Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Kazy3653 (B), Trojan prorat, W7 erratic & software unresponsive


  • Please log in to reply

#1
Chigwells

Chigwells

    New Member

  • Member
  • Pip
  • 4 posts
Hi All!

This is my first time posting here. A day or two ago Bitdefender IS2013 and Emsisoft AM first notified me of an infection by Kazy3653 (B). I found the notification of both software confusing, as Emsisoft seemed to be saying it was detecting the infection within Bitdefender (screenshot 1). Emsisoft is removing the software successfully, Bitdefender I'm not so sure about (screenshot 2). I am having numerous notifications of renewed Kazy3653 (B) infections each day.

Symptoms have been: frequent freezing of software and W7, lasting a few seconds, sometimes for up to 20+ seconds.
I have just run SAS, MBAM, MBAR, Hitman Pro, all clear. Emsisoft AM is quarantining the virus, although it is not showing up in the quarantine, only in its logs.

There has also been ongoing strange behaviour, that I'm not sure whether is down to malware or not: I can't set a System Restore point (screenshot 3), Bitdefender changed its settings (AntiVirus Control turned itself off), can't open VAIO Care (Sony own maintenance software). In Windows Media Player, I stream to my stereo system. Every time I want to do this, I have to open services.msc in Admin, and start up 'Windows Media Player Network Sharing Services', which always re-sets itself to 'Disabled', regardless of whether I set it to 'Started-manual', or 'Started-automatic'. As an example of how my system is running, I just opened Services.msc to remind myself of the name of said Service. Services.msc took about 15 seconds to open, and then it was (not responding) for about 20 seconds.

Back in March SAS found 'Trojan prorat', see attached screenshot 4. Second time I ran SAS it came up clean.

I changed from Comodo Firewall with Avira free a couple of months ago, to Bitdefender IS2013, haven't been particularly happy with BD (settings changing by themselves, the software TOO transparent and in the background. I haven't had any confidence in using the Bitdefender IS 2013, and as soon as my laptop is declared infection free, I'm going back to Comodo Firewall (most likely with Avira), I got a whole load more confidence from it.
I have recently discovered and installed CCleaner Enhancer, but as I wasn't sure if it was deleting my settings, I've uninstalled it.I hope this all makes sense, I have tried to be as concise as possible.

Many thanks in advance, Chig

Here's my configuration:
W7-HP, Sony VAIO laptop (2012), 8GB ram, Bitdefender IS2013, Emsisoft AM paid, Open DNS, SandboxIE, Iobit ASC Ultimate, Opera (also Firefox), IE disabled, MBAM on-demand, SAS on-demand, WOT, Secunia (always 100% including browser), CCleaner. I work in a limited user account.
Finally I would describe myself as a reasonably competent user, self-taught, single home user.

**************************************************************************************************************************

OTL logfile created on: 01/05/2013 19:58:05 - Run 2


OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Me&My\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.67 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 68.45% Memory free
7.67 Gb Paging File | 5.00 Gb Available in Paging File | 65.26% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.51 Gb Total Space | 68.01 Gb Free Space | 15.03% Space Free | Partition Type: NTFS

Computer Name: ARCHIE-VAIO | User Name: Ronnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 19:57:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Me&My\Desktop\OTL.exe
PRC - [2013/03/27 23:50:14 | 003,089,856 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/03/27 23:50:11 | 003,363,752 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/12/14 14:21:14 | 000,701,392 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
PRC - [2012/12/14 14:21:06 | 000,621,008 | ---- | M] (IOBit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe
PRC - [2012/12/13 15:50:32 | 001,051,088 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe
PRC - [2012/11/07 16:50:40 | 000,512,384 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
PRC - [2012/10/31 12:07:40 | 000,058,240 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\DelayLoad.exe
PRC - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/10/14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/05/31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 20:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 18:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 21:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 21:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 04:44:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms

\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/11 16:28:31 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a

\IAStorUtil.ni.dll
MOD - [2013/01/11 10:54:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#

\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:53:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed

\System.Drawing.ni.dll
MOD - [2013/01/11 10:52:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase

\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:52:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml

\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:52:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration

\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:52:26 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:51:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib

\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/01 11:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madexcept_.bpl
MOD - [2012/11/01 11:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl
MOD - [2012/11/01 11:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madbasic_.bpl
MOD - [2012/09/05 19:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/26 21:57:33 | 001,646,792 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe --

(VSSERV)
SRV:64bit: - [2013/03/29 00:10:55 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender

2013\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/03/29 00:07:52 | 000,068,856 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

-- (UPDATESRV)
SRV:64bit: - [2012/12/16 12:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2012/10/26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe --

(VUAgent)
SRV:64bit: - [2012/04/26 10:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN

\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe --

(VCService)
SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe --

(SampleCollector)
SRV:64bit: - [2010/06/21 19:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management

\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/06/09 00:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software

\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/06/08 18:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network

\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe --

(EvtEng)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel

\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll

-- (WinDefend)
SRV - [2013/04/10 21:06:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/27 23:50:14 | 003,089,856 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe --

(a2AntiMalware)
SRV - [2012/12/14 14:21:06 | 000,621,008 | ---- | M] (IOBit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCAvSvc.exe --

(ASCAntivirusSrv)
SRV - [2012/12/13 15:50:32 | 001,051,088 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCSvc.exe --

(AdvancedSystemCareService6)
SRV - [2011/12/15 15:24:38 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared

\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/31 20:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO

Event Service)
SRV - [2010/05/28 21:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components

\UNS\UNS.exe -- (UNS)
SRV - [2010/05/28 21:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components

\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe --

(clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin

\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology

\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

-- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

-- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/26 21:58:31 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender

\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/04/26 21:57:43 | 000,718,840 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys --

(avc3)
DRV:64bit: - [2013/04/26 21:57:27 | 000,593,144 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys

-- (avckf)
DRV:64bit: - [2013/03/29 00:11:01 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\gzflt.sys --

(gzflt)
DRV:64bit: - [2012/12/27 07:17:06 | 012,312,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/27 07:17:00 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/12/16 12:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys --

(SbieDrv)
DRV:64bit: - [2012/11/12 18:11:19 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2012/11/02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys --

(avchv)
DRV:64bit: - [2012/10/31 13:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers

\trufos.sys -- (trufos)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers

\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/11/14 20:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender

\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers

\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys --

(SmartDefragDriver)
DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys --

(PSI)
DRV:64bit: - [2010/06/24 21:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/23 21:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/06/23 21:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/23 21:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/06/23 21:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/06/23 21:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/06/23 21:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 21:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/05/31 22:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/31 22:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys --

(yukonw7)
DRV:64bit: - [2010/05/31 22:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/05/28 21:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys

-- (Impcd)
DRV:64bit: - [2010/05/28 21:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/26 21:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys --

(SFEP)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys --

(iaStor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys

-- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers

\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative

\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers

\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/01/17 15:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder2.sys -- (Spyder2)
DRV - [2013/03/27 23:50:23 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys --

(A2DDA)
DRV - [2013/03/27 23:50:23 | 000,017,384 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys --

(a2util)
DRV - [2012/11/03 19:23:51 | 000,175,352 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS

\46125\RapportIaso64.sys -- (RapportIaso)
DRV - [2012/06/18 17:19:05 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware

\a2accx64.sys -- (a2acc)
DRV - [2012/06/18 17:19:03 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware

\a2dix64.sys -- (a2injectiondriver)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys --

(WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...=com.microsoft:

{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...oft:{language}:

{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SVEE&bmod=SVEE
IE - HKCU\..\SearchScopes\{12B77033-590F-4F5D-BAC5-A76B77E74392}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{B0A2A07B-3FEB-40B6-AE45-CDA8F0EA58F2}: "URL" = http://uk.shopping.c...nkin_id=8056359
IE - HKCU\..\SearchScopes\{C7F913F1-9FF8-4CF2-9926-F7310FCC61C3}: "URL" = http://services.zini...}&rf=sonyslices
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bullguard.com/onlinescanner: C:\Program Files (x86)\BullGuard Ltd\BullGuard Online Scanner\npbgscanner.dll (BullGuard Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT

[2013/02/21 23:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

[2013/02/21 23:08:53 | 000,000,000 | ---D | M]

