSPCLOCK - ok
10:00:15.0492 4936 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:00:15.0532 4936 MSPQM - ok
10:00:15.0562 4936 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:00:15.0582 4936 MsRPC - ok
10:00:15.0592 4936 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:00:15.0602 4936 mssmbios - ok
10:00:15.0612 4936 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:00:15.0642 4936 MSTEE - ok
10:00:15.0849 4936 msvsmon90 (6bb7df22ccf17a5130542b0a04c94020) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
10:00:15.0994 4936 msvsmon90 - ok
10:00:16.0097 4936 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:00:16.0127 4936 MTConfig - ok
10:00:16.0147 4936 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:00:16.0167 4936 Mup - ok
10:00:16.0197 4936 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
10:00:16.0267 4936 napagent - ok
10:00:16.0307 4936 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:00:16.0347 4936 NativeWifiP - ok
10:00:16.0407 4936 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:00:16.0447 4936 NDIS - ok
10:00:16.0467 4936 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:00:16.0507 4936 NdisCap - ok
10:00:16.0527 4936 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:00:16.0567 4936 NdisTapi - ok
10:00:16.0607 4936 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:00:16.0637 4936 Ndisuio - ok
10:00:16.0657 4936 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:00:16.0687 4936 NdisWan - ok
10:00:16.0697 4936 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:00:16.0747 4936 NDProxy - ok
10:00:16.0767 4936 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:00:16.0812 4936 NetBIOS - ok
10:00:16.0842 4936 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:00:16.0882 4936 NetBT - ok
10:00:16.0912 4936 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:00:16.0942 4936 Netlogon - ok
10:00:16.0992 4936 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:00:17.0042 4936 Netman - ok
10:00:17.0102 4936 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:00:17.0122 4936 NetMsmqActivator - ok
10:00:17.0132 4936 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:00:17.0142 4936 NetPipeActivator - ok
10:00:17.0172 4936 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:00:17.0222 4936 netprofm - ok
10:00:17.0222 4936 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:00:17.0242 4936 NetTcpActivator - ok
10:00:17.0242 4936 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:00:17.0252 4936 NetTcpPortSharing - ok
10:00:17.0309 4936 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:00:17.0332 4936 nfrd960 - ok
10:00:17.0364 4936 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
10:00:17.0427 4936 NlaSvc - ok
10:00:17.0482 4936 NLNdisMP (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
10:00:17.0502 4936 NLNdisMP - ok
10:00:17.0532 4936 NLNdisPT (ad42fb061166af0643806800304bd76f) C:\Windows\system32\DRIVERS\nlndis.sys
10:00:17.0542 4936 NLNdisPT - ok
10:00:17.0672 4936 nlsvc (6988373e38223438b09f0c27d7e67393) C:\Program Files\NetLimiter 3\nlsvc.exe
10:00:17.0712 4936 nlsvc ( UnsignedFile.Multi.Generic ) - warning
10:00:17.0712 4936 nlsvc - detected UnsignedFile.Multi.Generic (1)
10:00:17.0742 4936 nltdi (75e6581de9a0b155edab6807e668be06) C:\Program Files\NetLimiter 3\nltdi.sys
10:00:17.0752 4936 nltdi - ok
10:00:17.0882 4936 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:00:17.0942 4936 Npfs - ok
10:00:17.0972 4936 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:00:18.0022 4936 nsi - ok
10:00:18.0022 4936 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:00:18.0072 4936 nsiproxy - ok
10:00:18.0132 4936 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:00:18.0192 4936 Ntfs - ok
10:00:18.0282 4936 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:00:18.0322 4936 Null - ok
10:00:18.0667 4936 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:00:18.0959 4936 nvlddmkm - ok
10:00:19.0069 4936 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:00:19.0099 4936 nvraid - ok
10:00:19.0129 4936 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:00:19.0149 4936 nvstor - ok
10:00:19.0219 4936 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
10:00:19.0269 4936 nvsvc - ok
10:00:19.0429 4936 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:00:19.0479 4936 nvUpdatusService - ok
10:00:19.0589 4936 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:00:19.0609 4936 nv_agp - ok
10:00:19.0649 4936 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:00:19.0679 4936 ohci1394 - ok
10:00:19.0759 4936 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:00:19.0779 4936 ose - ok
10:00:19.0814 4936 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:19.0844 4936 p2pimsvc - ok
10:00:19.0864 4936 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:00:19.0884 4936 p2psvc - ok
10:00:19.0914 4936 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:00:19.0934 4936 Parport - ok
10:00:19.0964 4936 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
10:00:19.0974 4936 partmgr - ok
10:00:19.0984 4936 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:00:20.0024 4936 PcaSvc - ok
10:00:20.0044 4936 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:00:20.0054 4936 pci - ok
10:00:20.0064 4936 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:00:20.0084 4936 pciide - ok
10:00:20.0104 4936 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:00:20.0124 4936 pcmcia - ok
10:00:20.0134 4936 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:00:20.0154 4936 pcw - ok
10:00:20.0184 4936 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:00:20.0254 4936 PEAUTH - ok
10:00:20.0394 4936 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:00:20.0462 4936 PeerDistSvc - ok
10:00:20.0517 4936 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:00:20.0537 4936 PerfHost - ok
10:00:20.0629 4936 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
10:00:20.0704 4936 pla - ok
10:00:20.0739 4936 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
10:00:20.0762 4936 PlugPlay - ok
10:00:20.0794 4936 PnkBstrA - ok
10:00:20.0812 4936 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:00:20.0844 4936 PNRPAutoReg - ok
10:00:20.0864 4936 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:00:20.0894 4936 PNRPsvc - ok
10:00:20.0924 4936 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
10:00:20.0974 4936 PolicyAgent - ok
10:00:21.0004 4936 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:00:21.0054 4936 Power - ok
10:00:21.0114 4936 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:00:21.0164 4936 PptpMiniport - ok
10:00:21.0184 4936 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:00:21.0204 4936 Processor - ok
10:00:21.0234 4936 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
10:00:21.0264 4936 ProfSvc - ok
10:00:21.0294 4936 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:00:21.0324 4936 ProtectedStorage - ok
10:00:21.0364 4936 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:00:21.0414 4936 Psched - ok
10:00:21.0474 4936 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:00:21.0524 4936 ql2300 - ok
10:00:21.0624 4936 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:00:21.0634 4936 ql40xx - ok
10:00:21.0664 4936 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:00:21.0694 4936 QWAVE - ok
10:00:21.0714 4936 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:00:21.0744 4936 QWAVEdrv - ok
10:00:21.0764 4936 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:00:21.0804 4936 RasAcd - ok
10:00:21.0834 4936 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:00:21.0864 4936 RasAgileVpn - ok
10:00:21.0884 4936 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:00:21.0934 4936 RasAuto - ok
10:00:21.0954 4936 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:00:22.0014 4936 Rasl2tp - ok
10:00:22.0034 4936 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
10:00:22.0094 4936 RasMan - ok
10:00:22.0124 4936 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:00:22.0184 4936 RasPppoe - ok
10:00:22.0204 4936 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:00:22.0254 4936 RasSstp - ok
10:00:22.0264 4936 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:00:22.0324 4936 rdbss - ok
10:00:22.0344 4936 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:00:22.0374 4936 rdpbus - ok
10:00:22.0384 4936 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:00:22.0424 4936 RDPCDD - ok
10:00:22.0444 4936 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
10:00:22.0464 4936 RDPDR - ok
10:00:22.0474 4936 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:00:22.0524 4936 RDPENCDD - ok
10:00:22.0534 4936 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:00:22.0564 4936 RDPREFMP - ok
10:00:22.0594 4936 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
10:00:22.0624 4936 RDPWD - ok
10:00:22.0664 4936 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:00:22.0674 4936 rdyboost - ok
10:00:22.0729 4936 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:00:22.0779 4936 RemoteAccess - ok
10:00:22.0807 4936 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:00:22.0849 4936 RemoteRegistry - ok
10:00:22.0869 4936 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:00:22.0919 4936 RpcEptMapper - ok
10:00:22.0959 4936 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:00:22.0979 4936 RpcLocator - ok
10:00:22.0999 4936 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
10:00:23.0049 4936 RpcSs - ok
10:00:23.0079 4936 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:00:23.0139 4936 rspndr - ok
10:00:23.0189 4936 RTL8167 (0039de6a0a1293889a3f21ecc473263d) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:00:23.0209 4936 RTL8167 - ok
10:00:23.0219 4936 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
10:00:23.0239 4936 s3cap - ok
10:00:23.0269 4936 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:00:23.0289 4936 SamSs - ok
10:00:23.0299 4936 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:00:23.0309 4936 sbp2port - ok
10:00:23.0339 4936 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:00:23.0389 4936 SCardSvr - ok
10:00:23.0409 4936 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:00:23.0464 4936 scfilter - ok
10:00:23.0517 4936 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
10:00:23.0557 4936 Schedule - ok
10:00:23.0584 4936 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
10:00:23.0622 4936 SCPolicySvc - ok
10:00:23.0644 4936 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
10:00:23.0677 4936 SDRSVC - ok
10:00:23.0729 4936 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:00:23.0799 4936 secdrv - ok
10:00:23.0819 4936 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
10:00:23.0859 4936 seclogon - ok
10:00:23.0869 4936 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:00:23.0919 4936 SENS - ok
10:00:23.0929 4936 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:00:23.0949 4936 SensrSvc - ok
10:00:23.0969 4936 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:00:23.0999 4936 Serenum - ok
10:00:24.0019 4936 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:00:24.0039 4936 Serial - ok
10:00:24.0049 4936 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:00:24.0089 4936 sermouse - ok
10:00:24.0109 4936 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
10:00:24.0149 4936 SessionEnv - ok
10:00:24.0169 4936 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:00:24.0199 4936 sffdisk - ok
10:00:24.0209 4936 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:00:24.0229 4936 sffp_mmc - ok
10:00:24.0239 4936 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
10:00:24.0269 4936 sffp_sd - ok
10:00:24.0289 4936 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:00:24.0299 4936 sfloppy - ok
10:00:24.0369 4936 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:00:24.0429 4936 SharedAccess - ok
10:00:24.0459 4936 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
10:00:24.0499 4936 ShellHWDetection - ok
10:00:24.0519 4936 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:00:24.0529 4936 SiSRaid2 - ok
10:00:24.0559 4936 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:00:24.0569 4936 SiSRaid4 - ok
10:00:24.0589 4936 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:00:24.0639 4936 Smb - ok
10:00:24.0669 4936 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:00:24.0709 4936 SNMPTRAP - ok
10:00:24.0739 4936 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:00:24.0749 4936 spldr - ok
10:00:24.0779 4936 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
10:00:24.0809 4936 Spooler - ok
10:00:24.0909 4936 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
10:00:24.0999 4936 sppsvc - ok
10:00:25.0069 4936 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:00:25.0129 4936 sppuinotify - ok
10:00:25.0149 4936 sptd - ok
10:00:25.0229 4936 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:00:25.0259 4936 srv - ok
10:00:25.0289 4936 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:00:25.0329 4936 srv2 - ok
10:00:25.0359 4936 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:00:25.0389 4936 srvnet - ok
10:00:25.0469 4936 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:00:25.0539 4936 SSDPSRV - ok
10:00:25.0559 4936 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:00:25.0629 4936 SstpSvc - ok
10:00:25.0727 4936 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:00:25.0754 4936 Stereo Service - ok
10:00:25.0779 4936 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:00:25.0794 4936 stexstor - ok
10:00:25.0829 4936 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
10:00:25.0867 4936 stisvc - ok
10:00:25.0877 4936 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:00:25.0892 4936 storflt - ok
10:00:25.0907 4936 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:00:25.0937 4936 StorSvc - ok
10:00:25.0957 4936 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
10:00:25.0972 4936 storvsc - ok
10:00:25.0987 4936 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:00:26.0002 4936 swenum - ok
10:00:26.0037 4936 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:00:26.0087 4936 swprv - ok
10:00:26.0144 4936 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
10:00:26.0204 4936 SysMain - ok
10:00:26.0294 4936 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
10:00:26.0354 4936 TabletInputService - ok
10:00:26.0384 4936 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
10:00:26.0444 4936 TapiSrv - ok
10:00:26.0464 4936 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:00:26.0517 4936 TBS - ok
10:00:26.0632 4936 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
10:00:26.0692 4936 Tcpip - ok
10:00:26.0827 4936 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
10:00:26.0877 4936 TCPIP6 - ok
10:00:26.0952 4936 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:00:27.0019 4936 tcpipreg - ok
10:00:27.0039 4936 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:00:27.0064 4936 TDPIPE - ok
10:00:27.0104 4936 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
10:00:27.0114 4936 TDTCP - ok
10:00:27.0134 4936 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:00:27.0174 4936 tdx - ok
10:00:27.0184 4936 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:00:27.0194 4936 TermDD - ok
10:00:27.0244 4936 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
10:00:27.0304 4936 TermService - ok
10:00:27.0324 4936 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:00:27.0344 4936 Themes - ok
10:00:27.0364 4936 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:00:27.0404 4936 THREADORDER - ok
10:00:27.0434 4936 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:00:27.0494 4936 TrkWks - ok
10:00:27.0549 4936 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
10:00:27.0579 4936 TrustedInstaller - ok
10:00:27.0599 4936 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:00:27.0637 4936 tssecsrv - ok
10:00:27.0672 4936 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:00:27.0709 4936 tunnel - ok
10:00:27.0717 4936 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:00:27.0732 4936 uagp35 - ok
10:00:27.0752 4936 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:00:27.0804 4936 udfs - ok
10:00:27.0822 4936 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:00:27.0837 4936 UI0Detect - ok
10:00:27.0857 4936 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:00:27.0867 4936 uliagpkx - ok
10:00:27.0897 4936 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:00:27.0917 4936 umbus - ok
10:00:27.0927 4936 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:00:27.0957 4936 UmPass - ok
10:00:27.0977 4936 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
10:00:28.0007 4936 UmRdpService - ok
10:00:28.0037 4936 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:00:28.0097 4936 upnphost - ok
10:00:28.0117 4936 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
10:00:28.0137 4936 usbccgp - ok
10:00:28.0167 4936 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:00:28.0187 4936 usbcir - ok
10:00:28.0217 4936 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
10:00:28.0227 4936 usbehci - ok
10:00:28.0267 4936 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
10:00:28.0287 4936 usbhub - ok
10:00:28.0297 4936 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
10:00:28.0317 4936 usbohci - ok
10:00:28.0337 4936 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:00:28.0357 4936 usbprint - ok
10:00:28.0377 4936 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:00:28.0407 4936 USBSTOR - ok
10:00:28.0427 4936 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:00:28.0457 4936 usbuhci - ok
10:00:28.0487 4936 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:00:28.0567 4936 UxSms - ok
10:00:28.0597 4936 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
10:00:28.0617 4936 VaultSvc - ok
10:00:28.0637 4936 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:00:28.0647 4936 vdrvroot - ok
10:00:28.0687 4936 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
10:00:28.0717 4936 vds - ok
10:00:28.0737 4936 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:00:28.0757 4936 vga - ok
10:00:28.0767 4936 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:00:28.0809 4936 VgaSave - ok
10:00:28.0824 4936 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:00:28.0842 4936 vhdmp - ok
10:00:28.0852 4936 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:00:28.0867 4936 viaide - ok
10:00:28.0962 4936 VisualSVNServer (e944a321904f21f30349f55031a27bbb) C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
10:00:28.0982 4936 VisualSVNServer - ok
10:00:29.0012 4936 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
10:00:29.0032 4936 vmbus - ok
10:00:29.0042 4936 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:00:29.0072 4936 VMBusHID - ok
10:00:29.0082 4936 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:00:29.0092 4936 volmgr - ok
10:00:29.0112 4936 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:00:29.0132 4936 volmgrx - ok
10:00:29.0152 4936 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:00:29.0172 4936 volsnap - ok
10:00:29.0192 4936 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:00:29.0202 4936 vsmraid - ok
10:00:29.0262 4936 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
10:00:29.0322 4936 VSS - ok
10:00:29.0412 4936 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:00:29.0442 4936 vwifibus - ok
10:00:29.0472 4936 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:00:29.0532 4936 W32Time - ok
10:00:29.0552 4936 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:00:29.0589 4936 WacomPen - ok
10:00:29.0617 4936 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:29.0672 4936 WANARP - ok
10:00:29.0692 4936 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:00:29.0729 4936 Wanarpv6 - ok
10:00:29.0777 4936 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:00:29.0819 4936 WatAdminSvc - ok
10:00:29.0867 4936 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
10:00:29.0927 4936 wbengine - ok
10:00:29.0997 4936 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:00:30.0027 4936 WbioSrvc - ok
10:00:30.0047 4936 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
10:00:30.0077 4936 wcncsvc - ok
10:00:30.0097 4936 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:00:30.0117 4936 WcsPlugInService - ok
10:00:30.0157 4936 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:00:30.0167 4936 Wd - ok
10:00:30.0197 4936 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:00:30.0227 4936 Wdf01000 - ok
10:00:30.0247 4936 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:30.0287 4936 WdiServiceHost - ok
10:00:30.0287 4936 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:00:30.0307 4936 WdiSystemHost - ok
10:00:30.0337 4936 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
10:00:30.0377 4936 WebClient - ok
10:00:30.0397 4936 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:00:30.0457 4936 Wecsvc - ok
10:00:30.0477 4936 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:00:30.0527 4936 wercplsupport - ok
10:00:30.0557 4936 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:00:30.0607 4936 WerSvc - ok
10:00:30.0677 4936 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:00:30.0727 4936 WfpLwf - ok
10:00:30.0747 4936 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:00:30.0757 4936 WIMMount - ok
10:00:30.0817 4936 WinDefend - ok
10:00:30.0827 4936 WinHttpAutoProxySvc - ok
10:00:30.0877 4936 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:00:30.0937 4936 Winmgmt - ok
10:00:31.0007 4936 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
10:00:31.0097 4936 WinRM - ok
10:00:31.0227 4936 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:00:31.0277 4936 Wlansvc - ok
10:00:31.0347 4936 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:00:31.0397 4936 WmiAcpi - ok
10:00:31.0447 4936 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:00:31.0477 4936 wmiApSrv - ok
10:00:31.0507 4936 WMPNetworkSvc - ok
10:00:31.0547 4936 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:00:31.0567 4936 WPCSvc - ok
10:00:31.0597 4936 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
10:00:31.0627 4936 WPDBusEnum - ok
10:00:31.0637 4936 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:00:31.0667 4936 ws2ifsl - ok
10:00:31.0734 4936 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
10:00:31.0772 4936 wscsvc - ok
10:00:31.0777 4936 WSearch - ok
10:00:31.0882 4936 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:00:31.0972 4936 wuauserv - ok
10:00:32.0082 4936 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:00:32.0132 4936 WudfPf - ok
10:00:32.0182 4936 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:00:32.0232 4936 WUDFRd - ok
10:00:32.0252 4936 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
10:00:32.0292 4936 wudfsvc - ok
10:00:32.0322 4936 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:00:32.0352 4936 WwanSvc - ok
10:00:32.0392 4936 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
10:00:32.0422 4936 xusb21 - ok
10:00:32.0442 4936 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:00:32.0632 4936 \Device\Harddisk0\DR0 - ok
10:00:32.0672 4936 Boot (0x1200) (42872a59854fade4aed54be54a895c5d) \Device\Harddisk0\DR0\Partition0
10:00:32.0682 4936 \Device\Harddisk0\DR0\Partition0 - ok
10:00:32.0692 4936 Boot (0x1200) (8558f20135919fa8d63cbe924b0657a1) \Device\Harddisk0\DR0\Partition1
10:00:32.0692 4936 \Device\Harddisk0\DR0\Partition1 - ok
10:00:32.0712 4936 Boot (0x1200) (05ef39fd2a7e22825ca0be48a39e146d) \Device\Harddisk0\DR0\Partition2
10:00:32.0712 4936 \Device\Harddisk0\DR0\Partition2 - ok
10:00:32.0712 4936 ============================================================
10:00:32.0712 4936 Scan finished
10:00:32.0712 4936 ============================================================
10:00:32.0732 4376 Detected object count: 1
10:00:32.0732 4376 Actual detected object count: 1
10:01:07.0952 4376 nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:01:07.0952 4376 nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:01:12.0277 4844 Deinitialize success

Attached Files

  • Attached File  MBR.zip   607bytes   80 downloads

  • 0

#6
Render
Posted 11 July 2012 - 03:12 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please proceed with following steps:

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
  	
:Files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Reg

:Commands
[purity]
[emptytemp]
[reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
services.exe 
C:\Windows\assembly\GAC_32\*.ini
C:\Windows\assembly\GAC_64\*.ini
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#7
flv
Posted 11 July 2012 - 03:58 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here are the results:

==========================
OTL Run Fix log
==========================

All processes killed
========== OTL ==========
========== FILES ==========
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\my_name_replaced\Desktop\cmd.bat deleted successfully.
C:\Users\my_name_replaced\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\my_name_replaced\Desktop\cmd.bat deleted successfully.
C:\Users\my_name_replaced\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\my_name_replaced\Desktop\cmd.bat deleted successfully.
C:\Users\my_name_replaced\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\my_name_replaced\Desktop\cmd.bat deleted successfully.
C:\Users\my_name_replaced\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\my_name_replaced\Desktop\cmd.bat deleted successfully.
C:\Users\my_name_replaced\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: my_name_replaced
->Temp folder emptied: 26583 bytes
->Temporary Internet Files folder emptied: 13338985 bytes
->Java cache emptied: 1189856 bytes
->Opera cache emptied: 62517746 bytes
->Flash cache emptied: 20927 bytes

User: SZYMON~1~IWA
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 2137894 bytes

Total Files Cleaned = 76,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07112012_111902

Files\Folders moved on Reboot...
C:\Users\my_name_replaced\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\my_name_replaced\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012-07-11 11:20:41 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

==========================
OTL Custom Scan log
==========================

OTL logfile created on: 2012-07-11 11:42:29 - Run 7
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\my_name_replaced\Desktop
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,19% Memory free
8,00 Gb Paging File | 6,46 Gb Available in Paging File | 80,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 77,19 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Drive D: | 315,76 Gb Total Space | 22,13 Gb Free Space | 7,01% Space Free | Partition Type: NTFS

Computer Name: fl-PC | User Name: my_name_replaced | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-11 11:15:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\my_name_replaced\Desktop\OTL.exe
PRC - [2012-05-28 17:43:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-05-24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\my_name_replaced\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-12-06 17:05:28 | 000,024,424 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe
PRC - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-09-06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-01-17 18:01:46 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011-01-17 18:01:46 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2011-10-28 14:34:33 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-05 15:45:14 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-09-06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011-03-21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-11-08 02:19:36 | 004,761,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012-07-05 09:44:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-28 17:43:02 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-12-06 17:05:28 | 000,024,424 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VisualSVN Server\bin\VisualSVNServer.exe -- (VisualSVNServer)
SRV - [2011-10-15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-10-15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-11-11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-12-02 18:37:10 | 000,348,560 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2011-09-06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011-09-06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011-09-06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011-09-06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011-09-06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011-09-06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011-06-01 05:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011-03-21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011-03-21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2011-03-11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-08-13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)



O1 HOSTS File: ([2012-07-10 16:50:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (COmeaHelper Object) - {09628AAA-66AD-4FA2-82E2-698185B66463} - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {35402C01-1777-4159-9ABA-3480BA70D90A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKU\S-1-5-21-2230560716-1881926867-1619574448-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2230560716-1881926867-1619574448-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\my_name_replaced\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1335383598-3148590315-1204926149-1629\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2230560716-1881926867-1619574448-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Clip and Edit - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8:64bit: - Extra context menu item: Clip and Save - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8:64bit: - Extra context menu item: Subscribe to Feed - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Clip and Edit - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Clip and Save - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O8 - Extra context menu item: Subscribe to Feed - C:\Program Files (x86)\JetBrains\Omea Reader\IexploreOmeaW.dll (JetBrains Inc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.11 217.8.168.244
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RealityPump.pl
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5162EC37-A7E0-4DF9-9352-23785F2C3BE2}: DhcpNameServer = 192.168.100.11 217.8.168.244
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-07-11 11:19:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-07-11 11:15:39 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\my_name_replaced\Desktop\OTL.exe
[2012-07-11 09:59:11 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\my_name_replaced\Desktop\tdsskiller.exe
[2012-07-11 09:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\my_name_replaced\Desktop\aswMBR.exe
[2012-07-10 20:11:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012-07-10 16:55:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-07-10 16:50:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-07-10 16:37:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-07-10 16:37:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-07-10 16:37:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-07-10 16:33:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-07-10 16:33:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-07-10 16:23:48 | 004,575,265 | R--- | C] (Swearware) -- C:\Users\my_name_replaced\Desktop\Combo-Fix.exe
[2012-07-09 15:19:13 | 000,000,000 | ---D | C] -- C:\Users\my_name_replaced\Desktop\RK_Quarantine
[2012-07-05 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\my_name_replaced\AppData\Roaming\Malwarebytes
[2012-07-05 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-07-05 14:29:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-07-05 14:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-07-05 14:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-07-05 09:42:29 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-05 09:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-06-27 17:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpiderOak
[2012-06-21 09:35:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012-06-21 09:35:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012-06-21 09:35:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012-06-21 09:34:53 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012-06-21 09:34:53 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012-06-21 09:34:53 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012-06-21 09:34:40 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012-06-21 09:34:40 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012-06-13 09:44:23 | 000,851,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-06-13 09:44:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-06-13 09:44:13 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-06-13 09:44:10 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-06-13 09:44:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-06-13 09:44:09 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012-06-13 09:44:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-06-13 09:44:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012-06-13 09:44:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-06-13 09:44:08 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012-06-13 09:44:08 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012-06-13 09:44:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-06-13 09:44:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-06-13 09:44:08 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012-06-13 09:44:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012-06-13 09:44:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012-06-13 09:44:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012-06-13 09:42:57 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-06-13 09:42:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-06-13 09:42:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-06-13 09:42:54 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-06-13 09:42:53 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-06-13 09:42:53 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-06-13 09:42:41 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012-06-13 09:42:35 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012-06-13 09:42:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012-07-11 11:44:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-11 11:28:15 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-11 11:28:15 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-11 11:20:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-11 11:20:29 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-11 11:15:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\my_name_replaced\Desktop\OTL.exe
[2012-07-11 09:59:16 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\my_name_replaced\Desktop\tdsskiller.exe
[2012-07-11 09:57:55 | 000,000,607 | ---- | M] () -- C:\Users\my_name_replaced\Desktop\MBR.zip
[2012-07-11 09:57:25 | 000,000,512 | ---- | M] () -- C:\Users\my_name_replaced\Desktop\MBR.dat
[2012-07-11 09:45:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\my_name_replaced\Desktop\aswMBR.exe
[2012-07-11 09:40:45 | 000,000,188 | ---- | M] () -- C:\Users\my_name_replaced\defogger_reenable
[2012-07-11 09:39:39 | 000,050,477 | ---- | M] () -- C:\Users\my_name_replaced\Desktop\Defogger.exe
[2012-07-10 16:50:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-07-10 16:30:32 | 000,002,068 | ---- | M] () -- C:\Users\my_name_replaced\Documents\Default.rdp
[2012-07-10 16:30:24 | 000,000,987 | -H-- | M] () -- C:\Users\my_name_replaced\.gitk
[2012-07-10 16:24:00 | 004,575,265 | R--- | M] (Swearware) -- C:\Users\my_name_replaced\Desktop\Combo-Fix.exe
[2012-07-05 09:44:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-07-05 09:44:13 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-07-03 11:41:28 | 000,016,250 | ---- | M] () -- C:\Users\my_name_replaced\_viminfo
[2012-06-29 18:24:21 | 000,003,916 | ---- | M] () -- C:\Users\my_name_replaced\.bash_history
[2012-06-15 10:01:45 | 002,146,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-15 10:01:45 | 000,679,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012-06-15 10:01:45 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-15 10:01:45 | 000,468,808 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2012-06-15 10:01:45 | 000,128,620 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012-06-15 10:01:45 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-15 10:01:45 | 000,093,466 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2012-06-14 10:16:19 | 000,003,584 | ---- | M] () -- C:\Users\my_name_replaced\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-14 10:01:40 | 000,001,020 | ---- | M] () -- C:\Users\my_name_replaced\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012-06-14 09:42:16 | 000,293,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012-07-11 09:57:55 | 000,000,607 | ---- | C] () -- C:\Users\my_name_replaced\Desktop\MBR.zip
[2012-07-11 09:57:25 | 000,000,512 | ---- | C] () -- C:\Users\my_name_replaced\Desktop\MBR.dat
[2012-07-11 09:40:45 | 000,000,188 | ---- | C] () -- C:\Users\my_name_replaced\defogger_reenable
[2012-07-11 09:39:38 | 000,050,477 | ---- | C] () -- C:\Users\my_name_replaced\Desktop\Defogger.exe
[2012-07-10 16:37:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-07-10 16:37:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-07-10 16:37:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-07-10 16:37:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-07-10 16:37:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-07-05 09:42:29 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-14 10:16:19 | 000,003,584 | ---- | C] () -- C:\Users\my_name_replaced\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-22 10:43:17 | 000,000,035 | ---- | C] () -- C:\Users\my_name_replaced\.lesshst
[2012-03-15 17:47:51 | 000,358,912 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2012-03-15 17:47:51 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2012-03-15 17:47:51 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2012-03-01 16:17:16 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-01 16:17:10 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012-03-01 16:17:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-02-03 11:48:05 | 000,000,000 | ---- | C] () -- C:\Users\my_name_replaced\mydump
[2012-01-24 18:15:36 | 000,000,147 | ---- | C] () -- C:\Users\my_name_replaced\.bash_profile
[2011-10-28 16:31:51 | 000,016,250 | ---- | C] () -- C:\Users\my_name_replaced\_viminfo
[2011-10-28 16:13:39 | 000,003,916 | ---- | C] () -- C:\Users\my_name_replaced\.bash_history
[2011-10-28 14:38:32 | 000,000,987 | -H-- | C] () -- C:\Users\my_name_replaced\.gitk
[2011-10-28 11:18:27 | 000,000,017 | ---- | C] () -- C:\Users\my_name_replaced\AppData\Local\resmon.resmoncfg
[2011-10-28 11:06:32 | 000,000,055 | ---- | C] () -- C:\Users\my_name_replaced\.gitconfig
[2011-10-27 13:24:49 | 002,099,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-10-27 11:35:44 | 000,003,048 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012-03-05 15:55:41 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Autodesk
[2012-05-17 14:47:10 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Awasu
[2011-10-27 13:19:33 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\DAEMON Tools Lite
[2012-07-11 11:21:49 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Dropbox
[2012-03-12 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Eric4
[2012-05-17 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Feedreader
[2011-12-13 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\GHISLER
[2012-03-19 11:04:26 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\IrfanView
[2012-05-22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\JetBrains
[2012-03-05 16:37:03 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Notepad++
[2011-10-28 14:36:07 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\OpenOffice.org
[2011-10-27 11:52:22 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Opera
[2012-03-01 10:53:56 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Origin
[2012-06-29 17:42:05 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\SpiderOak
[2011-10-28 12:00:53 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Subversion
[2012-06-26 14:59:41 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\uTorrent
[2012-07-11 10:16:04 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\VisualAssist
[2012-03-26 13:27:39 | 000,000,000 | ---D | M] -- C:\Users\my_name_replaced\AppData\Roaming\Wuala
[2012-03-21 10:49:21 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\erdnt\cache86\explorer.exe
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011-02-26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011-02-26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011-02-26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-02-25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-11-20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-02-26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\Services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\Services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache86\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\erdnt\cache64\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010-11-20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010-11-20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009-07-14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009-10-28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\erdnt\cache64\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009-10-28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009-07-14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009-07-14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009-07-14 03:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012-04-20 07:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012-04-20 07:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009-07-14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009-07-14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009-07-14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012-04-20 07:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012-04-20 07:08:37 | 000,672,856 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2012-06-21 10:41:34 | 000,874,384 | ---- | M] (Opera Software)

< End of report >
  • 0

#8
Render
Posted 11 July 2012 - 05:36 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Logs look good. Please proceed with following steps:

Step 1

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Step 2

Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#9
flv
Posted 11 July 2012 - 05:55 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
MBAM log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.11.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
my_name_replaced :: fl-PC [administrator]

Protection: Enabled

2012-07-11 13:48:38
mbam-log-2012-07-11 (13-48-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236145
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by flv, 11 July 2012 - 05:55 AM.

  • 0

#10
Render
Posted 11 July 2012 - 06:00 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

Advertisements

#11
flv
Posted 13 July 2012 - 05:28 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry for the delay - the scan took ages..

============================
Detected threats log:
============================

Status: Deleted (events: 6)
2012-07-12 10:46:13 Deleted Trojan program Trojan.Win32.Miner.dw C:\Documents and Settings\my_name_replaced\Desktop\RK_Quarantine\[email protected]//data0000.res High
2012-07-12 10:46:17 Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Documents and Settings\my_name_replaced\Desktop\RK_Quarantine\[email protected] High
2012-07-12 10:46:13 Deleted Trojan program Trojan.Win32.Miner.dw C:\Documents and Settings\my_name_replaced\Desktop\RK_Quarantine\[email protected] High
2012-07-12 11:25:32 Deleted virus Virus.Win64.ZAccess.b C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir High
2012-07-12 13:35:37 Deleted Trojan program Backdoor.Win64.ZAccess.bs C:\_OTL\MovedFiles\07112012_111902\C_Windows\assembly\GAC_64\Desktop.ini High
2012-07-12 13:35:40 Deleted Trojan program Backdoor.Win32.ZAccess.oun C:\_OTL\MovedFiles\07112012_111902\C_Windows\assembly\GAC_32\Desktop.ini High
Status: Disinfected (events: 2)
2012-07-13 09:56:07 Disinfected adware not-a-virus:AdWare.Win32.BHO.kdh D:\books\roaming\KAT\KAT IT\games\ai\Buckland_AISource.zip/Common/lua-5.0/bin/Luac.exe Medium
2012-07-13 09:56:07 Disinfected adware not-a-virus:AdWare.Win32.BHO.kdh D:\books\roaming\KAT\KAT IT\games\ai\Buckland_AISource.zip Medium

=====================================================
Pasword protected - shoud I be worried about those?
=====================================================
Automatic Scan: completed 36 minutes ago (events: 20, objects: 4437750, time: 1 day 01:49:33)
2012-07-13 10:58:21 Password protected C:\Users\my_name_replaced\Local Settings\Temp\RarSFX0\5309790rar.exe
2012-07-13 10:54:59 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-13 10:54:46 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-13 10:53:48 Password protected C:\Users\my_name_replaced\AppData\Local\Temp\RarSFX0\5309790rar.exe
2012-07-13 10:21:39 Password protected C:\Documents and Settings\my_name_replaced\Local Settings\Temp\RarSFX0\5309790rar.exe
2012-07-13 10:18:13 Password protected C:\Documents and Settings\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-13 10:18:11 Password protected C:\Documents and Settings\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-13 10:16:59 Password protected C:\Documents and Settings\my_name_replaced\AppData\Local\Temp\RarSFX0\5309790rar.exe
2012-07-13 10:01:33 Password protected c:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-13 10:01:31 Password protected c:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-13 09:57:52 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-13 09:57:23 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-12 11:37:02 Password protected C:\Users\my_name_replaced\Local Settings\Temp\RarSFX0\5309790rar.exe
2012-07-12 11:31:56 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-12 11:31:44 Password protected C:\Users\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-12 11:29:13 Password protected C:\Users\my_name_replaced\AppData\Local\Temp\RarSFX0\5309790rar.exe
2012-07-12 10:47:57 Password protected C:\Documents and Settings\my_name_replaced\Local Settings\Temp\RarSFX0\5309790rar.exe
2012-07-12 10:44:19 Password protected C:\Documents and Settings\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/#
2012-07-12 10:44:17 Password protected C:\Documents and Settings\my_name_replaced\Desktop\setup_11.0.0.1245.x01_2012_07_11_16_53.exe/5309790rar.exe
2012-07-12 10:41:44 Password protected C:\Documents and Settings\my_name_replaced\AppData\Local\Temp\RarSFX0\5309790rar.exe

Attached Files


Edited by flv, 13 July 2012 - 05:32 AM.

  • 0

#12
Render
Posted 13 July 2012 - 05:38 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
I will be away till Sunday afternoon. I will look into your logs then. I'm sorry for the delay.
  • 0

#13
flv
Posted 13 July 2012 - 06:44 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No problem :) Have fun :)
  • 0

#14
Render
Posted 16 July 2012 - 05:14 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Pasword protected - shoud I be worried about those?

I don't think so as it is KAV.

Please update me how is your computer running now and what problems are still evident.
  • 0

#15
flv
Posted 16 July 2012 - 08:05 AM

flv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The system is running fine and I can see no problems :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP