Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual RAM Usage + Errors with GMER & catchme


  • This topic is locked This topic is locked
14 replies to this topic

#1 iraffbe

iraffbe

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 06 August 2014 - 01:48 AM

Hello Everyone;

 

 

First I wanted to say how much I admire the work you have been all doing for years, I think on the past 15 years, I didn't need to write once a post asking for help because I could find all the solution to past problems, from viruses to Trojan's, to rootkits, I have always found the solution on how to deal with all of it.

 

Thanks to your work, your tools, how you order your forums, keywords, everything. 

 

And that got me true so many problems around the years.

 

So again thank you.

 

Now to not make you loose your time, I have and issue, and I'm not sure it is one, so I kindly ask you expertise on that, because I can't get around it.

 

 

My issues are that I have an unusual amount of ram being used for long time, with no programs running I got 1,6GB or ram used.

 

Some browsing issues might be caused from that unusual ram usage (I run 100-700 tabs in Firefox), explorer errors, some startup programs I remove still start, explorer crashes, some issues with Windows Update and some updates not installing sometimes.

 

Issues with GMER, error 2 is produced when accessing running process tab while it's scanning, error one at the start of GMER and during mid-scan and error 3 near end of scan.

Catchme doesn't run, see the error in the log.

 

Also I suspect there is unusual traffic on my network, maybe some data is being downloaded but that I am not sure at all, it's from little tells, before I would see in in Comodo but I got tired over the years having to identify all the stuff manually true Comodo again and again, authorizing, refusing, ect. And since not critical data is on the actual hard drive and others are disconnected or locked I didn't see the use to keep having it.

 

There have been many infestations on this computer which where dealt with, so you may find "rests" of stuff.

 

One significant infiltration was when I was a regular user on hackingforums and I believe a government official which was really bad ass could get into my computer and was very hard to deal with, took my around a week to remove his stuff from the computer. He was uploading, controlling various stuff, got past Comodo, Combofix, ect (hence the fact that I suspect present issues). He sent so much stuff, trojan's (true java or flash), servers (no idea how), ...

 

 

So see attached the logs, I will give you any other log that you require.

 

Yes I know I should uninstall combofix.

 

Anything named Tacos is an non-offensive program.

 

Again I thank you a lot in advance for you help in resolving this issue.

 

Regards,

 

Raf

 

PS: Additional information

Disabled drivers emulation after the scans.

I never run iexplorer

I use mainly Firefox, on the side Chrome and rarely Opera.

Got many issues with Avira crashing on mini-scans but always thought because it's not working properly.

Attached Files


Edited by iraffbe, 06 August 2014 - 04:42 AM.


BC AdBot (Login to Remove)

 


#2 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 11 August 2014 - 12:12 AM

Hey,

 

I  know whe should not bumb but it's been almost 6 days, and I see no topic that has been made before mine unanswered, but new ones being answered..

 

Have I been forgotten ? Or I'm not likable :-( ?

 

I would greatly appreciate your help.

 

Thanks in advance.

 

Raf



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 August 2014 - 01:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/543467 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 11 August 2014 - 02:03 AM

Yes I still need help please.

 

All the logs are above, nothing changed.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 13 August 2014 - 12:27 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#6 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 13 August 2014 - 03:25 PM

Hello,

 

Thank you for your help.

 

MBAM failed to run rootkit scan, failed to load anti-rootkit driver error "20026"

No report was created after the scan even in history it's not there, only update report.

 

Here is the AdwCleaner log (checked list, didn't see false positives, only old conduit toolbar item):

# AdwCleaner v3.304 - Report created 13/08/2014 at 21:57:22
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Users\John\AppData\Local\genienext
Folder Deleted : C:\Users\John\AppData\Local\Mobogenie
Folder Deleted : C:\Users\John\AppData\Local\Popajar
Folder Deleted : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\John\Documents\Mobogenie
File Deleted : C:\Users\John\daemonprocess.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKCU\Software\Popajar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP47149D28-404C-474E-A1F4-5F43DEF05094&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [3987 octets] - [13/08/2014 21:53:13]
AdwCleaner[S0].txt - [3692 octets] - [13/08/2014 21:57:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3752 octets] ##########


Here is Farnar log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by John (administrator) on JOHN-PC on 13-08-2014 22:02:54
Running from C:\Users\John\Desktop\Farbar
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(PGP Corporation) C:\Windows\SysWOW64\PGPserv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Senstic) C:\Program Files (x86)\Senstic\PocketControl\SensticPocketServiceWin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Steppschuh) C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL 
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\.DEFAULT\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
HKU\S-1-5-21-4172054078-2033504591-580127424-1000\...\Run: [Remote Control Server] => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [1988608 2013-11-09] (Steppschuh)
HKU\S-1-5-21-4172054078-2033504591-580127424-1000\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-4172054078-2033504591-580127424-1000\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\Run: [NVIDIA nTune] => C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe [98304 2007-09-04] (NVIDIA)
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\Run: [Remote Control Server] => C:\Program Files (x86)\Remote Control Server\Remote Control Server.exe [1988608 2013-11-09] (Steppschuh)
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\RunOnce: [InetReg] => "C:\Program Files (x86)\Creative\Product Registration\English\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll => C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: IconOverlayHandlerAccessible -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\system32\PGPfsshl.dll (PGP Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2616B9B131BECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-BE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6DF7DEF3-2443-49B3-9E0F-5314329A8ECE}: [NameServer]81.169.60.107 81.169.60.107

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe2\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe2\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: Dictionnaires français - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2014-05-22]
FF Extension: Hola Better Internet - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-08-07]
FF Extension: Facebook Color Changer - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\jid0-Eyur3vR97jbHklhdHVBnn9OBILU@jetpack.xpi [2014-08-08]
FF Extension: Facebook Select All - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-02-07]
FF Extension: DebrideurStreaming - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\jid1-6gzTcCreJnRqoIj7t8ltxj2HuKc@jetpack.xpi [2014-07-15]
FF Extension: Français Language Pack - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\langpack-fr@firefox.mozilla.org.xpi [2013-10-03]
FF Extension: Social Fixer - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\socialfixer@mattkruse.com.xpi [2014-05-07]
FF Extension: ReloadAll! - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\unitedronaldo@yahoo.com.xpi [2014-03-07]
FF Extension: ReloadEvery - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-10-14]
FF Extension: Adblock Plus - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-03]
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-04-09]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-25]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-25]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-25]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-23]
CHR Extension: (Facebook Unseen) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2014-06-09]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-25]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADUServiceNSRT; C:\Program Files (x86)\Nokia\Nokia Software Recovery Tool\ADUService.exe [98816 2014-02-18] () [File not signed]
S4 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-01-29] (Nero AG)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S4 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [180224 2007-09-04] (NVIDIA) [File not signed]
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 PGPserv; C:\Windows\SysWOW64\PGPserv.exe [102968 2008-12-10] (PGP Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-06-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-06-17] ()
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
R2 SensticPocketService; C:\Program Files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe [155984 2014-04-14] (Senstic)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACSSCR; C:\Windows\System32\DRIVERS\a38usb.sys [45056 2012-10-03] (Advanced Card Systems Ltd)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-31] (Avira Operations GmbH & Co. KG)
R3 avshws; C:\Windows\System32\DRIVERS\camsource64.sys [30360 2014-04-14] (Senstic)
R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group)
R1 BSMEM; C:\Windows\SysWOW64\drivers\BSMEM.sys [17024 2012-07-26] (BIOSTAR Group) [File not signed]
S3 BSMI; C:\Program Files (x86)\Tseries BIOS Update\BSMIx64.sys [16504 2012-04-14] ()
S3 COMMONFX.DLL; C:\Windows\System32\COMMONFX.DLL [151296 2007-04-12] (Creative Technology Ltd)
S3 CT20XUT.DLL; C:\Windows\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Technology Ltd.)
S3 CTAUDFX.DLL; C:\Windows\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Technology Ltd)
S3 CTEAPSFX.DLL; C:\Windows\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPFX.DLL; C:\Windows\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPIO.DLL; C:\Windows\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Technology Ltd)
S3 CTEDSPSY.DLL; C:\Windows\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Technology Ltd)
S3 CTERFXFX.DLL; C:\Windows\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Technology Ltd)
S3 CTEXFIFX.DLL; C:\Windows\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Technology Ltd.)
S3 CTHWIUT.DLL; C:\Windows\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Technology Ltd.)
S3 CTSBLFX.DLL; C:\Windows\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Technology Ltd)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-18] (DT Soft Ltd)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [413696 2011-04-18] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-13] (Malwarebytes Corporation)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [277560 2008-12-10] (PGP Corporation)
R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [167480 2008-12-10] (PGP Corporation)
R2 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [50232 2008-12-10] (PGP Corporation)
R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [252472 2008-12-10] (PGP Corporation)
R3 PocketAudio; C:\Windows\System32\drivers\senaudio64.sys [37192 2014-04-14] (Windows (R) Win 7 DDK provider)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RT61; C:\Windows\System32\DRIVERS\rt61.sys [438784 2009-06-02] (Ralink Technology, Corp.)
S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2013-11-15] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [29160 2014-08-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:02 - 2014-08-13 22:03 - 00000000 ____D () C:\FRST
2014-08-13 22:02 - 2014-08-13 22:02 - 00000000 ____D () C:\Users\John\Desktop\Farbar
2014-08-13 21:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 21:53 - 2014-08-13 21:58 - 00000000 ____D () C:\AdwCleaner
2014-08-13 21:11 - 2014-08-13 21:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-13 21:11 - 2014-08-13 21:11 - 01366203 _____ () C:\Users\John\Desktop\adwcleaner_3.304.exe
2014-08-13 21:09 - 2014-08-13 21:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-12 22:31 - 2014-08-12 22:31 - 00023120 _____ () C:\Users\John\Downloads\80d60402d8dccc8b226c5373cc6d45d57070a9d7.zip
2014-08-12 15:56 - 2014-08-12 15:56 - 00000067 _____ () C:\Users\John\Desktop\vlad salle.txt
2014-08-12 13:36 - 2014-08-12 13:36 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-08-06 14:05 - 2014-08-06 14:05 - 00000148 _____ () C:\Users\John\Desktop\rdv Trevi.txt
2014-08-06 11:41 - 2014-08-06 11:41 - 00003497 _____ () C:\Users\John\Desktop\RKreport_SCN_08062014_102546.log
2014-08-06 10:15 - 2014-08-06 10:15 - 00208404 _____ () C:\Users\John\Desktop\Events.txt
2014-08-06 10:05 - 2014-08-06 10:05 - 04806744 _____ () C:\Users\John\Downloads\RogueKiller.exe
2014-08-06 10:05 - 2014-08-06 10:05 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-06 10:02 - 2014-08-06 10:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Process Hacker 2
2014-08-06 09:59 - 2014-08-06 09:59 - 02720895 _____ () C:\Users\John\Downloads\processhacker-2.33-bin.zip
2014-08-06 09:58 - 2014-08-06 09:58 - 01932448 _____ (wj32 ) C:\Users\John\Downloads\processhacker-2.33-setup.exe
2014-08-06 09:53 - 2014-08-06 09:53 - 02091520 _____ (Conner Bernhard) C:\Users\John\Downloads\NetAdapterRepair1.2.exe
2014-08-06 09:50 - 2014-08-06 09:50 - 00000936 _____ () C:\Users\John\Downloads\checkup.txt
2014-08-06 09:47 - 2014-08-06 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 09:47 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 09:47 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 09:47 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 09:47 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 09:46 - 2014-08-06 09:47 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 09:44 - 2014-08-06 09:44 - 00918440 _____ (Oracle Corporation) C:\Users\John\Downloads\chromeinstall-7u67.exe
2014-08-06 09:42 - 2014-08-06 09:42 - 00069662 _____ () C:\Users\John\Downloads\PageDefrag (1).zip
2014-08-06 09:42 - 2006-11-01 13:06 - 00215928 _____ (Sysinternals) C:\Users\John\Desktop\pagedfrg.exe
2014-08-06 09:42 - 2006-11-01 13:06 - 00215928 _____ (Sysinternals) C:\pagedfrg.exe
2014-08-06 09:38 - 2014-08-06 09:49 - 00000936 _____ () C:\Users\John\Desktop\checkup.txt
2014-08-06 09:36 - 2014-08-06 09:36 - 00069662 _____ () C:\Users\John\Downloads\PageDefrag.zip
2014-08-06 09:33 - 2014-08-06 09:33 - 00854410 _____ () C:\Users\John\Downloads\SecurityCheck.exe
2014-08-06 09:23 - 2014-08-06 09:23 - 00002702 _____ () C:\Users\John\Desktop\GMERLog.log
2014-08-06 09:16 - 2014-08-06 09:16 - 00001007 _____ () C:\Users\John\Downloads\catchme.log
2014-08-06 09:12 - 2014-08-06 09:12 - 00050477 _____ () C:\Users\John\Downloads\Defogger.exe
2014-08-06 09:12 - 2014-08-06 09:12 - 00000470 _____ () C:\Users\John\Downloads\defogger_disable.log
2014-08-06 09:12 - 2014-08-06 09:12 - 00000000 _____ () C:\Users\John\defogger_reenable
2014-08-06 09:08 - 2014-08-06 09:08 - 00003019 _____ () C:\Users\John\Downloads\attach.txt
2014-08-06 08:32 - 2014-08-06 08:32 - 00109984 _____ () C:\Users\John\Desktop\OTL.Txt
2014-08-06 08:26 - 2014-08-06 08:26 - 00137608 _____ () C:\Users\John\Downloads\Extras.Txt
2014-08-06 08:25 - 2014-08-06 08:32 - 00109984 _____ () C:\Users\John\Downloads\OTL.Txt
2014-08-06 08:22 - 2014-08-06 08:22 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.com
2014-08-06 08:12 - 2014-08-06 08:24 - 00022076 _____ () C:\Users\John\Desktop\dds.txt
2014-08-06 08:12 - 2014-08-06 08:24 - 00010664 _____ () C:\Users\John\Desktop\attach.txt
2014-08-06 08:12 - 2014-08-06 08:12 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-08-06 08:11 - 2014-08-06 08:11 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.scr
2014-08-06 08:08 - 2014-08-06 08:08 - 00147456 _____ () C:\Users\John\Desktop\Tacos.exe
2014-08-06 08:07 - 2014-08-06 08:09 - 00001007 _____ () C:\Users\John\Desktop\catchme.log
2014-08-06 08:07 - 2014-08-06 08:07 - 00147456 _____ () C:\Users\John\Downloads\catchme.exe
2014-08-06 08:01 - 2014-08-06 08:01 - 00380416 _____ () C:\Users\John\Desktop\5gfr2414.exe
2014-08-06 08:00 - 2014-08-06 08:00 - 00380416 _____ () C:\Users\John\Downloads\uztpu36r.exe
2014-08-05 11:22 - 2014-08-05 11:37 - 00000000 ____D () C:\ComboFix
2014-08-05 11:20 - 2014-08-05 11:20 - 05567674 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-08-01 08:09 - 2014-06-07 06:02 - 17854464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-01 08:09 - 2014-06-07 05:13 - 10890752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-01 08:09 - 2014-06-07 04:59 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-01 08:09 - 2014-06-07 04:52 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-01 08:09 - 2014-06-07 04:51 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-01 08:09 - 2014-06-07 04:51 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-01 08:09 - 2014-06-07 04:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-01 08:09 - 2014-06-07 04:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-01 08:09 - 2014-06-07 04:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-01 08:09 - 2014-06-07 04:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-01 08:09 - 2014-06-07 04:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-01 08:09 - 2014-06-07 04:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-01 08:09 - 2014-06-07 04:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-01 08:09 - 2014-06-07 04:42 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-01 08:09 - 2014-06-07 04:42 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-01 08:09 - 2014-06-07 04:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-01 08:09 - 2014-06-07 04:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-01 08:09 - 2014-06-07 04:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-01 08:09 - 2014-06-07 04:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-01 08:09 - 2014-06-07 04:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-01 08:09 - 2014-06-07 04:35 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-01 08:09 - 2014-06-07 02:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-01 08:09 - 2014-06-07 01:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-01 08:09 - 2014-06-07 01:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-01 08:09 - 2014-06-07 01:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-01 08:09 - 2014-06-07 01:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-01 08:09 - 2014-06-07 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-01 08:09 - 2014-06-07 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-01 08:09 - 2014-06-07 00:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-01 08:09 - 2014-06-07 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-01 08:09 - 2014-06-07 00:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-01 08:09 - 2014-06-07 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-01 08:09 - 2014-06-07 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-01 08:09 - 2014-06-07 00:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-01 08:09 - 2014-06-07 00:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-01 08:09 - 2014-06-07 00:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-01 08:09 - 2014-06-07 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-01 08:09 - 2014-06-07 00:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-01 08:09 - 2014-06-07 00:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-01 08:09 - 2014-06-07 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-01 08:09 - 2014-06-07 00:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-01 08:09 - 2014-06-07 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-01 08:09 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-01 08:09 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-01 08:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-01 08:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-08-01 08:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-08-01 08:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-08-01 08:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-08-01 08:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-08-01 08:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-08-01 08:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-08-01 08:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-08-01 08:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-08-01 08:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-08-01 08:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-08-01 08:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-08-01 08:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-08-01 08:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-08-01 08:07 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-01 08:07 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-08-01 08:07 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-01 08:07 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-08-01 08:07 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-08-01 08:07 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-08-01 08:07 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-08-01 08:07 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-08-01 08:07 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-08-01 08:06 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-01 08:06 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-01 08:06 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-01 08:06 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-01 08:06 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-01 08:06 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-01 08:06 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-01 08:06 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-01 08:06 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-08-01 08:06 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-08-01 08:06 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-08-01 08:06 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-08-01 08:06 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-08-01 08:06 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-08-01 08:06 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-08-01 08:06 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-08-01 08:06 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-08-01 08:06 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-08-01 08:06 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-08-01 08:06 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-08-01 08:06 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-08-01 08:06 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-08-01 08:06 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-08-01 08:06 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-08-01 08:06 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-08-01 08:06 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-08-01 08:06 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-08-01 08:06 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-01 08:06 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-01 08:06 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-01 08:06 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-01 08:06 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-01 08:06 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-01 08:05 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-30 23:57 - 2014-07-30 23:57 - 00000222 _____ () C:\Users\John\Desktop\Age of Empires II HD Edition.url
2014-07-30 20:03 - 2014-07-30 20:04 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Application Verifier
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-07-30 20:01 - 2014-07-30 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-30 20:01 - 2014-07-30 20:01 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-07-30 19:52 - 2014-07-30 19:52 - 00991536 _____ (Microsoft Corporation) C:\Users\John\Downloads\sdksetup.exe
2014-07-30 19:50 - 2014-07-30 19:50 - 00000000 ____D () C:\Direct
2014-07-30 19:48 - 2014-07-30 19:49 - 100273008 _____ (Microsoft Corporation) C:\Users\John\Downloads\directx_directx_11_juin_2010_anglais_10906.exe
2014-07-30 18:01 - 2014-07-30 18:01 - 00276267 _____ () C:\Users\John\Downloads\RAMMap.zip
2014-07-30 17:52 - 2014-07-30 20:31 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-07-27 03:15 - 2014-07-27 03:16 - 01614094 _____ () C:\Users\John\Downloads\(10)Skibi'sCastleTD.zip
2014-07-23 23:56 - 2014-07-23 23:56 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-07-23 23:56 - 2014-07-23 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-23 23:54 - 2014-07-23 23:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetup(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 22:03 - 2014-08-13 22:02 - 00000000 ____D () C:\FRST
2014-08-13 22:02 - 2014-08-13 22:02 - 00000000 ____D () C:\Users\John\Desktop\Farbar
2014-08-13 22:00 - 2013-09-25 23:13 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 22:00 - 2013-07-13 23:35 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-08-13 22:00 - 2013-04-05 02:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-13 22:00 - 2010-11-21 05:47 - 00359184 _____ () C:\Windows\PFRO.log
2014-08-13 22:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 22:00 - 2009-07-14 06:51 - 00168110 _____ () C:\Windows\setupact.log
2014-08-13 21:58 - 2014-08-13 21:53 - 00000000 ____D () C:\AdwCleaner
2014-08-13 21:58 - 2013-01-27 15:23 - 01640074 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 21:58 - 2013-01-27 15:06 - 00000000 ____D () C:\Users\John
2014-08-13 21:51 - 2014-05-05 18:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-13 21:11 - 2014-08-13 21:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-13 21:11 - 2014-08-13 21:11 - 01366203 _____ () C:\Users\John\Desktop\adwcleaner_3.304.exe
2014-08-13 21:11 - 2014-05-05 18:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-13 21:11 - 2014-05-05 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-13 21:11 - 2014-05-05 18:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-13 21:10 - 2014-08-13 21:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 21:10 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 21:10 - 2009-07-14 06:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 02:59 - 2013-09-25 23:13 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 02:00 - 2013-02-07 22:21 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-08-13 01:57 - 2013-02-19 00:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-13 01:07 - 2013-01-28 01:51 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-08-13 00:21 - 2013-01-28 01:33 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-08-12 22:31 - 2014-08-12 22:31 - 00023120 _____ () C:\Users\John\Downloads\80d60402d8dccc8b226c5373cc6d45d57070a9d7.zip
2014-08-12 22:26 - 2013-01-28 01:35 - 00000000 ____D () C:\Torrents
2014-08-12 13:36 - 2014-08-12 13:36 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-08-09 22:39 - 2013-05-29 06:10 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-08-09 14:56 - 2013-06-19 21:25 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-08-06 14:05 - 2014-08-06 14:05 - 00000148 _____ () C:\Users\John\Desktop\rdv Trevi.txt
2014-08-06 11:41 - 2014-08-06 11:41 - 00003497 _____ () C:\Users\John\Desktop\RKreport_SCN_08062014_102546.log
2014-08-06 10:15 - 2014-08-06 10:15 - 00208404 _____ () C:\Users\John\Desktop\Events.txt
2014-08-06 10:05 - 2014-08-06 10:05 - 04806744 _____ () C:\Users\John\Downloads\RogueKiller.exe
2014-08-06 10:05 - 2014-08-06 10:05 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-06 10:05 - 2014-08-06 10:05 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-06 10:02 - 2014-08-06 10:02 - 00000000 ____D () C:\Users\John\AppData\Roaming\Process Hacker 2
2014-08-06 09:59 - 2014-08-06 09:59 - 02720895 _____ () C:\Users\John\Downloads\processhacker-2.33-bin.zip
2014-08-06 09:58 - 2014-08-06 09:58 - 01932448 _____ (wj32 ) C:\Users\John\Downloads\processhacker-2.33-setup.exe
2014-08-06 09:53 - 2014-08-06 09:53 - 02091520 _____ (Conner Bernhard) C:\Users\John\Downloads\NetAdapterRepair1.2.exe
2014-08-06 09:50 - 2014-08-06 09:50 - 00000936 _____ () C:\Users\John\Downloads\checkup.txt
2014-08-06 09:49 - 2014-08-06 09:38 - 00000936 _____ () C:\Users\John\Desktop\checkup.txt
2014-08-06 09:49 - 2014-02-19 22:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 09:47 - 2014-08-06 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 09:47 - 2014-08-06 09:46 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 09:47 - 2013-05-15 15:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 09:44 - 2014-08-06 09:44 - 00918440 _____ (Oracle Corporation) C:\Users\John\Downloads\chromeinstall-7u67.exe
2014-08-06 09:44 - 2013-01-28 23:36 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-06 09:44 - 2013-01-28 23:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 09:42 - 2014-08-06 09:42 - 00069662 _____ () C:\Users\John\Downloads\PageDefrag (1).zip
2014-08-06 09:36 - 2014-08-06 09:36 - 00069662 _____ () C:\Users\John\Downloads\PageDefrag.zip
2014-08-06 09:33 - 2014-08-06 09:33 - 00854410 _____ () C:\Users\John\Downloads\SecurityCheck.exe
2014-08-06 09:28 - 2014-01-04 05:08 - 00007634 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2014-08-06 09:23 - 2014-08-06 09:23 - 00002702 _____ () C:\Users\John\Desktop\GMERLog.log
2014-08-06 09:16 - 2014-08-06 09:16 - 00001007 _____ () C:\Users\John\Downloads\catchme.log
2014-08-06 09:12 - 2014-08-06 09:12 - 00050477 _____ () C:\Users\John\Downloads\Defogger.exe
2014-08-06 09:12 - 2014-08-06 09:12 - 00000470 _____ () C:\Users\John\Downloads\defogger_disable.log
2014-08-06 09:12 - 2014-08-06 09:12 - 00000000 _____ () C:\Users\John\defogger_reenable
2014-08-06 09:08 - 2014-08-06 09:08 - 00003019 _____ () C:\Users\John\Downloads\attach.txt
2014-08-06 08:32 - 2014-08-06 08:32 - 00109984 _____ () C:\Users\John\Desktop\OTL.Txt
2014-08-06 08:32 - 2014-08-06 08:25 - 00109984 _____ () C:\Users\John\Downloads\OTL.Txt
2014-08-06 08:26 - 2014-08-06 08:26 - 00137608 _____ () C:\Users\John\Downloads\Extras.Txt
2014-08-06 08:24 - 2014-08-06 08:12 - 00022076 _____ () C:\Users\John\Desktop\dds.txt
2014-08-06 08:24 - 2014-08-06 08:12 - 00010664 _____ () C:\Users\John\Desktop\attach.txt
2014-08-06 08:22 - 2014-08-06 08:22 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.com
2014-08-06 08:12 - 2014-08-06 08:12 - 00602112 _____ (OldTimer Tools) C:\Users\John\Downloads\OTL.exe
2014-08-06 08:11 - 2014-08-06 08:11 - 00688992 ____R (Swearware) C:\Users\John\Downloads\dds.scr
2014-08-06 08:09 - 2014-08-06 08:07 - 00001007 _____ () C:\Users\John\Desktop\catchme.log
2014-08-06 08:08 - 2014-08-06 08:08 - 00147456 _____ () C:\Users\John\Desktop\Tacos.exe
2014-08-06 08:07 - 2014-08-06 08:07 - 00147456 _____ () C:\Users\John\Downloads\catchme.exe
2014-08-06 08:01 - 2014-08-06 08:01 - 00380416 _____ () C:\Users\John\Desktop\5gfr2414.exe
2014-08-06 08:00 - 2014-08-06 08:00 - 00380416 _____ () C:\Users\John\Downloads\uztpu36r.exe
2014-08-06 07:31 - 2014-06-04 17:16 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-05 11:38 - 2014-05-22 11:00 - 00132590 _____ () C:\Windows\runSW.log
2014-08-05 11:37 - 2014-08-05 11:22 - 00000000 ____D () C:\ComboFix
2014-08-05 11:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-05 11:22 - 2013-06-19 19:20 - 00000000 ____D () C:\Qoobox
2014-08-05 11:20 - 2014-08-05 11:20 - 05567674 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2014-08-05 11:18 - 2013-05-31 13:11 - 00000000 ____D () C:\Users\John\Desktop\New folder (2)
2014-08-04 23:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 21:39 - 2013-05-17 14:34 - 00000000 ____D () C:\Temp
2014-08-04 21:39 - 2013-05-15 00:13 - 00000000 ____D () C:\Users\John\AppData\Local\HTC MediaHub
2014-08-03 00:38 - 2009-07-14 06:45 - 05137952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-02 06:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-02 06:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-02 06:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-01 08:40 - 2013-06-19 21:20 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-01 08:40 - 2009-07-14 07:13 - 00766336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 08:30 - 2014-03-04 23:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-30 23:57 - 2014-07-30 23:57 - 00000222 _____ () C:\Users\John\Desktop\Age of Empires II HD Edition.url
2014-07-30 23:57 - 2013-09-09 23:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-30 20:31 - 2014-07-30 17:52 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2014-07-30 20:31 - 2013-04-05 03:43 - 00000000 ____D () C:\ProgramData\Orbit
2014-07-30 20:31 - 2013-03-30 13:36 - 00000000 ____D () C:\Users\John\Documents\My Games
2014-07-30 20:04 - 2014-07-30 20:03 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2014-07-30 20:04 - 2014-07-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files\Application Verifier
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-07-30 20:03 - 2014-07-30 20:03 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2014-07-30 20:01 - 2014-07-30 20:01 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-07-30 20:00 - 2013-12-04 00:11 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-30 19:53 - 2013-04-05 02:01 - 00209996 _____ () C:\Windows\DirectX.log
2014-07-30 19:52 - 2014-07-30 19:52 - 00991536 _____ (Microsoft Corporation) C:\Users\John\Downloads\sdksetup.exe
2014-07-30 19:50 - 2014-07-30 19:50 - 00000000 ____D () C:\Direct
2014-07-30 19:49 - 2014-07-30 19:48 - 100273008 _____ (Microsoft Corporation) C:\Users\John\Downloads\directx_directx_11_juin_2010_anglais_10906.exe
2014-07-30 18:01 - 2014-07-30 18:01 - 00276267 _____ () C:\Users\John\Downloads\RAMMap.zip
2014-07-27 03:59 - 2014-07-18 23:45 - 00000000 ____D () C:\Warcraft III + Expansion
2014-07-27 03:16 - 2014-07-27 03:15 - 01614094 _____ () C:\Users\John\Downloads\(10)Skibi'sCastleTD.zip
2014-07-25 12:55 - 2014-08-06 09:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-06 09:47 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-06 09:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-06 09:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-24 22:31 - 2013-05-23 03:08 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-23 23:56 - 2014-07-23 23:56 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-07-23 23:56 - 2014-07-23 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-23 23:56 - 2013-06-19 21:24 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-23 23:56 - 2013-06-19 21:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-23 23:56 - 2013-06-19 21:24 - 00000000 ____D () C:\ProgramData\Skype
2014-07-23 23:54 - 2014-07-23 23:54 - 01677928 _____ (Skype Technologies S.A.) C:\Users\John\Downloads\SkypeSetup(1).exe
2014-07-23 10:16 - 2014-07-23 10:04 - 1062866053 _____ () C:\Users\John\Documents\D.pgp
2014-07-23 09:19 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-21 23:13 - 2014-07-21 23:00 - 00000000 ____D () C:\Sony SD 64GB 21-07-14
2014-07-20 21:55 - 2014-07-20 21:55 - 00015448 _____ () C:\Users\John\Downloads\Tokarev_2014_1080p_1080p(1).torrent
2014-07-20 21:54 - 2014-07-20 21:54 - 00015448 _____ () C:\Users\John\Downloads\Tokarev_2014_1080p_1080p.torrent
2014-07-19 09:06 - 2013-09-25 23:14 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 23:51 - 2013-03-30 01:36 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-18 22:50 - 2014-07-18 22:50 - 00029368 _____ () C:\Users\John\Downloads\suits.pound.of.flesh.(2014).fre.1cd.(5757843).zip
2014-07-17 03:36 - 2014-07-17 03:36 - 00000033 _____ () C:\Users\John\Desktop\LJ.txt

Some content of TEMP:
====================
C:\Users\John\AppData\Local\Temp\avgnt.exe
C:\Users\John\AppData\Local\Temp\catchme.dll
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\sfamcc00001.dll
C:\Users\John\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 07:09

==================== End Of Log ============================

The problem is still present after all this manipulations.

 

Thank you for your help.

Attached Files


Edited by iraffbe, 13 August 2014 - 03:30 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 14 August 2014 - 07:56 AM

MBAM failed to run rootkit scan, failed to load anti-rootkit driver error "20026"
No report was created after the scan even in history it's not there, only update report.


Refer to this topic.
https://forums.malwarebytes.org/index.php?/topic/144813-unable-to-load-the-anti-rootkit-driver/page-2
If you do not find a solution I suggest your ask for help in the topic.
This is not my forte.
===

The Low Disk Space check is disable on the hard drive. It may just be that you do have a program that is blocking MBAM.
HKU\S-1-5-21-4172054078-2033504591-580127424-1000\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
HKU\S-1-5-21-4172054078-2033504591-580127424-1002\...\Policies\Explorer: [NoLowDiscSpaceChecks] 1
===

For my part run and submit these logs.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

p.s. Before proceeding with these scans:

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  • IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.


#8 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 14 August 2014 - 03:45 PM

Hello,
 
Thank you for your reply.
 
MBAM will not run rootkit scan on my computer because the drive is encrypted and thus not supported for rootkit scan with MBAM.
 
What does it mean if lowdiskspace is disabled ? Because I do get warnings when space is low.
I do have other hard drives but they have been disconnected for a while.
 
Here is the TDS log:
 
22: 31: 00.0706 0x12f0 TDSS rootkit removing tool 3.0.0.40 10 Jul 2014 12:37:58
22:31:03.0286 0x12f0  ============================================================
22:31:03.0286 0x12f0  Current date / time: 2014/08/14 22:31:03.0286
22: 31: 03.0286 0x12f0 SystemInfo:
22:31:03.0286 0x12f0  
22: 31: 03.0286 0x12f0 OS Version: 6.1.7601 ServicePack: 1.0
22:31:03.0286 0x12f0  Product type: Workstation
22: 31: 03.0286 0x12f0 ComputerName: JOHN-PC
22:31:03.0286 0x12f0  UserName: John
22:31:03.0286 0x12f0  Windows directory: C:\Windows
22:31:03.0286 0x12f0  System windows directory: C:\Windows
22:31:03.0286 0x12f0  Running under WOW64
22:31:03.0286 0x12f0  Processor architecture: Intel x64
22:31:03.0286 0x12f0  Number of processors: 4
22:31:03.0286 0x12f0  Page size: 0x1000
22:31:03.0286 0x12f0  Boot type: Normal boot
22:31:03.0286 0x12f0  ============================================================
22: 31: 20.0624 0x12f0 KLMD registered as C: \ Windows \ system32 \ drivers \ 53141645.sys
22: 31: 22.0332 0x12f0 System UUID: {3757D955-A3E6-9937-5948-DD62878AFC94}
22: 31: 23.0900 0x12f0 Drive \ Device \ Harddisk0 \ DR0 - Size: 0x1D1C1116000 (1863.02 GB), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:31:23.0915 0x12f0  ============================================================
22: 31: 23.0915 0x12f0 \ Device \ Harddisk0 \ DR0:
22: 31: 23.0919 0x12f0 MBR partitions:
22: 31: 23.0920 0x12f0 \ Device \ Harddisk0 \ DR0 \ Partition1: MBR, Type 0x7, 0x800 StartLBA, BlocksNum 0xE8E07800
22:31:23.0920 0x12f0  ============================================================
22: 31: 23.0921 0x12f0 Initialize success
22:31:23.0921 0x12f0  ============================================================
22:31:33.0301 0x1494  ============================================================
22:31:33.0301 0x1494  Scan started
22:31:33.0301 0x1494  Mode: Manual; 
22:31:33.0301 0x1494  ============================================================
22: 31: 33.0301 0x1494 KSN ping Started
22: 31: 35.0685 0x1494 KSN ping Finished: true
22:31:38.0075 0x1494  ================ Scan system memory ========================
22:31:38.0075 0x1494  System memory - ok
22:31:38.0075 0x1494  ================ Scan services =============================
22: 31: 38.0122 0x1494 1394ohci - ok
22: 31: 38.0125 0x1494 acpi - ok
22: 31: 38.0129 0x1494 AcpiPmi - ok
22: 31: 38.0140 0x1494 ACSSCR - ok
22: 31: 38.0150 0x1494 AdobeARMservice - ok
22: 31: 38.0154 0x1494 adp94xx - ok
22: 31: 38.0158 0x1494 adpahci - ok
22: 31: 38.0162 0x1494 adpu320 - ok
22: 31: 38.0188 0x1494 ADUServiceNSRT - ok
22: 31: 38.0192 0x1494 AeLookupSvc - ok
22: 31: 38.0199 0x1494 AFD - ok
22:31:38.0207 0x1494  agp440 - ok
22: 31: 38.0211 0x1494 ALG - ok
22: 31: 38.0215 0x1494 aliide - ok
22: 31: 38.0220 0x1494 amdide - ok
22: 31: 38.0224 0x1494 AmdK8 - ok
22: 31: 38.0233 0x1494 AmdPPM - ok
22: 31: 38.0238 0x1494 amdsata - ok
22: 31: 38.0242 0x1494 amdsbs - ok
22: 31: 38.0246 0x1494 amdxata - ok
22: 31: 38.0275 0x1494 AntiVirSchedulerService - ok
22: 31: 38.0279 0x1494 AntiVirService - ok
22: 31: 38.0285 0x1494 AppID - ok
22: 31: 38.0289 0x1494 AppIDSvc - ok
22: 31: 38.0293 0x1494 Appinfo - ok
22:31:38.0304 0x1494  Apple Mobile Device - ok
22: 31: 38.0313 0x1494 AppMgmt - ok
22:31:38.0317 0x1494  arc - ok
22: 31: 38.0321 0x1494 arcsas - ok
22: 31: 38.0328 0x1494 aspnet_state - ok
22: 31: 38.0332 0x1494 AsyncMac - ok
22: 31: 38.0335 0x1494 atapi - ok
22: 31: 38.0338 0x1494 athr - ok
22: 31: 38.0346 0x1494 AudioEndpointBuilder - ok
22: 31: 38.0349 0x1494 AudioSrv - ok
22: 31: 38.0353 0x1494 avgntflt - ok
22: 31: 38.0380 0x1494 avipbb - ok
22: 31: 38.0385 0x1494 avkmgr - ok
22: 31: 38.0412 0x1494 avshws - ok
22: 31: 38.0416 0x1494 AxInstSV - ok
22: 31: 38.0419 0x1494 b06bdrv - ok
22:31:38.0424 0x1494  b57nd60a - ok
22: 31: 38.0430 0x1494 BDESVC - ok
22:31:38.0434 0x1494  Beep - ok
22: 31: 38.0439 0x1494 BFE - ok
22:31:38.0443 0x1494  BITS - ok
22: 31: 38.0464 0x1494 blbdrive - ok
22: 31: 38.0468 0x1494 Bonjour Service - ok
22:31:38.0472 0x1494  bowser - ok
22: 31: 38.0476 0x1494 BrFiltLo - ok
22: 31: 38.0481 0x1494 BrFiltUp - ok
22: 31: 38.0485 0x1494 BridgeMP - ok
22:31:38.0490 0x1494  Browser - ok
22: 31: 38.0494 0x1494 Brserid - ok
22: 31: 38.0498 0x1494 BrSerWdm - ok
22: 31: 38.0501 0x1494 BrUsbMdm - ok
22: 31: 38.0505 0x1494 BrUsbSer - ok
22: 31: 38.0509 0x1494 BSMEM - ok
22: 31: 38.0514 0x1494 BSMI - ok
22: 31: 38.0537 0x1494 BthEnum - ok
22: 31: 38.0575 0x1494 BTHMODEM - ok
22: 31: 38.0579 0x1494 BthPan - ok
22: 31: 38.0583 0x1494 BTHPORT - ok
22: 31: 38.0587 0x1494 bthserv - ok
22: 31: 38.0591 0x1494 BTHUSB - ok
22: 31: 38.0596 0x1494 btwaudio - ok
22: 31: 38.0600 0x1494 btwavdt - ok
22: 31: 38.0604 0x1494 btwrchid - ok
22: 31: 38.0607 0x1494 catchme - ok
22: 31: 38.0611 0x1494 cdfs - ok
22: 31: 38.0615 0x1494 cdrom - ok
22: 31: 38.0622 0x1494 CertPropSvc - ok
22: 31: 38.0636 0x1494 circlass - ok
22: 31: 38.0640 0x1494 CLFS - ok
22: 31: 38.0643 0x1494 clr_optimization_v2.0.50727_32 - ok
22: 31: 38.0649 0x1494 clr_optimization_v2.0.50727_64 - ok
22: 31: 38.0663 0x1494 clr_optimization_v4.0.30319_32 - ok
22: 31: 38.0670 0x1494 clr_optimization_v4.0.30319_64 - ok
22: 31: 38.0675 0x1494 CmBatt - ok
22: 31: 38.0681 0x1494 cmdide - ok
22:31:38.0686 0x1494  CNG - ok
22: 31: 38.0689 0x1494 COMMONFX.DLL - ok
22: 31: 38.0693 0x1494 Compbatt - ok
22: 31: 38.0698 0x1494 CompositeBus - ok
22: 31: 38.0703 0x1494 COMSysApp - ok
22: 31: 38.0707 0x1494 crcdisk - ok
22: 31: 38.0711 0x1494 CryptSvc - ok
22:31:38.0716 0x1494  CSC - ok
22: 31: 38.0721 0x1494 CscService - ok
22: 31: 38.0727 0x1494 CT20XUT.DLL - ok
22: 31: 38.0733 0x1494 ctac32k - ok
22: 31: 38.0739 0x1494 ctaud2k - ok
22: 31: 38.0742 0x1494 CTAUDFX.DLL - ok
22: 31: 38.0747 0x1494 CTEAPSFX.DLL - ok
22: 31: 38.0751 0x1494 CTEDSPFX.DLL - ok
22: 31: 38.0755 0x1494 CTEDSPIO.DLL - ok
22: 31: 38.0758 0x1494 CTEDSPSY.DLL - ok
22: 31: 38.0762 0x1494 CTERFXFX.DLL - ok
22: 31: 38.0766 0x1494 CTEXFIFX.DLL - ok
22: 31: 38.0807 0x1494 CTHWIUT.DLL - ok
22: 31: 38.0811 0x1494 ctprxy2k - ok
22: 31: 38.0815 0x1494 CTSBLFX.DLL - ok
22: 31: 38.0819 0x1494 ctsfm2k - ok
22: 31: 38.0831 0x1494 DcomLaunch - ok
22: 31: 38.0834 0x1494 defragsvc - ok
22: 31: 38.0837 0x1494 DfsC - ok
22: 31: 38.0843 0x1494 dg_ssudbus - ok
22:31:38.0847 0x1494  Dhcp - ok
22: 31: 38.0854 0x1494 DIRECTIO - ok
22: 31: 38.0858 0x1494 discache - ok
22:31:38.0863 0x1494  Disk - ok
22: 31: 38.0867 0x1494 dmvsc - ok
22: 31: 38.0871 0x1494 Dnscache - ok
22:31:38.0874 0x1494  dot3svc - ok
22:31:38.0877 0x1494  DPS - ok
22: 31: 38.0881 0x1494 drmkaud - ok
22: 31: 38.0885 0x1494 dtsoftbus01 - ok
22: 31: 38.0888 0x1494 DXGKrnl - ok
22: 31: 38.0893 0x1494 EapHost - ok
22: 31: 38.0896 0x1494 ebdrv - ok
22: 31: 38.0899 0x1494 EFS - ok
22: 31: 38.0903 0x1494 ehRecvr - ok
22: 31: 38.0906 0x1494 ehSched - ok
22: 31: 38.0910 0x1494 elxstor - ok
22: 31: 38.0913 0x1494 emupia - ok
22: 31: 38.0916 0x1494 ErrDev - ok
22: 31: 38.0925 0x1494 EventSystem - ok
22: 31: 38.0931 0x1494 ewusbnet - ok
22: 31: 38.0935 0x1494 ew_hwusbdev - ok
22: 31: 38.0940 0x1494 ew_usbenumfilter - ok
22: 31: 38.0945 0x1494 EXFAT - ok
22: 31: 38.0949 0x1494 fastfat - ok
22:31:38.0954 0x1494  Fax - ok
22:31:38.0959 0x1494  fdc - ok
22: 31: 38.0971 0x1494 fdPHost - ok
22: 31: 38.0975 0x1494 FDResPub - ok
22: 31: 38.0980 0x1494 FileInfo - ok
22: 31: 38.0984 0x1494 Filetrace - ok
22: 31: 38.0989 0x1494 flpydisk - ok
22: 31: 38.0996 0x1494 FltMgr - ok
22: 31: 39.0000 0x1494 FontCache - ok
22: 31: 39.0004 0x1494 FontCache3.0.0.0 - ok
22: 31: 39.0009 0x1494 FsDepends - ok
22:31:39.0014 0x1494  Fs_Rec - ok
22: 31: 39.0024 0x1494 fussvc - ok
22: 31: 39.0030 0x1494 fvevol - ok
22: 31: 39.0034 0x1494 gagp30kx - ok
22: 31: 39.0039 0x1494 GEARAspiWDM - ok
22: 31: 39.0043 0x1494 ggflt - ok
22: 31: 39.0047 0x1494 ggsemc - ok
22: 31: 39.0052 0x1494 gpsvc - ok
22: 31: 39.0058 0x1494 gupdate - ok
22: 31: 39.0068 0x1494 gupdatem - ok
22: 31: 39.0072 0x1494 ha10kx2k - ok
22: 31: 39.0076 0x1494 hap16v2k - ok
22: 31: 39.0079 0x1494 hap17v2k - ok
22: 31: 39.0083 0x1494 hcw85cir - ok
22: 31: 39.0086 0x1494 HdAudAddService - ok
22: 31: 39.0094 0x1494 HDAudBus - ok
22: 31: 39.0098 0x1494 HidBatt - ok
22: 31: 39.0102 0x1494 HidBth - ok
22: 31: 39.0105 0x1494 HidIr - ok
22: 31: 39.0109 0x1494 hidserv - ok
22: 31: 39.0114 0x1494 HidUsb - ok
22: 31: 39.0118 0x1494 hkmsvc - ok
22: 31: 39.0122 0x1494 HomeGroupListener - ok
22: 31: 39.0125 0x1494 HomeGroupProvider - ok
22: 31: 39.0128 0x1494 HpSAMD - ok
22: 31: 39.0133 0x1494 HTCMonitorService - ok
22: 31: 39.0137 0x1494 htcnprot - ok
22:31:39.0140 0x1494  HTTP - ok
22: 31: 39.0144 0x1494 huawei_enumerator - ok
22: 31: 39.0148 0x1494 hwdatacard - ok
22: 31: 39.0153 0x1494 hwpolicy - ok
22:31:39.0156 0x1494  i8042prt - ok
22: 31: 39.0161 0x1494 iaStorV - ok
22: 31: 39.0164 0x1494 idsvc - ok
22: 31: 39.0167 0x1494 iirsp - ok
22: 31: 39.0171 0x1494 IKEEXT - ok
22: 31: 39.0178 0x1494 IntcAzAudAddService - ok
22: 31: 39.0181 0x1494 intelide - ok
22: 31: 39.0185 0x1494 intelppm - ok
22: 31: 39.0189 0x1494 IPBusEnum - ok
22: 31: 39.0193 0x1494 IpFilterDriver - ok
22: 31: 39.0196 0x1494 iphlpsvc - ok
22: 31: 39.0200 0x1494 IPMIDRV - ok
22: 31: 39.0203 0x1494 IPNAT - ok
22:31:39.0208 0x1494  iPod Service - ok
22: 31: 39.0210 0x1494 IRENUM - ok
22: 31: 39.0214 0x1494 isapnp - ok
22: 31: 39.0218 0x1494 iScsiPrt - ok
22: 31: 39.0242 0x1494 kbdclass - ok
22: 31: 39.0246 0x1494 kbdhid - ok
22: 31: 39.0250 0x1494 KeyIso - ok
22: 31: 39.0253 0x1494 KSecDD - ok
22: 31: 39.0257 0x1494 KSecPkg - ok
22: 31: 39.0261 0x1494 ksthunk - ok
22: 31: 39.0273 0x1494 KtmRm - ok
22: 31: 39.0276 0x1494 LanmanServer - ok
22: 31: 39.0280 0x1494 LanmanWorkstation - ok
22: 31: 39.0285 0x1494 LGBusEnum - ok
22: 31: 39.0289 0x1494 LGVirHid - ok
22: 31: 39.0292 0x1494 lltdio - ok
22: 31: 39.0295 0x1494 lltdsvc - ok
22: 31: 39.0299 0x1494 lmhosts - ok
22: 31: 39.0304 0x1494 LSI_FC - ok
22:31:39.0308 0x1494  LSI_SAS - ok
22:31:39.0312 0x1494  LSI_SAS2 - ok
22:31:39.0316 0x1494  LSI_SCSI - ok
22: 31: 39.0321 0x1494 luafv - ok
22: 31: 39.0323 0x1494 MBAMSwissArmy - ok
22:31:39.0328 0x1494  Mcx2Svc - ok
22: 31: 39.0332 0x1494 megasas - ok
22: 31: 39.0335 0x1494 MegaSR - ok
22:31:39.0338 0x1494  Microsoft SharePoint Workspace Audit Service - ok
22: 31: 39.0342 0x1494 MMCSS - ok
22:31:39.0346 0x1494  Modem - ok
22:31:39.0351 0x1494  monitor - ok
22: 31: 39.0356 0x1494 motandroidusb - ok
22:31:39.0369 0x1494  Motorola Device Manager - ok
22: 31: 39.0374 0x1494 mouclass - ok
22: 31: 39.0377 0x1494 mouhid - ok
22: 31: 39.0382 0x1494 mountmgr - ok
22: 31: 39.0386 0x1494 MozillaMaintenance - ok
22: 31: 39.0390 0x1494 MPIO - ok
22: 31: 39.0394 0x1494 mpsdrv - ok
22: 31: 39.0398 0x1494 MpsSvc - ok
22: 31: 39.0401 0x1494 MRxDAV - ok
22: 31: 39.0405 0x1494 mrxsmb - ok
22: 31: 39.0408 0x1494 mrxsmb10 - ok
22: 31: 39.0412 0x1494 mrxsmb20 - ok
22: 31: 39.0415 0x1494 msahci - ok
22: 31: 39.0418 0x1494 msdsm - ok
22: 31: 39.0422 0x1494 MSDTC - ok
22: 31: 39.0429 0x1494 MSFS - ok
22: 31: 39.0432 0x1494 mshidkmdf - ok
22: 31: 39.0436 0x1494 msisadrv - ok
22: 31: 39.0440 0x1494 MSiSCSI - ok
22: 31: 39.0444 0x1494 msiserver - ok
22: 31: 39.0448 0x1494 MSKSSRV - ok
22: 31: 39.0452 0x1494 MSPCLOCK - ok
22: 31: 39.0456 0x1494 MSPQM - ok
22: 31: 39.0458 0x1494 MsRPC - ok
22: 31: 39.0464 0x1494 mssmbios - ok
22: 31: 39.0467 0x1494 MSTEE - ok
22: 31: 39.0471 0x1494 MTConfig - ok
22: 31: 39.0474 0x1494 MUP - ok
22: 31: 39.0478 0x1494 napagent - ok
22: 31: 39.0482 0x1494 NativeWifiP - ok
22: 31: 39.0487 0x1494 NDIS - ok
22: 31: 39.0491 0x1494 NdisCap - ok
22: 31: 39.0495 0x1494 NdisTapi - ok
22: 31: 39.0499 0x1494 Ndisuio - ok
22: 31: 39.0501 0x1494 NdisWan - ok
22: 31: 39.0505 0x1494 NDProxy - ok
22: 31: 39.0509 0x1494 NetBIOS - ok
22: 31: 39.0512 0x1494 NetBT - ok
22: 31: 39.0516 0x1494 Netlogon - ok
22: 31: 39.0519 0x1494 Netman - ok
22: 31: 39.0523 0x1494 NetMsmqActivator - ok
22: 31: 39.0526 0x1494 NetPipeActivator - ok
22: 31: 39.0530 0x1494 netprofm - ok
22: 31: 39.0534 0x1494 netr28ux - ok
22: 31: 39.0538 0x1494 NetTcpActivator - ok
22: 31: 39.0541 0x1494 NetTcpPortSharing - ok
22: 31: 39.0544 0x1494 nfrd960 - ok
22: 31: 39.0549 0x1494 NlaSvc - ok
22: 31: 39.0553 0x1494 Npfs - ok
22:31:39.0557 0x1494  nsi - ok
22: 31: 39.0561 0x1494 nsiproxy - ok
22: 31: 39.0567 0x1494 NTFS - ok
22: 31: 39.0572 0x1494 nTuneService - ok
22: 31: 39.0578 0x1494 Null - ok
22: 31: 39.0607 0x1494 NVHDA - ok
22: 31: 39.0613 nvlddmkm 0x1494 - ok
22: 31: 39.0619 0x1494 NVR0Dev - ok
22: 31: 39.0623 0x1494 nvraid - ok
22: 31: 39.0625 0x1494 nvstor - ok
22: 31: 39.0632 0x1494 NvStreamSvc - ok
22: 31: 39.0637 0x1494 nvsvc - ok
22: 31: 39.0644 0x1494 nvUpdatusService - ok
22: 31: 39.0649 0x1494 nvvad_WaveExtensible - ok
22:31:39.0654 0x1494  nv_agp - ok
22: 31: 39.0659 0x1494 ohci1394 - ok
22: 31: 39.0668 0x1494 shrug - ok
22: 31: 39.0674 0x1494 osppsvc - ok
22: 31: 39.0679 0x1494 ossrv - ok
22: 31: 39.0687 0x1494 p2pimsvc - ok
22: 31: 39.0691 0x1494 p2psvc - ok
22: 31: 39.0695 0x1494 Parport - ok
22: 31: 39.0702 0x1494 partmgr - ok
22: 31: 39.0705 0x1494 PassThru Service - ok
22: 31: 39.0709 0x1494 PcaSvc - ok
22: 31: 39.0713 0x1494 pccsmcfd - ok
22:31:39.0717 0x1494  pci - ok
22: 31: 39.0722 0x1494 pciide - ok
22: 31: 39.0727 0x1494 PCMCIA - ok
22: 31: 39.0731 0x1494 PCW - ok
22: 31: 39.0736 0x1494 PEAUTH - ok
22: 31: 39.0740 0x1494 PeerDistSvc - ok
22: 31: 39.0746 0x1494 PerfHost - ok
22: 31: 39.0756 0x1494 PGPdisk - ok
22: 31: 39.0760 0x1494 pgpfs - ok
22: 31: 39.0765 0x1494 PGPsdkDriver - ok
22: 31: 39.0769 0x1494 PGPserv - ok
22: 31: 39.0774 0x1494 PGPwded - ok
22: 31: 39.0779 0x1494 Dish - ok
22: 31: 39.0813 0x1494 PlugPlay - ok
22: 31: 39.0819 0x1494 PnkBstrA - ok
22: 31: 39.0824 0x1494 PnkBstrB ​​- ok
22: 31: 39.0827 0x1494 PNRPAutoReg - ok
22: 31: 39.0833 0x1494 PNRPsvc - ok
22: 31: 39.0854 0x1494 PocketAudio - ok
22: 31: 39.0858 0x1494 PolicyAgent - ok
22:31:39.0864 0x1494  Power - ok
22: 31: 39.0867 0x1494 PptpMiniport - ok
22:31:39.0871 0x1494  Processor - ok
22: 31: 39.0875 0x1494 ProfSvc - ok
22: 31: 39.0877 0x1494 ProtectedStorage - ok
22: 31: 39.0881 0x1494 Psched - ok
22:31:39.0886 0x1494  PST Service - ok
22: 31: 39.0890 0x1494 PxHlpa64 - ok
22: 31: 39.0894 0x1494 ql2300 - ok
22: 31: 39.0897 0x1494 ql40xx - ok
22: 31: 39.0901 0x1494 QWAVE - ok
22: 31: 39.0904 0x1494 QWAVEdrv - ok
22: 31: 39.0909 0x1494 RapiMgr - ok
22: 31: 39.0913 0x1494 RasAcd - ok
22: 31: 39.0916 0x1494 RasAgileVpn - ok
22: 31: 39.0919 0x1494 RasAuto - ok
22: 31: 39.0923 0x1494 Rasl2tp - ok
22: 31: 39.0927 0x1494 RasMan - ok
22: 31: 39.0930 0x1494 RasPppoe - ok
22: 31: 39.0934 0x1494 RasSstp - ok
22: 31: 39.0937 0x1494 rdbss - ok
22: 31: 39.0941 0x1494 rdpbus - ok
22: 31: 39.0945 0x1494 RDPCDD - ok
22: 31: 39.0951 0x1494 RDPDR - ok
22: 31: 39.0956 0x1494 RDPENCDD - ok
22: 31: 39.0960 0x1494 RDPREFMP - ok
22: 31: 39.0966 0x1494 RdpVideoMiniport - ok
22: 31: 39.0969 0x1494 RDPWD - ok
22: 31: 39.0974 0x1494 rdyboost - ok
22: 31: 39.0985 0x1494 RealtekWlanU - ok
22: 31: 39.0990 0x1494 RemoteAccess - ok
22: 31: 39.0996 0x1494 RemoteRegistry - ok
22: 31: 40.0004 0x1494 RFCOMM - ok
22: 31: 40.0009 0x1494 RimUsb - ok
22: 31: 40.0020 0x1494 RpcEptMapper - ok
22: 31: 40.0024 0x1494 RpcLocator - ok
22: 31: 40.0028 0x1494 RpcSs - ok
22: 31: 40.0031 0x1494 rspndr - ok
22:31:40.0035 0x1494  RT61 - ok
22:31:40.0039 0x1494  rt61x64 - ok
22:31:40.0042 0x1494  rt70x64 - ok
22: 31: 40.0046 0x1494 RTL8167 - ok
22: 31: 40.0059 0x1494 RtlWlanu - ok
22: 31: 40.0064 0x1494 RunSwUSB - ok
22:31:40.0067 0x1494  s3cap - ok
22: 31: 40.0071 0x1494 SamSs - ok
22:31:40.0074 0x1494  sbp2port - ok
22: 31: 40.0078 0x1494 SCardSvr - ok
22: 31: 40.0082 0x1494 SCDEmu - ok
22: 31: 40.0085 0x1494 scfilter - ok
22:31:40.0090 0x1494  Schedule - ok
22: 31: 40.0094 0x1494 SCPolicySvc - ok
22: 31: 40.0099 0x1494 SDRSVC - ok
22: 31: 40.0104 0x1494 secdrv - ok
22: 31: 40.0108 0x1494 seclogon - ok
22: 31: 40.0112 0x1494 MEANING - ok
22: 31: 40.0116 0x1494 SensrSvc - ok
22: 31: 40.0122 0x1494 SensticPocketService - ok
22: 31: 40.0129 0x1494 Serenum - ok
22:31:40.0136 0x1494  Serial - ok
22: 31: 40.0141 0x1494 sermouse - ok
22: 31: 40.0153 0x1494 SessionEnv - ok
22: 31: 40.0158 0x1494 sffdisk - ok
22: 31: 40.0162 0x1494 sffp_mmc - ok
22: 31: 40.0167 0x1494 sffp_sd - ok
22: 31: 40.0172 0x1494 sfloppy - ok
22: 31: 40.0177 0x1494 SharedAccess - ok
22: 31: 40.0184 0x1494 ShellHWDetection - ok
22: 31: 40.0189 0x1494 SiSRaid2 - ok
22: 31: 40.0194 0x1494 SiSRaid4 - ok
22: 31: 40.0200 0x1494 SkypeUpdate - ok
22:31:40.0207 0x1494  Smb - ok
22: 31: 40.0214 0x1494 SNMPTRAP - ok
22:31:40.0219 0x1494  Sony PC Companion - ok
22: 31: 40.0225 0x1494 SpeedFan - ok
22: 31: 40.0229 0x1494 spldr - ok
22: 31: 40.0233 0x1494 Spooler - ok
22: 31: 40.0236 0x1494 sppsvc - ok
22: 31: 40.0240 0x1494 sppuinotify - ok
22: 31: 40.0243 0x1494 SRV - ok
22: 31: 40.0247 0x1494 srv2 - ok
22: 31: 40.0250 0x1494 srvnet - ok
22: 31: 40.0271 0x1494 sscdbus - ok
22: 31: 40.0283 0x1494 sscdmdfl - ok
22: 31: 40.0291 0x1494 sscdmdm - ok
22: 31: 40.0295 0x1494 SSDPSRV - ok
22: 31: 40.0298 0x1494 SstpSvc - ok
22: 31: 40.0303 0x1494 ssudmdm - ok
22:31:40.0320 0x1494  Steam Client Service - ok
22:31:40.0330 0x1494  Stereo Service - ok
22: 31: 40.0334 0x1494 stexstor - ok
22: 31: 40.0340 0x1494 stisvc - ok
22: 31: 40.0344 0x1494 storflt - ok
22: 31: 40.0451 0x1494 storvsc - ok
22: 31: 40.0456 0x1494 swenum - ok
22:31:40.0484 0x1494  SwitchBoard - ok
22: 31: 40.0489 0x1494 swprv - ok
22: 31: 40.0494 0x1494 Synth3dVsc - ok
22: 31: 40.0499 0x1494 SysMain - ok
22: 31: 40.0502 0x1494 TabletInputService - ok
22: 31: 40.0507 0x1494 TapiSrv - ok
22:31:40.0512 0x1494  TBS - ok
22: 31: 40.0516 0x1494 Tcpip - ok
22: 31: 40.0536 0x1494 Tcpip6 - ok
22: 31: 40.0541 0x1494 tcpipreg - ok
22: 31: 40.0548 0x1494 TDPIPE - ok
22: 31: 40.0552 0x1494 TDTCP - ok
22: 31: 40.0556 0x1494 TDX - ok
22: 31: 40.0566 0x1494 Te.Service - ok
22: 31: 40.0571 0x1494 TermDD - ok
22: 31: 40.0575 0x1494 terminpt - ok
22: 31: 40.0578 0x1494 TermService - ok
22:31:40.0582 0x1494  Themes - ok
22: 31: 40.0585 0x1494 THREADORDER - ok
22: 31: 40.0589 0x1494 TrkWks - ok
22: 31: 40.0595 0x1494 TrueSight - ok
22: 31: 40.0599 0x1494 TrustedInstaller - ok
22: 31: 40.0605 0x1494 tssecsrv - ok
22: 31: 40.0609 0x1494 TsUsbFlt - ok
22: 31: 40.0613 0x1494 TsUsbGD - ok
22: 31: 40.0617 0x1494 tsusbhub - ok
22:31:40.0629 0x1494  tunnel - ok
22: 31: 40.0633 0x1494 uagp35 - ok
22: 31: 40.0639 0x1494 udfs - ok
22:31:40.0647 0x1494  UI0Detect - ok
22: 31: 40.0652 0x1494 uliagpkx - ok
22: 31: 40.0657 0x1494 umbus - ok
22: 31: 40.0661 0x1494 UmPass - ok
22: 31: 40.0664 0x1494 UmRdpService - ok
22: 31: 40.0668 0x1494 upnphost - ok
22: 31: 40.0672 0x1494 USBAAPL64 - ok
22: 31: 40.0681 0x1494 usbaudio - ok
22: 31: 40.0685 0x1494 usbccgp - ok
22: 31: 40.0689 0x1494 usbcir - ok
22: 31: 40.0692 0x1494 usbehci - ok
22: 31: 40.0696 0x1494 usbhub - ok
22: 31: 40.0700 0x1494 usbohci - ok
22: 31: 40.0705 0x1494 usbprint - ok
22: 31: 40.0708 0x1494 USBSTOR - ok
22: 31: 40.0712 0x1494 usbuhci - ok
22: 31: 40.0716 0x1494 usb_rndisx - ok
22: 31: 40.0720 0x1494 UxSms - ok
22: 31: 40.0724 0x1494 VaultSvc - ok
22: 31: 40.0729 0x1494 VBoxDrv - ok
22: 31: 40.0734 0x1494 VBoxNetAdp - ok
22: 31: 40.0743 0x1494 VBoxNetFlt - ok
22: 31: 40.0749 0x1494 VBoxUSBMon - ok
22: 31: 40.0752 0x1494 vdrvroot - ok
22: 31: 40.0756 0x1494 VDS - ok
22:31:40.0760 0x1494  vga - ok
22: 31: 40.0763 0x1494 VgaSave - ok
22: 31: 40.0767 0x1494 VGPU - ok
22: 31: 40.0771 0x1494 vhdmp - ok
22: 31: 40.0775 0x1494 viaide - ok
22: 31: 40.0779 0x1494 VmbService - ok
22: 31: 40.0782 0x1494 vmbus - ok
22: 31: 40.0787 0x1494 VMBusHID - ok
22: 31: 40.0791 0x1494 volmgr - ok
22: 31: 40.0795 0x1494 volmgrx - ok
22: 31: 40.0799 0x1494 volsnap - ok
22: 31: 40.0808 0x1494 vsmraid - ok
22:31:40.0812 0x1494  VSS - ok
22: 31: 40.0815 0x1494 vwifibus - ok
22: 31: 40.0820 0x1494 vwififlt - ok
22: 31: 40.0825 0x1494 vwifimp - ok
22: 31: 40.0829 0x1494 W32Time - ok
22: 31: 40.0834 0x1494 WacomPen - ok
22: 31: 40.0839 0x1494 WANARP - ok
22: 31: 40.0843 0x1494 Wanarpv6 - ok
22: 31: 40.0846 0x1494 WatAdminSvc - ok
22: 31: 40.0851 0x1494 wbengine - ok
22: 31: 40.0855 0x1494 WbioSrvc - ok
22: 31: 40.0884 0x1494 WcesComm - ok
22: 31: 40.0889 0x1494 wcncsvc - ok
22: 31: 40.0894 0x1494 WcsPlugInService - ok
22:31:40.0899 0x1494  Wd - ok
22: 31: 40.0905 0x1494 Wdf01000 - ok
22: 31: 40.0913 0x1494 WdiServiceHost - ok
22: 31: 40.0917 0x1494 WdiSystemHost - ok
22: 31: 40.0921 0x1494 WebClient - ok
22: 31: 40.0925 0x1494 Wecsvc - ok
22: 31: 40.0929 0x1494 wercplsupport - ok
22: 31: 40.0934 0x1494 WerSvc - ok
22: 31: 40.0938 0x1494 WfpLwf - ok
22: 31: 40.0943 0x1494 WIMMount - ok
22: 31: 40.0946 0x1494 WinDefend - ok
22: 31: 40.0955 0x1494 WinHttpAutoProxySvc - ok
22: 31: 40.0958 0x1494 Winmgmt - ok
22: 31: 40.0962 0x1494 WinRM - ok
22: 31: 40.0979 0x1494 WinUsb - ok
22: 31: 40.0983 0x1494 Wlansvc - ok
22: 31: 40.0987 0x1494 WmiAcpi - ok
22: 31: 40.0993 0x1494 wmiApSrv - ok
22: 31: 40.0998 0x1494 WMPNetworkSvc - ok
22: 31: 41.0002 0x1494 WPCSvc - ok
22: 31: 41.0006 0x1494 WPDBusEnum - ok
22: 31: 41.0009 0x1494 ws2ifsl - ok
22: 31: 41.0013 0x1494 wscsvc - ok
22: 31: 41.0016 0x1494 WSearch - ok
22: 31: 41.0022 0x1494 wuauserv - ok
22: 31: 41.0025 0x1494 WudfPf - ok
22: 31: 41.0038 0x1494 WUDFRd - ok
22: 31: 41.0041 0x1494 wudfsvc - ok
22: 31: 41.0046 0x1494 WwanSvc - ok
22:31:41.0174 0x1494  ================ Scan global ===============================
22:31:41.0175 0x1494  [ Global ] - ok
22: 31: 41.0176 0x1494 ================ Scan MBR ========================== ========
22: 31: 41.0187 0x1494 [D9ED010585B8E1FA022BC50A72EA116A] \ Device \ Harddisk0 \ DR0
22: 31: 41.0289 0x1494 \ Device \ Harddisk0 \ DR0 - ok
22: 31: 41.0290 0x1494 ================ Scan VBR ========================== ========
22: 31: 41.0292 0x1494 [9CE8FC5094DC58CB76A6A21FC0E773A1] \ Device \ Harddisk0 \ DR0 \ Partition1
22: 31: 41.0292 0x1494 \ Device \ Harddisk0 \ DR0 \ Partition1 - ok
22: 31: 41.0293 0x1494 ================ Scan generically Autorun ======================
22: 31: 41.0293 0x1494 Nvtmru - ok
22: 31: 41.0295 0x1494 RTHDVCPL - ok
22: 31: 41.0296 0x1494 AsioReg - ok
22: 31: 41.0298 0x1494 avgnt - ok
22: 31: 41.0300 0x1494 SunJavaUpdateSched - ok
22:31:41.0301 0x1494  Remote Control Server - ok
22: 31: 41.0303 0x1494 NVIDIA nTune - ok
22:31:41.0305 0x1494  Sidebar - ok
22: 31: 41.0306 0x1494 mctadmin - ok
22:31:41.0308 0x1494  Sidebar - ok
22: 31: 41.0310 0x1494 NVIDIA nTune - ok
22:31:41.0313 0x1494  Remote Control Server - ok
22: 31: 41.0313 0x1494 mctadmin - ok
22: 31: 41.0315 0x1494 InetReg - ok
22: 31: 41.0478 0x1494 AV sensing via SS2: Avira Desktop, C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ wsctool.exe (14.0.5.376), 0x40000 (disabled: updated)
22:31:41.0531 0x1494  Win FW state via NFP2: disabled
22:31:43.0896 0x1494  ============================================================
22:31:43.0896 0x1494  Scan finished
22:31:43.0896 0x1494  ============================================================
22:31:43.0909 0x148c  Detected object count: 0
22:31:43.0909 0x148c  Actual detected object count: 0
22:32:38.0731 0x15ec  ============================================================
22:32:38.0731 0x15ec  Scan started
22: 32: 38.0731 0x15ec Mode: Manual; SigCheck; TDLFS;
22:32:38.0731 0x15ec  ============================================================
22: 32: 38.0731 0x15ec KSN ping Started
22: 32: 41.0077 0x15ec KSN ping Finished: true
22:32:43.0332 0x15ec  ================ Scan system memory ========================
22:32:43.0332 0x15ec  System memory - ok
22:32:43.0332 0x15ec  ================ Scan services =============================
22: 32: 43.0335 0x15ec 1394ohci - ok
22: 32: 43.0335 0x15ec acpi - ok
22: 32: 43.0336 0x15ec AcpiPmi - ok
22: 32: 43.0337 0x15ec ACSSCR - ok
22: 32: 43.0338 0x15ec AdobeARMservice - ok
22: 32: 43.0339 0x15ec adp94xx - ok
22: 32: 43.0340 0x15ec adpahci - ok
22: 32: 43.0341 0x15ec adpu320 - ok
22: 32: 43.0342 0x15ec ADUServiceNSRT - ok
22: 32: 43.0343 0x15ec AeLookupSvc - ok
22: 32: 43.0344 0x15ec AFD - ok
22:32:43.0345 0x15ec  agp440 - ok
22: 32: 43.0346 0x15ec ALG - ok
22: 32: 43.0346 0x15ec aliide - ok
22: 32: 43.0347 0x15ec amdide - ok
22: 32: 43.0348 0x15ec AmdK8 - ok
22: 32: 43.0349 0x15ec AmdPPM - ok
22: 32: 43.0350 0x15ec amdsata - ok
22: 32: 43.0350 0x15ec amdsbs - ok
22: 32: 43.0351 0x15ec amdxata - ok
22:32:43.0352 0x15ec  AntiVirSchedulerService - ok
22: 32: 43.0353 0x15ec AntiVirService - ok
22: 32: 43.0354 0x15ec AppID - ok
22: 32: 43.0355 0x15ec AppIDSvc - ok
22: 32: 43.0356 0x15ec Appinfo - ok
22:32:43.0357 0x15ec  Apple Mobile Device - ok
22: 32: 43.0358 0x15ec AppMgmt - ok
22:32:43.0359 0x15ec  arc - ok
22: 32: 43.0360 0x15ec arcsas - ok
22: 32: 43.0362 0x15ec aspnet_state - ok
22: 32: 43.0363 0x15ec AsyncMac - ok
22: 32: 43.0364 0x15ec atapi - ok
22: 32: 43.0364 0x15ec athr - ok
22: 32: 43.0365 0x15ec AudioEndpointBuilder - ok
22: 32: 43.0366 0x15ec AudioSrv - ok
22: 32: 43.0367 0x15ec avgntflt - ok
22: 32: 43.0368 0x15ec avipbb - ok
22: 32: 43.0369 0x15ec avkmgr - ok
22: 32: 43.0370 0x15ec avshws - ok
22: 32: 43.0371 0x15ec AxInstSV - ok
22: 32: 43.0372 0x15ec b06bdrv - ok
22:32:43.0373 0x15ec  b57nd60a - ok
22: 32: 43.0374 0x15ec BDESVC - ok
22:32:43.0375 0x15ec  Beep - ok
22: 32: 43.0375 0x15ec BFE - ok
22:32:43.0377 0x15ec  BITS - ok
22: 32: 43.0377 0x15ec blbdrive - ok
22: 32: 43.0378 0x15ec Bonjour Service - ok
22:32:43.0379 0x15ec  bowser - ok
22: 32: 43.0380 0x15ec BrFiltLo - ok
22: 32: 43.0381 0x15ec BrFiltUp - ok
22: 32: 43.0382 0x15ec BridgeMP - ok
22:32:43.0383 0x15ec  Browser - ok
22: 32: 43.0384 0x15ec Brserid - ok
22: 32: 43.0385 0x15ec BrSerWdm - ok
22: 32: 43.0386 0x15ec BrUsbMdm - ok
22: 32: 43.0387 0x15ec BrUsbSer - ok
22: 32: 43.0388 0x15ec BSMEM - ok
22: 32: 43.0389 0x15ec BSMI - ok
22: 32: 43.0389 0x15ec BthEnum - ok
22: 32: 43.0390 0x15ec BTHMODEM - ok
22: 32: 43.0391 0x15ec BthPan - ok
22: 32: 43.0392 0x15ec BTHPORT - ok
22: 32: 43.0393 0x15ec bthserv - ok
22: 32: 43.0394 0x15ec BTHUSB - ok
22: 32: 43.0396 0x15ec btwaudio - ok
22: 32: 43.0397 0x15ec btwavdt - ok
22: 32: 43.0398 0x15ec btwrchid - ok
22: 32: 43.0399 0x15ec catchme - ok
22: 32: 43.0400 0x15ec cdfs - ok
22: 32: 43.0401 0x15ec cdrom - ok
22: 32: 43.0402 0x15ec CertPropSvc - ok
22: 32: 43.0403 0x15ec circlass - ok
22: 32: 43.0404 0x15ec CLFS - ok
22: 32: 43.0405 0x15ec clr_optimization_v2.0.50727_32 - ok
22: 32: 43.0406 0x15ec clr_optimization_v2.0.50727_64 - ok
22: 32: 43.0407 0x15ec clr_optimization_v4.0.30319_32 - ok
22: 32: 43.0408 0x15ec clr_optimization_v4.0.30319_64 - ok
22: 32: 43.0409 0x15ec CmBatt - ok
22: 32: 43.0410 0x15ec cmdide - ok
22:32:43.0411 0x15ec  CNG - ok
22: 32: 43.0412 0x15ec COMMONFX.DLL - ok
22: 32: 43.0413 0x15ec Compbatt - ok
22: 32: 43.0414 0x15ec CompositeBus - ok
22: 32: 43.0415 0x15ec COMSysApp - ok
22: 32: 43.0416 0x15ec crcdisk - ok
22: 32: 43.0417 0x15ec CryptSvc - ok
22:32:43.0418 0x15ec  CSC - ok
22: 32: 43.0419 0x15ec CscService - ok
22: 32: 43.0420 0x15ec CT20XUT.DLL - ok
22: 32: 43.0421 0x15ec ctac32k - ok
22: 32: 43.0422 0x15ec ctaud2k - ok
22: 32: 43.0423 0x15ec CTAUDFX.DLL - ok
22: 32: 43.0424 0x15ec CTEAPSFX.DLL - ok
22: 32: 43.0425 0x15ec CTEDSPFX.DLL - ok
22: 32: 43.0426 0x15ec CTEDSPIO.DLL - ok
22: 32: 43.0427 0x15ec CTEDSPSY.DLL - ok
22: 32: 43.0429 0x15ec CTERFXFX.DLL - ok
22: 32: 43.0430 0x15ec CTEXFIFX.DLL - ok
22: 32: 43.0431 0x15ec CTHWIUT.DLL - ok
22: 32: 43.0432 0x15ec ctprxy2k - ok
22: 32: 43.0433 0x15ec CTSBLFX.DLL - ok
22: 32: 43.0434 0x15ec ctsfm2k - ok
22: 32: 43.0435 0x15ec DcomLaunch - ok
22: 32: 43.0437 0x15ec defragsvc - ok
22: 32: 43.0438 0x15ec DfsC - ok
22: 32: 43.0439 0x15ec dg_ssudbus - ok
22:32:43.0440 0x15ec  Dhcp - ok
22: 32: 43.0441 0x15ec DIRECTIO - ok
22: 32: 43.0442 0x15ec discache - ok
22:32:43.0443 0x15ec  Disk - ok
22: 32: 43.0444 0x15ec dmvsc - ok
22: 32: 43.0445 0x15ec Dnscache - ok
22:32:43.0446 0x15ec  dot3svc - ok
22:32:43.0448 0x15ec  DPS - ok
22: 32: 43.0449 0x15ec drmkaud - ok
22: 32: 43.0450 0x15ec dtsoftbus01 - ok
22: 32: 43.0451 0x15ec DXGKrnl - ok
22: 32: 43.0452 0x15ec EapHost - ok
22: 32: 43.0453 0x15ec ebdrv - ok
22: 32: 43.0455 0x15ec EFS - ok
22: 32: 43.0456 0x15ec ehRecvr - ok
22: 32: 43.0457 0x15ec ehSched - ok
22: 32: 43.0458 0x15ec elxstor - ok
22: 32: 43.0458 0x15ec emupia - ok
22: 32: 43.0459 0x15ec ErrDev - ok
22: 32: 43.0462 0x15ec EventSystem - ok
22: 32: 43.0463 0x15ec ewusbnet - ok
22: 32: 43.0464 0x15ec ew_hwusbdev - ok
22: 32: 43.0465 0x15ec ew_usbenumfilter - ok
22: 32: 43.0466 0x15ec EXFAT - ok
22: 32: 43.0468 0x15ec fastfat - ok
22:32:43.0469 0x15ec  Fax - ok
22:32:43.0470 0x15ec  fdc - ok
22: 32: 43.0471 0x15ec fdPHost - ok
22: 32: 43.0472 0x15ec FDResPub - ok
22: 32: 43.0473 0x15ec FileInfo - ok
22: 32: 43.0474 0x15ec Filetrace - ok
22: 32: 43.0475 0x15ec flpydisk - ok
22: 32: 43.0477 0x15ec FltMgr - ok
22: 32: 43.0478 0x15ec FontCache - ok
22: 32: 43.0479 0x15ec FontCache3.0.0.0 - ok
22: 32: 43.0480 0x15ec FsDepends - ok
22:32:43.0481 0x15ec  Fs_Rec - ok
22: 32: 43.0483 0x15ec fussvc - ok
22: 32: 43.0484 0x15ec fvevol - ok
22: 32: 43.0485 0x15ec gagp30kx - ok
22: 32: 43.0486 0x15ec GEARAspiWDM - ok
22: 32: 43.0487 0x15ec ggflt - ok
22: 32: 43.0488 0x15ec ggsemc - ok
22: 32: 43.0489 0x15ec gpsvc - ok
22: 32: 43.0491 0x15ec gupdate - ok
22: 32: 43.0492 0x15ec gupdatem - ok
22: 32: 43.0493 0x15ec ha10kx2k - ok
22: 32: 43.0494 0x15ec hap16v2k - ok
22: 32: 43.0495 0x15ec hap17v2k - ok
22: 32: 43.0496 0x15ec hcw85cir - ok
22: 32: 43.0497 0x15ec HdAudAddService - ok
22: 32: 43.0498 0x15ec HDAudBus - ok
22: 32: 43.0499 0x15ec HidBatt - ok
22: 32: 43.0500 0x15ec HidBth - ok
22: 32: 43.0501 0x15ec HidIr - ok
22: 32: 43.0502 0x15ec hidserv - ok
22: 32: 43.0503 0x15ec HidUsb - ok
22: 32: 43.0504 0x15ec hkmsvc - ok
22: 32: 43.0505 0x15ec HomeGroupListener - ok
22:32:43.0507 0x15ec  HomeGroupProvider - ok
22: 32: 43.0508 0x15ec HpSAMD - ok
22: 32: 43.0509 0x15ec HTCMonitorService - ok
22: 32: 43.0510 0x15ec htcnprot - ok
22:32:43.0511 0x15ec  HTTP - ok
22: 32: 43.0513 0x15ec huawei_enumerator - ok
22: 32: 43.0514 0x15ec hwdatacard - ok
22: 32: 43.0515 0x15ec hwpolicy - ok
22:32:43.0516 0x15ec  i8042prt - ok
22: 32: 43.0517 0x15ec iaStorV - ok
22: 32: 43.0518 0x15ec idsvc - ok
22: 32: 43.0520 0x15ec iirsp - ok
22: 32: 43.0521 0x15ec IKEEXT - ok
22: 32: 43.0523 0x15ec IntcAzAudAddService - ok
22: 32: 43.0524 0x15ec intelide - ok
22: 32: 43.0525 0x15ec intelppm - ok
22: 32: 43.0526 0x15ec IPBusEnum - ok
22: 32: 43.0527 0x15ec IpFilterDriver - ok
22: 32: 43.0529 0x15ec iphlpsvc - ok
22: 32: 43.0530 0x15ec IPMIDRV - ok
22: 32: 43.0532 0x15ec IPNAT - ok
22:32:43.0533 0x15ec  iPod Service - ok
22: 32: 43.0534 0x15ec IRENUM - ok
22: 32: 43.0535 0x15ec isapnp - ok
22: 32: 43.0537 0x15ec iScsiPrt - ok
22: 32: 43.0538 0x15ec kbdclass - ok
22: 32: 43.0539 0x15ec kbdhid - ok
22: 32: 43.0540 0x15ec KeyIso - ok
22: 32: 43.0541 0x15ec KSecDD - ok
22: 32: 43.0542 0x15ec KSecPkg - ok
22: 32: 43.0544 0x15ec ksthunk - ok
22: 32: 43.0545 0x15ec KtmRm - ok
22: 32: 43.0547 0x15ec LanmanServer - ok
22: 32: 43.0549 0x15ec LanmanWorkstation - ok
22: 32: 43.0551 0x15ec LGBusEnum - ok
22: 32: 43.0552 0x15ec LGVirHid - ok
22: 32: 43.0554 0x15ec lltdio - ok
22: 32: 43.0555 0x15ec lltdsvc - ok
22: 32: 43.0557 0x15ec lmhosts - ok
22: 32: 43.0560 0x15ec LSI_FC - ok
22:32:43.0561 0x15ec  LSI_SAS - ok
22:32:43.0563 0x15ec  LSI_SAS2 - ok
22:32:43.0564 0x15ec  LSI_SCSI - ok
22: 32: 43.0566 0x15ec luafv - ok
22: 32: 43.0567 0x15ec MBAMSwissArmy - ok
22:32:43.0569 0x15ec  Mcx2Svc - ok
22: 32: 43.0570 0x15ec megasas - ok
22: 32: 43.0571 0x15ec MegaSR - ok
22:32:43.0573 0x15ec  Microsoft SharePoint Workspace Audit Service - ok
22: 32: 43.0575 0x15ec MMCSS - ok
22:32:43.0576 0x15ec  Modem - ok
22:32:43.0577 0x15ec  monitor - ok
22: 32: 43.0578 0x15ec motandroidusb - ok
22:32:43.0580 0x15ec  Motorola Device Manager - ok
22: 32: 43.0581 0x15ec mouclass - ok
22: 32: 43.0583 0x15ec mouhid - ok
22: 32: 43.0583 0x15ec mountmgr - ok
22: 32: 43.0585 0x15ec MozillaMaintenance - ok
22: 32: 43.0587 0x15ec MPIO - ok
22: 32: 43.0588 0x15ec mpsdrv - ok
22: 32: 43.0590 0x15ec MpsSvc - ok
22: 32: 43.0592 0x15ec MRxDAV - ok
22: 32: 43.0594 0x15ec mrxsmb - ok
22: 32: 43.0595 0x15ec mrxsmb10 - ok
22: 32: 43.0597 0x15ec mrxsmb20 - ok
22: 32: 43.0598 0x15ec msahci - ok
22: 32: 43.0600 0x15ec msdsm - ok
22: 32: 43.0601 0x15ec MSDTC - ok
22: 32: 43.0604 0x15ec MSFS - ok
22: 32: 43.0606 0x15ec mshidkmdf - ok
22: 32: 43.0608 0x15ec msisadrv - ok
22: 32: 43.0609 0x15ec MSiSCSI - ok
22: 32: 43.0611 0x15ec msiserver - ok
22: 32: 43.0613 0x15ec MSKSSRV - ok
22: 32: 43.0614 0x15ec MSPCLOCK - ok
22: 32: 43.0616 0x15ec MSPQM - ok
22: 32: 43.0617 0x15ec MsRPC - ok
22: 32: 43.0620 0x15ec mssmbios - ok
22: 32: 43.0621 0x15ec MSTEE - ok
22: 32: 43.0623 0x15ec MTConfig - ok
22: 32: 43.0625 0x15ec MUP - ok
22: 32: 43.0626 0x15ec napagent - ok
22: 32: 43.0627 0x15ec NativeWifiP - ok
22: 32: 43.0629 0x15ec NDIS - ok
22: 32: 43.0630 0x15ec NdisCap - ok
22: 32: 43.0631 0x15ec NdisTapi - ok
22: 32: 43.0633 0x15ec Ndisuio - ok
22: 32: 43.0634 0x15ec NdisWan - ok
22: 32: 43.0635 0x15ec NDProxy - ok
22: 32: 43.0637 0x15ec NetBIOS - ok
22: 32: 43.0638 0x15ec NetBT - ok
22: 32: 43.0640 0x15ec Netlogon - ok
22: 32: 43.0641 0x15ec Netman - ok
22: 32: 43.0666 0x15ec NetMsmqActivator - ok
22: 32: 43.0667 0x15ec NetPipeActivator - ok
22: 32: 43.0669 0x15ec netprofm - ok
22: 32: 43.0671 0x15ec netr28ux - ok
22: 32: 43.0673 0x15ec NetTcpActivator - ok
22:32:43.0674 0x15ec  NetTcpPortSharing - ok
22: 32: 43.0676 0x15ec nfrd960 - ok
22: 32: 43.0678 0x15ec NlaSvc - ok
22: 32: 43.0679 0x15ec Npfs - ok
22:32:43.0681 0x15ec  nsi - ok
22: 32: 43.0683 0x15ec nsiproxy - ok
22: 32: 43.0685 0x15ec NTFS - ok
22: 32: 43.0686 0x15ec nTuneService - ok
22: 32: 43.0688 0x15ec Null - ok
22: 32: 43.0689 0x15ec NVHDA - ok
22: 32: 43.0691 0x15ec nvlddmkm - ok
22: 32: 43.0693 0x15ec NVR0Dev - ok
22: 32: 43.0694 0x15ec nvraid - ok
22: 32: 43.0696 0x15ec nvstor - ok
22: 32: 43.0697 0x15ec NvStreamSvc - ok
22: 32: 43.0699 0x15ec nvsvc - ok
22: 32: 43.0701 0x15ec nvUpdatusService - ok
22: 32: 43.0704 0x15ec nvvad_WaveExtensible - ok
22:32:43.0705 0x15ec  nv_agp - ok
22: 32: 43.0707 0x15ec ohci1394 - ok
22: 32: 43.0708 0x15ec shrug - ok
22: 32: 43.0710 0x15ec osppsvc - ok
22: 32: 43.0711 0x15ec ossrv - ok
22: 32: 43.0714 0x15ec p2pimsvc - ok
22: 32: 43.0716 0x15ec p2psvc - ok
22: 32: 43.0718 0x15ec Parport - ok
22: 32: 43.0719 0x15ec partmgr - ok
22: 32: 43.0720 0x15ec PassThru Service - ok
22: 32: 43.0722 0x15ec PcaSvc - ok
22: 32: 43.0723 0x15ec pccsmcfd - ok
22:32:43.0725 0x15ec  pci - ok
22: 32: 43.0727 0x15ec pciide - ok
22: 32: 43.0728 0x15ec PCMCIA - ok
22: 32: 43.0729 0x15ec PCW - ok
22: 32: 43.0731 0x15ec PEAUTH - ok
22: 32: 43.0733 0x15ec PeerDistSvc - ok
22: 32: 43.0735 0x15ec PerfHost - ok
22: 32: 43.0740 0x15ec PGPdisk - ok
22: 32: 43.0741 0x15ec pgpfs - ok
22: 32: 43.0744 0x15ec PGPsdkDriver - ok
22: 32: 43.0745 0x15ec PGPserv - ok
22: 32: 43.0747 0x15ec PGPwded - ok
22: 32: 43.0749 0x15ec Dish - ok
22: 32: 43.0750 0x15ec PlugPlay - ok
22: 32: 43.0751 0x15ec PnkBstrA - ok
22: 32: 43.0752 0x15ec PnkBstrB ​​- ok
22: 32: 43.0754 0x15ec PNRPAutoReg - ok
22: 32: 43.0755 0x15ec PNRPsvc - ok
22: 32: 43.0757 0x15ec PocketAudio - ok
22: 32: 43.0759 0x15ec PolicyAgent - ok
22:32:43.0762 0x15ec  Power - ok
22: 32: 43.0763 0x15ec PptpMiniport - ok
22:32:43.0765 0x15ec  Processor - ok
22: 32: 43.0767 0x15ec ProfSvc - ok
22:32:43.0769 0x15ec  ProtectedStorage - ok
22: 32: 43.0771 0x15ec Psched - ok
22:32:43.0773 0x15ec  PST Service - ok
22: 32: 43.0775 0x15ec PxHlpa64 - ok
22: 32: 43.0776 0x15ec ql2300 - ok
22: 32: 43.0778 0x15ec ql40xx - ok
22: 32: 43.0779 0x15ec QWAVE - ok
22: 32: 43.0781 0x15ec QWAVEdrv - ok
22: 32: 43.0784 0x15ec RapiMgr - ok
22: 32: 43.0786 0x15ec RasAcd - ok
22: 32: 43.0788 0x15ec RasAgileVpn - ok
22: 32: 43.0789 0x15ec RasAuto - ok
22: 32: 43.0791 0x15ec Rasl2tp - ok
22: 32: 43.0792 0x15ec RasMan - ok
22: 32: 43.0794 0x15ec RasPppoe - ok
22: 32: 43.0796 0x15ec RasSstp - ok
22: 32: 43.0798 0x15ec rdbss - ok
22: 32: 43.0799 0x15ec rdpbus - ok
22: 32: 43.0801 0x15ec RDPCDD - ok
22: 32: 43.0803 0x15ec RDPDR - ok
22: 32: 43.0805 0x15ec RDPENCDD - ok
22: 32: 43.0807 0x15ec RDPREFMP - ok
22: 32: 43.0810 0x15ec RdpVideoMiniport - ok
22: 32: 43.0814 0x15ec RDPWD - ok
22: 32: 43.0816 0x15ec rdyboost - ok
22: 32: 43.0817 0x15ec RealtekWlanU - ok
22: 32: 43.0819 0x15ec RemoteAccess - ok
22: 32: 43.0820 0x15ec RemoteRegistry - ok
22: 32: 43.0822 0x15ec RFCOMM - ok
22: 32: 43.0823 0x15ec RimUsb - ok
22: 32: 43.0825 0x15ec RpcEptMapper - ok
22: 32: 43.0827 0x15ec RpcLocator - ok
22: 32: 43.0828 0x15ec RpcSs - ok
22: 32: 43.0832 0x15ec rspndr - ok
22:32:43.0833 0x15ec  RT61 - ok
22:32:43.0834 0x15ec  rt61x64 - ok
22:32:43.0836 0x15ec  rt70x64 - ok
22: 32: 43.0837 0x15ec RTL8167 - ok
22: 32: 43.0839 0x15ec RtlWlanu - ok
22: 32: 43.0840 0x15ec RunSwUSB - ok
22:32:43.0842 0x15ec  s3cap - ok
22: 32: 43.0844 0x15ec SamSs - ok
22:32:43.0846 0x15ec  sbp2port - ok
22: 32: 43.0847 0x15ec SCardSvr - ok
22: 32: 43.0849 0x15ec SCDEmu - ok
22: 32: 43.0851 0x15ec scfilter - ok
22:32:43.0853 0x15ec  Schedule - ok
22: 32: 43.0854 0x15ec SCPolicySvc - ok
22: 32: 43.0856 0x15ec SDRSVC - ok
22: 32: 43.0857 0x15ec secdrv - ok
22: 32: 43.0859 0x15ec seclogon - ok
22: 32: 43.0861 0x15ec MEANING - ok
22: 32: 43.0863 0x15ec SensrSvc - ok
22: 32: 43.0864 0x15ec SensticPocketService - ok
22: 32: 43.0866 0x15ec Serenum - ok
22:32:43.0867 0x15ec  Serial - ok
22: 32: 43.0869 0x15ec sermouse - ok
22: 32: 43.0874 0x15ec SessionEnv - ok
22: 32: 43.0875 0x15ec sffdisk - ok
22: 32: 43.0876 0x15ec sffp_mmc - ok
22: 32: 43.0877 0x15ec sffp_sd - ok
22: 32: 43.0879 0x15ec sfloppy - ok
22:32:43.0886 0x15ec  SharedAccess - ok
22: 32: 43.0888 0x15ec ShellHWDetection - ok
22: 32: 43.0889 0x15ec SiSRaid2 - ok
22: 32: 43.0891 0x15ec SiSRaid4 - ok
22: 32: 43.0892 0x15ec SkypeUpdate - ok
22:32:43.0894 0x15ec  Smb - ok
22: 32: 43.0898 0x15ec SNMPTRAP - ok
22:32:43.0900 0x15ec  Sony PC Companion - ok
22: 32: 43.0901 0x15ec SpeedFan - ok
22: 32: 43.0903 0x15ec spldr - ok
22: 32: 43.0904 0x15ec Spooler - ok
22: 32: 43.0906 0x15ec sppsvc - ok
22: 32: 43.0907 0x15ec sppuinotify - ok
22: 32: 43.0909 0x15ec SRV - ok
22: 32: 43.0911 0x15ec srv2 - ok
22: 32: 43.0912 0x15ec srvnet - ok
22: 32: 43.0914 0x15ec sscdbus - ok
22: 32: 43.0915 0x15ec sscdmdfl - ok
22: 32: 43.0916 0x15ec sscdmdm - ok
22: 32: 43.0918 0x15ec SSDPSRV - ok
22: 32: 43.0919 0x15ec SstpSvc - ok
22: 32: 43.0921 0x15ec ssudmdm - ok
22:32:43.0922 0x15ec  Steam Client Service - ok
22:32:43.0924 0x15ec  Stereo Service - ok
22: 32: 43.0926 0x15ec stexstor - ok
22: 32: 43.0928 0x15ec stisvc - ok
22: 32: 43.0929 0x15ec storflt - ok
22: 32: 43.0931 0x15ec storvsc - ok
22: 32: 43.0932 0x15ec swenum - ok
22:32:43.0934 0x15ec  SwitchBoard - ok
22: 32: 43.0936 0x15ec swprv - ok
22: 32: 43.0937 0x15ec Synth3dVsc - ok
22: 32: 43.0939 0x15ec SysMain - ok
22: 32: 43.0941 0x15ec TabletInputService - ok
22: 32: 43.0942 0x15ec TapiSrv - ok
22:32:43.0944 0x15ec  TBS - ok
22: 32: 43.0946 0x15ec Tcpip - ok
22: 32: 43.0948 0x15ec Tcpip6 - ok
22: 32: 43.0950 0x15ec tcpipreg - ok
22: 32: 43.0953 0x15ec TDPIPE - ok
22: 32: 43.0955 0x15ec TDTCP - ok
22: 32: 43.0956 0x15ec TDX - ok
22: 32: 43.0958 0x15ec Te.Service - ok
22: 32: 43.0959 0x15ec TermDD - ok
22: 32: 43.0960 0x15ec terminpt - ok
22: 32: 43.0962 0x15ec TermService - ok
22:32:43.0964 0x15ec  Themes - ok
22: 32: 43.0965 0x15ec THREADORDER - ok
22: 32: 43.0967 0x15ec TrkWks - ok
22: 32: 43.0969 0x15ec TrueSight - ok
22: 32: 43.0971 0x15ec TrustedInstaller - ok
22: 32: 43.0973 0x15ec tssecsrv - ok
22: 32: 43.0975 0x15ec TsUsbFlt - ok
22: 32: 43.0977 0x15ec TsUsbGD - ok
22: 32: 43.0978 0x15ec tsusbhub - ok
22:32:43.0980 0x15ec  tunnel - ok
22: 32: 43.0982 0x15ec uagp35 - ok
22: 32: 43.0983 0x15ec udfs - ok
22:32:43.0987 0x15ec  UI0Detect - ok
22: 32: 43.0989 0x15ec uliagpkx - ok
22: 32: 43.0991 0x15ec umbus - ok
22: 32: 43.0993 0x15ec UmPass - ok
22: 32: 43.0995 0x15ec UmRdpService - ok
22: 32: 43.0997 0x15ec upnphost - ok
22: 32: 43.0998 0x15ec USBAAPL64 - ok
22: 32: 44.0000 0x15ec usbaudio - ok
22: 32: 44.0001 0x15ec usbccgp - ok
22: 32: 44.0004 0x15ec usbcir - ok
22: 32: 44.0005 0x15ec usbehci - ok
22: 32: 44.0007 0x15ec usbhub - ok
22: 32: 44.0009 0x15ec usbohci - ok
22: 32: 44.0011 0x15ec usbprint - ok
22: 32: 44.0013 0x15ec USBSTOR - ok
22: 32: 44.0015 0x15ec usbuhci - ok
22: 32: 44.0016 0x15ec usb_rndisx - ok
22: 32: 44.0018 0x15ec UxSms - ok
22: 32: 44.0020 0x15ec VaultSvc - ok
22: 32: 44.0022 0x15ec VBoxDrv - ok
22: 32: 44.0023 0x15ec VBoxNetAdp - ok
22: 32: 44.0026 0x15ec VBoxNetFlt - ok
22: 32: 44.0028 0x15ec VBoxUSBMon - ok
22: 32: 44.0031 0x15ec vdrvroot - ok
22: 32: 44.0033 0x15ec VDS - ok
22:32:44.0035 0x15ec  vga - ok
22: 32: 44.0038 0x15ec VgaSave - ok
22: 32: 44.0040 0x15ec VGPU - ok
22: 32: 44.0041 0x15ec vhdmp - ok
22: 32: 44.0043 0x15ec viaide - ok
22: 32: 44.0045 0x15ec VmbService - ok
22: 32: 44.0046 0x15ec vmbus - ok
22: 32: 44.0048 0x15ec VMBusHID - ok
22: 32: 44.0050 0x15ec volmgr - ok
22: 32: 44.0052 0x15ec volmgrx - ok
22: 32: 44.0054 0x15ec volsnap - ok
22: 32: 44.0055 0x15ec vsmraid - ok
22:32:44.0057 0x15ec  VSS - ok
22: 32: 44.0060 0x15ec vwifibus - ok
22: 32: 44.0061 0x15ec vwififlt - ok
22: 32: 44.0063 0x15ec vwifimp - ok
22: 32: 44.0065 0x15ec W32Time - ok
22: 32: 44.0068 0x15ec WacomPen - ok
22: 32: 44.0070 0x15ec WANARP - ok
22: 32: 44.0072 0x15ec Wanarpv6 - ok
22: 32: 44.0073 0x15ec WatAdminSvc - ok
22: 32: 44.0075 0x15ec wbengine - ok
22: 32: 44.0077 0x15ec WbioSrvc - ok
22: 32: 44.0079 0x15ec WcesComm - ok
22: 32: 44.0081 0x15ec wcncsvc - ok
22: 32: 44.0083 0x15ec WcsPlugInService - ok
22:32:44.0084 0x15ec  Wd - ok
22: 32: 44.0085 0x15ec Wdf01000 - ok
22: 32: 44.0087 0x15ec WdiServiceHost - ok
22: 32: 44.0089 0x15ec WdiSystemHost - ok
22: 32: 44.0092 0x15ec WebClient - ok
22: 32: 44.0094 0x15ec Wecsvc - ok
22: 32: 44.0096 0x15ec wercplsupport - ok
22: 32: 44.0098 0x15ec WerSvc - ok
22: 32: 44.0100 0x15ec WfpLwf - ok
22: 32: 44.0102 0x15ec WIMMount - ok
22: 32: 44.0104 0x15ec WinDefend - ok
22: 32: 44.0109 0x15ec WinHttpAutoProxySvc - ok
22: 32: 44.0111 0x15ec Winmgmt - ok
22: 32: 44.0113 0x15ec WinRM - ok
22: 32: 44.0117 0x15ec WinUsb - ok
22: 32: 44.0119 0x15ec Wlansvc - ok
22: 32: 44.0121 0x15ec WmiAcpi - ok
22: 32: 44.0125 0x15ec wmiApSrv - ok
22: 32: 44.0137 0x15ec WMPNetworkSvc - ok
22: 32: 44.0139 0x15ec WPCSvc - ok
22: 32: 44.0141 0x15ec WPDBusEnum - ok
22: 32: 44.0144 0x15ec ws2ifsl - ok
22: 32: 44.0146 0x15ec wscsvc - ok
22: 32: 44.0148 0x15ec WSearch - ok
22: 32: 44.0151 0x15ec wuauserv - ok
22: 32: 44.0153 0x15ec WudfPf - ok
22: 32: 44.0155 0x15ec WUDFRd - ok
22: 32: 44.0157 0x15ec wudfsvc - ok
22: 32: 44.0159 0x15ec WwanSvc - ok
22:32:44.0249 0x15ec  ================ Scan global ===============================
22:32:44.0249 0x15ec  [ Global ] - ok
22: 32: 44.0249 0x15ec ================ Scan MBR ========================== ========
22: 32: 44.0285 0x15ec [D9ED010585B8E1FA022BC50A72EA116A] \ Device \ Harddisk0 \ DR0
22: 32: 44.0589 0x15ec \ Device \ Harddisk0 \ DR0 - ok
22: 32: 44.0589 0x15ec ================ Scan VBR ========================== ========
22: 32: 44.0590 0x15ec [9CE8FC5094DC58CB76A6A21FC0E773A1] \ Device \ Harddisk0 \ DR0 \ Partition1
22: 32: 44.0590 0x15ec \ Device \ Harddisk0 \ DR0 \ Partition1 - ok
22: 32: 44.0590 0x15ec ================ Scan generically Autorun ======================
22: 32: 44.0590 0x15ec Nvtmru - ok
22: 32: 44.0591 0x15ec RTHDVCPL - ok
22: 32: 44.0591 0x15ec AsioReg - ok
22: 32: 44.0592 0x15ec avgnt - ok
22: 32: 44.0592 0x15ec SunJavaUpdateSched - ok
22:32:44.0593 0x15ec  Remote Control Server - ok
22: 32: 44.0593 0x15ec NVIDIA nTune - ok
22:32:44.0593 0x15ec  Sidebar - ok
22: 32: 44.0594 0x15ec mctadmin - ok
22:32:44.0594 0x15ec  Sidebar - ok
22: 32: 44.0594 0x15ec NVIDIA nTune - ok
22:32:44.0595 0x15ec  Remote Control Server - ok
22: 32: 44.0595 0x15ec mctadmin - ok
22: 32: 44.0595 0x15ec InetReg - ok
22: 32: 44.0602 0x15ec AV sensing via SS2: Avira Desktop, C: \ Program Files (x86) \ Avira \ AntiVir Desktop \ wsctool.exe (14.0.5.376), 0x40000 (disabled: updated)
22:32:44.0606 0x15ec  Win FW state via NFP2: disabled
22:32:46.0977 0x15ec  ============================================================
22:32:46.0977 0x15ec  Scan finished
22:32:46.0977 0x15ec  ============================================================
22: 32: 46.0979 0x15e4 Detected object count: 0
22:32:46.0979 0x15e4  Actual detected object count: 0

And here is the aswMBR scan log:

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-08-14 22:33:59
-----------------------------
22: 33: 59,513 OS Version: 6.1.7601 Service Pack 1 x64 Windows
22:33:59.513    Number of processors: 4 586 0xF0B
22:33:59.516    ComputerName: JOHN-PC  UserName: John
22:34:06.801    Initialize success
22:34:06.875    VM: initialized successfully
22:34:06.880    VM: Intel CPU supported 
22:34:11.121    VM: supported disk I/O ataport.SYS
22: 36: 33,435 Engine avast defs: 14081400
22:36:59.374    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
22: 36: Disk 0 59,376 Vendor: ST2000DM001-1CH164 CC24 Size: 1907729MB BusType: 3
22:36:59.398    Disk 0 MBR read successfully
22: 36: 59,401 Disk 0 MBR scan
22: 36: 59,414 Disk 0 unknown MBR pin
22: 36: Disk 0 Partition 1 59,417 80 (A) 07 HPFS / NTFS 1907727 MB Offset 2048
22: 36: 59,420 0 Boot Disk: ¿? "· Ë? Coded B = 1
22:36:59.457    Disk 0 scanning C:\Windows\system32\drivers
22:36:59.461    Service scanning
22:37:34.597    Modules scanning
22:37:34.942    Disk 0 trace - called modules:
22:37:34.956    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
22: 37: 34.960 1 nt! IofCallDriver -> \ Device \ Harddisk0 \ DR0 [0xfffffa8005983060]
22: 37: 34.965 3 CLASSPNP.SYS [fffff880015a243f] -> nt! IofCallDriver -> [0xfffffa80055b5580]
22: 37: 34.970 5 ACPI.sys [fffff88000f577a1] -> nt! IofCallDriver -> \ Device \ Tip \ IdeDeviceP4T0L0-4 [0xfffffa8005718060]
22:37:38.657    AVAST engine scan C:\Windows
22:37:38.709    AVAST engine scan C:\Windows\system32
22:37:38.717    AVAST engine scan C:\Windows\system32\drivers
22:37:38.723    AVAST engine scan C:\Users\John
22:37:38.729    AVAST engine scan C:\ProgramData
22:37:38.734    Scan finished successfully
22:39:49.761    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
22:39:49.767    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"


And the MBR file is attached.

 

 

I disabled emulation before starting this thread, so no worries for that.

 

Thank you for your help.

 

Attached Files

  • Attached File  MBR.zip   536bytes   0 downloads


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 15 August 2014 - 06:49 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
 
 
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
 
When completed it will create a log. Please post the content on your next reply.
===
 
Please run the ComboFix tool one more time and post the log.
You may be asked to update the tool please do.


#10 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 28 August 2014 - 06:12 PM

Hello,

 

Sorry for the late reply.

 

Please note Windows Firewall was disabled by me temporary.

 

Here is the logs.

 

Rkill:

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2014 12:48:26 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Advanced Explorer Setting Removed:  HideIcons [HKCU]

Backup Registry file created at:
 C:\Users\John\Desktop\rkill\rkill-08-29-2014-12-48-34.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       localhost

Program finished at: 08/29/2014 12:50:04 AM
Execution time: 0 hours(s), 1 minute(s), and 37 seconds(s)

Combofix:

ComboFix 14-08-28.01 - John 29/08/2014   0:55.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.32.1033.18.5119.3417 [GMT 2:00]
Lancé depuis: c:\users\John\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Local\Adobe\gccheck.exe
c:\users\John\AppData\Local\Adobe\gtbcheck.exe
.
---- Exécution préalable -------
.
C:\install.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2014-07-28 au 2014-08-28  ))))))))))))))))))))))))))))))))))))
.
.
2014-08-28 23:05 . 2014-08-28 23:05	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-28 23:05 . 2014-08-28 23:05	--------	d-----w-	c:\users\UpdatusUser.John-PC\AppData\Local\temp
2014-08-28 23:05 . 2014-08-28 23:05	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-08-28 23:05 . 2014-08-28 23:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-26 01:38 . 2014-08-26 01:38	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2014-08-22 01:19 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-08-22 01:19 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-22 01:19 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-22 01:19 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-08-22 01:19 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-08-22 01:19 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-22 01:19 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-08-22 01:19 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-22 01:19 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-08-22 01:19 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-22 01:18 . 2014-05-14 07:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-22 01:18 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-22 01:18 . 2014-05-14 07:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-08-22 01:18 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2014-08-19 20:23 . 2014-08-19 20:23	--------	d-----w-	c:\users\John\AppData\Local\Help
2014-08-18 18:42 . 2014-08-18 18:42	--------	d-----w-	c:\program files\Process Hacker 2
2014-08-13 20:02 . 2014-08-13 20:05	--------	d-----w-	C:\FRST
2014-08-13 19:54 . 2010-08-30 06:34	536576	----a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-13 19:53 . 2014-08-26 01:37	--------	d-----w-	C:\AdwCleaner
2014-08-12 11:36 . 2014-08-26 01:35	--------	d-----w-	c:\users\John\AppData\Local\CrashDumps
2014-08-06 08:05 . 2014-08-06 08:05	29160	----a-w-	c:\windows\SysWow64\drivers\TrueSight.sys
2014-08-06 08:05 . 2014-08-06 08:05	--------	d-----w-	c:\programdata\RogueKiller
2014-08-06 08:02 . 2014-08-06 08:02	--------	d-----w-	c:\users\John\AppData\Roaming\Process Hacker 2
2014-08-06 07:47 . 2014-08-06 07:47	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-08-06 07:47 . 2014-07-25 10:55	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-06 07:42 . 2006-11-01 11:06	215928	----a-w-	C:\pagedfrg.exe
2014-08-01 06:37 . 2014-08-01 06:37	--------	d-----w-	c:\windows\Migration
2014-08-01 06:08 . 2014-03-04 09:47	5550016	----a-w-	c:\windows\system32\ntoskrnl.exe
2014-08-01 06:07 . 2014-06-05 14:45	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-08-01 06:07 . 2014-04-12 02:22	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-08-01 06:07 . 2014-04-12 02:22	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-08-01 06:07 . 2014-06-05 14:26	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-08-01 06:07 . 2014-06-05 14:25	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-08-01 06:07 . 2014-04-12 02:19	29184	----a-w-	c:\windows\system32\sspisrv.dll
2014-08-01 06:07 . 2014-04-12 02:19	136192	----a-w-	c:\windows\system32\sspicli.dll
2014-08-01 06:07 . 2014-04-12 02:19	28160	----a-w-	c:\windows\system32\secur32.dll
2014-08-01 06:07 . 2014-04-12 02:19	31232	----a-w-	c:\windows\system32\lsass.exe
2014-08-01 06:05 . 2014-05-30 06:45	497152	----a-w-	c:\windows\system32\drivers\afd.sys
2014-07-30 18:03 . 2014-07-30 18:04	--------	d-----w-	c:\programdata\Windows App Certification Kit
2014-07-30 18:03 . 2014-07-30 18:03	--------	d-----w-	c:\program files (x86)\Microsoft SDKs
2014-07-30 18:03 . 2014-07-30 18:03	--------	d-----w-	c:\program files\Application Verifier
2014-07-30 18:03 . 2014-07-30 18:03	--------	d-----w-	c:\program files (x86)\Application Verifier
2014-07-30 18:01 . 2014-07-30 18:01	--------	d-----w-	c:\program files (x86)\Windows Kits
2014-07-30 18:01 . 2014-07-30 18:01	--------	d-----w-	c:\program files (x86)\Common Files\Microsoft
2014-07-30 17:50 . 2014-07-30 17:50	--------	d-----w-	C:\Direct
2014-07-30 15:52 . 2014-07-30 18:31	--------	d-----w-	c:\program files (x86)\R.G. Mechanics
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 20:25 . 2014-05-05 16:54	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-06 07:44 . 2013-01-28 21:36	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-06 07:44 . 2013-01-28 21:36	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-24 20:31 . 2013-05-23 01:08	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-03 18:11 . 2013-05-23 01:08	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-26 15:40 . 2014-03-04 21:28	96441528	----a-w-	c:\windows\system32\MRT.exe
2014-06-05 15:59 . 2014-06-22 17:06	353280	----a-w-	c:\windows\system32\ssleay32.dll
2014-06-05 15:59 . 2014-06-22 17:06	353280	----a-w-	c:\windows\system32\libssl32.dll
2014-06-05 15:59 . 2014-06-22 17:06	1649664	----a-w-	c:\windows\system32\libeay32.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiscSpaceChecks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x]
R3 BSMI;BSMI;c:\program files (x86)\Tseries BIOS Update\BSMIx64.sys;c:\program files (x86)\Tseries BIOS Update\BSMIx64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys;c:\windows\SYSNATIVE\DRIVERS\netr6164.sys [x]
R3 rt70x64;ASUS RT2500 USB Wireless LAN Driver for Vista;c:\windows\system32\DRIVERS\netr7064.sys;c:\windows\SYSNATIVE\DRIVERS\netr7064.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 ADUServiceNSRT;ADU Service (Nokia Software Recovery Tool);c:\program files (x86)\Nokia\Nokia Software Recovery Tool\ADUService.exe;c:\program files (x86)\Nokia\Nokia Software Recovery Tool\ADUService.exe [x]
R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R4 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
R4 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R4 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
R4 RunSwUSB;RunSwUSB;c:\windows\runSW.exe;c:\windows\runSW.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R4 VmbService;Service Vodafone Mobile Broadband;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys;c:\windows\SYSNATIVE\Drivers\PGPfsfd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BSMEM;BSMEM;c:\windows\system32\drivers\BSMEM.sys;c:\windows\SYSNATIVE\drivers\BSMEM.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RealtekWlanU;RealtekWlanU;c:\program files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [x]
S2 SensticPocketService;Senstic Pocket Service;c:\program files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe;c:\program files (x86)\Senstic\PocketControl\\SensticPocketServiceWin.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 avshws;Senstic PocketCam;c:\windows\system32\DRIVERS\camsource64.sys;c:\windows\SYSNATIVE\DRIVERS\camsource64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PocketAudio;Senstic PocketAudio (WDM);c:\windows\system32\drivers\senaudio64.sys;c:\windows\SYSNATIVE\drivers\senaudio64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 17:01	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 21:13]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-10-16 17:02	3358064	----a-w-	c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-12-10 17:39	237112	----a-w-	c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"AsioReg"="CTASIO.DLL" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uSearchAssistant = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6DF7DEF3-2443-49B3-9E0F-5314329A8ECE}: NameServer = 81.169.60.107 81.169.60.107
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\wwra9axe.default-1380804052462\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-Remote Control Server - c:\program files (x86)\Remote Control Server\Remote Control Server.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-08-29  01:08:12
ComboFix-quarantined-files.txt  2014-08-28 23:08
ComboFix2.txt  2014-05-05 16:29
ComboFix3.txt  2014-02-20 18:40
ComboFix4.txt  2013-06-19 17:47
.
Avant-CF: 89.792.061.440 bytes free
Après-CF: 89.518.223.360 bytes free
.
- - End Of File - - 207C881BB6C92B9CE4933C2B3390F0E0
D9ED010585B8E1FA022BC50A72EA116A

Thank you again for your help.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 29 August 2014 - 07:04 AM

Has there been any change?

#12 iraffbe

iraffbe
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 29 August 2014 - 10:23 AM

No, the situation is the same.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 29 August 2014 - 12:32 PM

Restore the last Good Configuration.
http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration
<<<>>>

Keep me posted.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 04 September 2014 - 09:06 AM

Are you still with me?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:49 PM

Posted 09 September 2014 - 09:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users