[2013/03/10 14:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronnie\AppData\Roaming\Mozilla\Extensions
[2004/06/09 17:03:02 | 000,832,728 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2013/04/13 02:32:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut

Street, Redwood City, CA 94063)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate

\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKCU..\Run: [Advanced SystemCare Ultimate] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote

\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files

(x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D3A558A-88D0-4D83-9C70-BB9C89B1021E}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/01 19:50:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/01 19:32:35 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe
[2013/05/01 19:23:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/05/01 15:57:05 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\ElevatedDiagnostics
[2013/05/01 12:24:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ana
[2013/05/01 12:17:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JJ The Man
[2013/04/29 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP
[2013/04/27 19:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2013/04/27 19:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2013/04/27 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2013/04/27 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/27 12:46:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DVDTOOLs
[2013/04/27 11:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Bluetooth Exchange Folder
[2013/04/27 06:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BullGuard Ltd
[2013/04/26 21:57:43 | 000,718,840 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2013/04/23 08:08:34 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013/04/23 07:30:35 | 013,168,216 | ---- | C] (Opera Software ASA) -- C:\Users\Ronnie\Desktop\Opera_1215_int_Setup.exe
[2013/04/23 07:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/20 12:01:17 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2013/04/13 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013/04/13 02:37:45 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\temp
[2013/04/13 02:20:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/13 02:20:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/13 02:20:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/13 02:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/13 02:14:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/11 23:36:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\OneNote Notebooks
[2013/04/11 01:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013/04/11 01:03:31 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/04/11 00:56:16 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/04/11 00:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/04/11 00:50:08 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\Returnil
[2013/04/11 00:17:29 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Local\Programs
[2013/04/10 22:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies
[2013/04/10 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/04/10 22:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/10 22:53:09 | 000,000,000 | ---D | C] -- C:\Users\Ronnie\Documents\DbgLogs
[2013/04/10 22:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\East-Tec Eraser 2012
[2013/04/10 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\East-Tec Eraser 2012
[2013/04/10 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Zoolz
[2013/04/04 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MumStuff non-pics
[2013/04/02 12:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2013/04/02 00:30:20 | 000,000,000 | ---D | C] -- C:\SMCLpav
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/01 20:03:53 | 000,009,072 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/05/01 19:58:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 19:58:06 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 19:56:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/01 19:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/01 19:50:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/01 19:49:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 19:47:31 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Ronnie\Desktop\uninstall.exe
[2013/05/01 14:50:38 | 000,830,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/01 14:50:38 | 000,702,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/01 14:50:38 | 000,138,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/01 12:02:08 | 000,327,767 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf
[2013/05/01 12:01:31 | 000,220,844 | ---- | M] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf
[2013/04/29 14:54:33 | 000,001,680 | ---- | M] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk
[2013/04/29 14:54:10 | 000,001,224 | ---- | M] () -- C:\Users\Ronnie\Desktop\Paint.lnk
[2013/04/29 14:54:05 | 000,001,754 | ---- | M] () -- C:\Users\Ronnie\Desktop\opera.lnk
[2013/04/29 14:53:28 | 000,001,711 | ---- | M] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk
[2013/04/29 14:53:07 | 000,001,730 | ---- | M] () -- C:\Users\Ronnie\Desktop\Everything.lnk
[2013/04/29 14:52:46 | 000,001,638 | ---- | M] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk
[2013/04/26 22:13:16 | 000,007,604 | ---- | M] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg
[2013/04/26 21:57:43 | 000,718,840 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2013/04/26 21:57:27 | 000,593,144 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2013/04/26 10:15:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/04/24 19:39:08 | 000,000,432 | ---- | M] () -- C:\Users\Public\Documents\My Hacked network.rtf
[2013/04/23 07:31:02 | 013,168,216 | ---- | M] (Opera Software ASA) -- C:\Users\Ronnie\Desktop\Opera_1215_int_Setup.exe
[2013/04/22 21:07:48 | 000,001,360 | ---- | M] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf
[2013/04/15 23:52:21 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/04/13 02:32:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/11 09:09:30 | 000,002,096 | ---- | M] () -- C:\Users\Ronnie\Desktop\Switch User.lnk
[2013/04/11 01:26:02 | 000,441,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/11 01:20:33 | 000,001,177 | ---- | M] () -- C:\temp218.bat
[2013/04/11 01:20:30 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/04/11 00:57:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/10 23:14:34 | 000,001,296 | ---- | M] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/01 12:02:08 | 000,327,767 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English-full.pdf
[2013/05/01 12:01:31 | 000,220,844 | ---- | C] () -- C:\Users\Public\Documents\HMDX-JAM-English.pdf
[2013/04/29 14:54:33 | 000,001,680 | ---- | C] () -- C:\Users\Ronnie\Desktop\SpaceSniffer.lnk
[2013/04/29 14:54:10 | 000,001,224 | ---- | C] () -- C:\Users\Ronnie\Desktop\Paint.lnk
[2013/04/29 14:54:05 | 000,001,754 | ---- | C] () -- C:\Users\Ronnie\Desktop\opera.lnk
[2013/04/29 14:53:28 | 000,001,711 | ---- | C] () -- C:\Users\Ronnie\Desktop\FirefoxNoBank.lnk
[2013/04/29 14:53:07 | 000,001,730 | ---- | C] () -- C:\Users\Ronnie\Desktop\Everything.lnk
[2013/04/29 14:52:46 | 000,001,638 | ---- | C] () -- C:\Users\Ronnie\Desktop\My Hacked network.rtf.lnk
[2013/04/26 10:15:07 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/04/24 19:37:24 | 000,000,432 | ---- | C] () -- C:\Users\Public\Documents\My Hacked network.rtf
[2013/04/22 21:07:48 | 000,001,360 | ---- | C] () -- C:\Users\Public\Documents\Bitdefender uninstall.rtf
[2013/04/13 11:10:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/04/13 02:20:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/13 02:20:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/13 02:20:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/13 02:20:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/13 02:20:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/11 09:02:57 | 000,002,096 | ---- | C] () -- C:\Users\Ronnie\Desktop\Switch User.lnk
[2013/04/11 01:20:33 | 000,001,177 | ---- | C] () -- C:\temp218.bat
[2013/04/11 00:57:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ARCHIE-VAIO-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/04/10 22:48:48 | 000,001,296 | ---- | C] () -- C:\Users\Public\Documents\east-tec Eraser 2012.rtf
[2013/04/02 22:58:16 | 000,007,604 | ---- | C] () -- C:\Users\Ronnie\AppData\Local\Resmon.ResmonCfg
[2013/01/07 18:04:33 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/12/27 07:17:12 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/12/27 07:17:06 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/12/27 07:17:04 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/12/27 07:17:04 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/05/16 21:48:42 | 000,009,068 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/04/14 10:42:10 | 000,816,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/05 08:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2012/08/21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/10 14:07:31 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\addpcs
[2013/03/10 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Bitdefender
[2013/03/29 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Canneverbe Limited
[2013/04/10 22:53:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EAST Technologies
[2012/12/19 17:21:53 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\EurekaLog
[2013/03/16 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\GlarySoft
[2013/03/10 13:44:18 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\IObit
[2013/03/10 14:39:36 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Opera
[2013/04/29 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\PFStaticIP
[2013/03/10 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Process Hacker 2
[2013/03/10 14:50:27 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\QuickScan
[2013/04/11 00:50:10 | 000,000,000 | ---D | M] -- C:\Users\Ronnie\AppData\Roaming\Returnil

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:C97C8631

< End of report >

Attached Thumbnails

  • screenshot 1- emsisoft kazyCrop.png
  • screenshot 2 BD Kazy.png
  • screenshot 3- sys restore fail 11.4.2013.png
  • screenshot 4- Trojan prorat 14.March 2013.png

Edited by Chigwells, 01 May 2013 - 04:10 PM.

  • 0

Advertisements


#2
Chigwells

Chigwells

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Apologies for this second post, it was a mistake! Admin please delete this post is poss, thx

Edited by Chigwells, 01 May 2013 - 03:55 PM.

  • 0

#3
Chigwells

Chigwells

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hey guys, I've just edited my post in The Waiting Room to match this one:

Basicly I've got tired of waiting for a response. Been 6 days and I'm going elsewhere to look for support.

Appreciate you've got tons to do here.

Still have infections, but gone elsewhere, close this thread.

Thanks, Chig.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP