Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit and more


  • This topic is locked This topic is locked
57 replies to this topic

#1 King_Yoshi

King_Yoshi

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 25 July 2012 - 07:57 PM

Due to not knowing the new rules I am repostingthis thread, since I posted it in the wrong section. (I removed as much as I could form the old post.)

This post is broken down into NEW POST and OLD POST!

The new post includes all steps in the preparation guide.
The old post contains an explanation of the problem and all steps I had taken.

Thank you for any and all assistance, it is greatly appreciated.


NEW POST
///////////////////////////////////////////////////////////////////////////////////////////////////////////////


Preperation Guide Steps taken

1. Backup your data. --> Not possible when dealing with ZeroAccess Rootkit, as any attached device will most likely be compromised.
2. Not all slow computers are caused by Malware -->My computer is not slow
3. Create a free account --> To my knowledge this account was registered years ago
4. Enable topic reply notification by default --> Enable
5. Enable a firewall --> Already Running Comodo
6. Disable your CD Emulation Software --> Currently do not have one running
7. Download and Run DDS which will create a log of programs running on your computer --> Attached and Copy and pasted Below
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_31
Run by Yoshi at 20:26:55 on 2012-07-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12279.10229 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Users\Yoshi\AppData\Local\Temp\procexp64.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
uRun: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_S2FD6.tmp" /EF "HKCU"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PlayNC Launcher] 
uRun: [Google Update] "C:\Users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Yoshi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\procexp.lnk - C:\Program Files (x86)\Process Explorer\procexp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: googlecode.com\feedflow
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5B01147E-2BFE-495F-B6BF-476371882F7F} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
IFEO: taskmgr.exe - "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE"
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64:     btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64:     Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
IFEO-X64: taskmgr.exe - "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\a4do6tuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Yoshi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Yoshi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2010-10-21 96896]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-5 44808]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-2-8 8454064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SwOffScheduler;Airytec Switch Off - Task Scheduler;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S2 SwOffWeb;Airytec Switch Off - Web Interface;C:\Program Files\Airytec\Switch Off\swoff.exe -service --> C:\Program Files\Airytec\Switch Off\swoff.exe -service [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-7 113120]
S3 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-7-21 2152152]
.
=============== Created Last 30 ================
.
2012-07-25 19:16:08	--------	d-----w-	C:\FRST
2012-07-25 18:25:31	9133488	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FCA19040-5986-4643-B44E-A2DBAC6A7710}\mpengine.dll
2012-07-25 18:13:42	27256	----a-w-	C:\Windows\System32\drivers\FixZeroAccess.sys
2012-07-20 01:47:45	--------	d-----w-	C:\Users\Yoshi\AppData\Local\Cockatrice
2012-07-18 23:40:39	--------	d-----w-	C:\Users\Yoshi\AppData\Roaming\WizardEventReporter
2012-07-18 23:40:17	--------	d-----w-	C:\Program Files (x86)\Wizards of the Coast
2012-07-18 04:24:13	--------	d-----w-	C:\Users\Yoshi\AppData\Local\4A Games
2012-07-16 17:08:47	--------	d-----w-	C:\Program Files (x86)\TimeBell
2012-07-05 21:24:32	54072	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2012-07-05 19:56:07	--------	d-----w-	C:\Windows\de-DE
2012-07-05 19:56:04	--------	d-----w-	C:\Windows\SysWow64\XPSViewer
2012-07-05 19:56:04	--------	d-----w-	C:\Windows\SysWow64\drivers\UMDF\de-DE
2012-07-05 19:56:04	--------	d-----w-	C:\Windows\SysWow64\drivers\de-DE
2012-07-05 19:56:04	--------	d-----w-	C:\Windows\SysWow64\de
2012-07-05 19:56:04	--------	d-----w-	C:\Windows\SysWow64\0407
2012-07-05 19:56:03	--------	d-----w-	C:\Windows\SysWow64\wbem\de-DE
2012-07-05 19:50:19	1102359	----a-w-	C:\Users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Vistalizator\Vistalizator.exe
2012-07-05 19:39:23	--------	d-----w-	C:\Users\Yoshi\AppData\Local\VirtualStore
2012-07-05 19:19:49	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2012-07-05 19:19:49	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-07-05 19:19:49	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-07-05 19:19:49	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-07-05 19:19:49	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-07-05 19:19:49	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-07-05 19:19:49	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-07-05 19:17:47	308560	----a-w-	C:\Windows\System32\drivers\dlkmd.sys
2012-07-05 19:17:47	15184	----a-w-	C:\Windows\System32\drivers\dlkmdldr.sys
2012-07-05 19:16:38	0	----a-w-	C:\Windows\SysWow64\dlumd9.dll
2012-07-05 19:16:38	0	----a-w-	C:\Windows\SysWow64\dlumd11.dll
2012-07-05 19:16:38	0	----a-w-	C:\Windows\SysWow64\dlumd10.dll
2012-07-05 19:16:38	0	----a-w-	C:\Windows\System32\dlumd9.dll
2012-07-05 19:16:38	0	----a-w-	C:\Windows\System32\dlumd11.dll
2012-07-05 19:16:38	0	----a-w-	C:\Windows\System32\dlumd10.dll
2012-07-05 19:14:54	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-07-05 19:11:23	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-07-05 19:11:21	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-07-05 19:11:20	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-07-05 19:11:20	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-27 15:18:05	--------	d-----w-	C:\Users\Yoshi\AppData\Roaming\Airytec
2012-06-27 15:17:44	--------	d-----w-	C:\Program Files\Airytec
.
==================== Find3M  ====================
.
2012-07-24 17:37:57	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-24 17:37:57	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 19:55:31	2560	----a-w-	C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-07-05 19:55:21	2560	----a-w-	C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-07-05 19:55:20	5632	----a-w-	C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-07-05 19:55:18	51712	----a-w-	C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-07-05 19:55:15	29696	----a-w-	C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-07-05 19:55:15	16896	----a-w-	C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-07-03 17:46:44	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52	958400	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52	71064	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:32	41224	----a-w-	C:\Windows\avastSS.scr
2012-06-25 01:36:48	22	----a-w-	C:\Windows\SysWow64\winStudio.bin
2012-06-10 22:48:00	58880	----a-w-	C:\Windows\System32\ImageSearchDLL_x64.dll
2012-05-31 16:25:12	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31	1188864	----a-w-	C:\Windows\System32\wininet.dll
2012-05-15 03:03:54	981504	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33	3146752	----a-w-	C:\Windows\System32\win32k.sys
2012-05-06 22:27:55	271200	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-06 22:27:55	271200	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2012-05-04 11:06:22	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43	366592	----a-w-	C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20	209920	----a-w-	C:\Windows\System32\profsvc.dll
.
============= FINISH: 20:27:07.59 ===============
8. Create a GMER Log --> I could not "Show All", therefore this step is inclomplete
Below is a screenshot of what I see, where the "Show All" Button is grayed out
Posted Image
9. Create a new malware removal topic and post the DDS logs and the GMER log --> Done
10. What to expect now that you have created your topic --> Currently Waiting




OLD POST
///////////////////////////////////////////////////////////////////////////////////////////////////////////////


This was a very odd incident. I was surfing daileymotion.com and was looking at some of the top videos, when I accidentally mis-clicked on one of the ads.

I was brought to another website, and then immediately noticed that my Network Meter suddenly spiked.
I thought that this was odd, and my suspicions were confirmed when comodo went wild and said that it found a threatening file in the temp directory. I told comodo to block it, as I did not want it conecting to the internet.
Here is a copy of the log from Comodo.

COMODO Firewall - Log Viewer Logs
  	  	
Table
	
:
	
Alerts Displayed
  	  	
Date Created
	
:
	
2012-07-25 17:00:15
  	  	
Records count
	
:
	
3
Date 	Type 	Description 	Advice 	Answered 	Answer 	Flags 	Treat As
2012-07-25 08:36:47  	Antivirus Alert  	TrojWare.Win32.Trojan.Agent.Gen@1  	C:\Users\Yoshi\AppData\Local\Temp\0.3832006294905931  	  	  	  	 
2012-07-25 15:07:28  	Antivirus Alert  	.Heur.Suspicious@1  	C:\Users\Yoshi\Desktop\RogueKiller.exe  	2012-07-25 15:07:34  	Skip Once  	  	 
2012-07-25 15:07:35  	Antivirus Alert  	.Heur.Suspicious@1  	C:\Users\Yoshi\Desktop\RogueKiller.exe  	2012-07-25 15:07:40  	Add To Trusted Files  	  	 
End of The Report

I immediately stopped all traffic through comodo, and then physically unplugged my Ethernet Cable.
(I tend to be super anal about these things, and this infection caught me off gaurd, since it automatically downloaded and installed itself.)

I then restarted the computer in safe mode and ran both Avast and Malwarebytes.
Both seemed to find infections. I then proceded to have Malwarebytes delete the ones it found, restarted the computer, rescanned it with Avast, had Avast delete what it found, and then restarted the computer again. (This time normally)

Malwarebytes 1st Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 8.0.7601.17514
Yoshi :: QUANTUM-C [administrator]

7/25/2012 8:39:30 AM
mbam-log-2012-07-25 (08-39-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 615216
Time elapsed: 1 hour(s), 3 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Microsoft\Windows\DRM\C4D4.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\C4D5.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.

(end)

Avast Log

Posted Image

I ran malwarebytes a second time, just to make sure I actually got rid of the infection, and found that I had not.


Malwarebytes 2nd log
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Yoshi :: QUANTUM-C [administrator]

7/25/2012 3:26:27 PM
mbam-log-2012-07-25 (15-26-27).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224042
Time elapsed:  1 hour(s), 2 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\ProgramData\Microsoft\Windows\DRM\C4D4.tmp.dat (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.
C:\Users\Yoshi\AppData\Local\Temp\C4F5.tmp (Trojan.Agent.EXPD1) -> Quarantined and deleted successfully.

(end)

I then deleted the files a second time and resarted the computer, ran malwarebytes a 3rd time and found that everything seemed clean.
Stupidly thinking I had solved the problem, I plugged my ethernet cable and restored all traffic in comodo.

I immediately see my Network Meter spike again, and then go to investigate and find that there are over 100 connections coming from svchost.exe

At this point I turned off traffic, once again, and unplugged my ethernet cable, pullout out my macbook pro and began to do a bit of research on this rootkit and trojan.

I then ran FileZeroaccess.exe from here: http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99
Restarted my computer and then began to scan my computer using the following steps.

I first put a number of files on a flash drive, ran them on the infected computer and saved a log file for each. They are as follows:

Rogue Killer
[code]RogueKiller V7.6.4 [07/17/2012]  by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Yoshi [Admin rights]
Mode: Scan -- Date: 07/25/2012 15:09:19

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[IFEO] HKLM\[...]\Image File Execution Options : taskmgr.exe ("C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE") -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: INTEL SS DSA2M160G2GC SCSI Disk Device +++++
--- User ---
[MBR] 381581785b4e3cde9e99c4838b23b2d3
[BSP] dc0d2d47e55e4dae45cb5918b51d36ad : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD10 01FALS-40K1B0 SCSI Disk Device +++++
--- User ---
[MBR] 6da8b54965f975592772f516b88a2a10
[BSP] 640c0a10d06da1bc8692c7c7890092b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
[/code]


TDS Killer
[code]
16:27:08.0118 2176	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:27:08.0128 2176	============================================================
16:27:08.0128 2176	Current date / time: 2012/07/25 16:27:08.0128
16:27:08.0128 2176	SystemInfo:
16:27:08.0128 2176	
16:27:08.0128 2176	OS Version: 6.1.7601 ServicePack: 1.0
16:27:08.0128 2176	Product type: Workstation
16:27:08.0128 2176	ComputerName: QUANTUM-C
16:27:08.0128 2176	UserName: Yoshi
16:27:08.0128 2176	Windows directory: C:\Windows
16:27:08.0128 2176	System windows directory: C:\Windows
16:27:08.0128 2176	Running under WOW64
16:27:08.0128 2176	Processor architecture: Intel x64
16:27:08.0128 2176	Number of processors: 12
16:27:08.0128 2176	Page size: 0x1000
16:27:08.0128 2176	Boot type: Normal boot
16:27:08.0128 2176	============================================================
16:27:08.0298 2176	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
16:27:08.0318 2176	Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
16:27:08.0318 2176	Drive \Device\Harddisk2\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:27:08.0318 2176	============================================================
16:27:08.0318 2176	\Device\Harddisk0\DR0:
16:27:08.0318 2176	MBR partitions:
16:27:08.0318 2176	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:27:08.0318 2176	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
16:27:08.0318 2176	\Device\Harddisk1\DR1:
16:27:08.0318 2176	MBR partitions:
16:27:08.0318 2176	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:27:08.0318 2176	\Device\Harddisk2\DR2:
16:27:08.0318 2176	MBR partitions:
16:27:08.0318 2176	\Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
16:27:08.0318 2176	============================================================
16:27:08.0318 2176	C: <-> \Device\Harddisk0\DR0\Partition1
16:27:08.0338 2176	F: <-> \Device\Harddisk1\DR1\Partition0
16:27:08.0338 2176	============================================================
16:27:08.0338 2176	Initialize success
16:27:08.0338 2176	============================================================
16:27:17.0728 4656	============================================================
16:27:17.0728 4656	Scan started
16:27:17.0728 4656	Mode: Manual; SigCheck; TDLFS; 
16:27:17.0728 4656	============================================================
16:27:17.0848 4656	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:27:17.0908 4656	1394ohci - ok
16:27:17.0918 4656	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:27:17.0928 4656	ACPI - ok
16:27:17.0938 4656	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:27:17.0958 4656	AcpiPmi - ok
16:27:17.0968 4656	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:27:17.0988 4656	adp94xx - ok
16:27:17.0988 4656	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:27:18.0008 4656	adpahci - ok
16:27:18.0008 4656	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:27:18.0018 4656	adpu320 - ok
16:27:18.0028 4656	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:27:18.0078 4656	AeLookupSvc - ok
16:27:18.0088 4656	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:27:18.0108 4656	AFD - ok
16:27:18.0108 4656	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:27:18.0118 4656	agp440 - ok
16:27:18.0128 4656	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:27:18.0138 4656	ALG - ok
16:27:18.0138 4656	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:27:18.0148 4656	aliide - ok
16:27:18.0158 4656	AMD External Events Utility (5ec60409bd50953bd4f892b18840039e) C:\Windows\system32\atiesrxx.exe
16:27:18.0178 4656	AMD External Events Utility - ok
16:27:18.0178 4656	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:27:18.0188 4656	amdide - ok
16:27:18.0188 4656	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:27:18.0208 4656	AmdK8 - ok
16:27:18.0438 4656	amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
16:27:18.0548 4656	amdkmdag - ok
16:27:18.0578 4656	amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
16:27:18.0588 4656	amdkmdap - ok
16:27:18.0598 4656	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:27:18.0608 4656	AmdPPM - ok
16:27:18.0608 4656	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:27:18.0618 4656	amdsata - ok
16:27:18.0628 4656	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:27:18.0638 4656	amdsbs - ok
16:27:18.0638 4656	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:27:18.0648 4656	amdxata - ok
16:27:18.0658 4656	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:27:18.0718 4656	AppID - ok
16:27:18.0718 4656	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:27:18.0748 4656	AppIDSvc - ok
16:27:18.0748 4656	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:27:18.0778 4656	Appinfo - ok
16:27:18.0788 4656	Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:27:18.0788 4656	Apple Mobile Device - ok
16:27:18.0798 4656	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:27:18.0808 4656	AppMgmt - ok
16:27:18.0818 4656	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:27:18.0828 4656	arc - ok
16:27:18.0828 4656	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:27:18.0838 4656	arcsas - ok
16:27:18.0858 4656	AsIO            (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
16:27:18.0868 4656	AsIO - ok
16:27:18.0878 4656	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:27:18.0888 4656	aspnet_state - ok
16:27:18.0898 4656	AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
16:27:18.0898 4656	AsSysCtrlService - ok
16:27:18.0908 4656	aswFsBlk        (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
16:27:18.0918 4656	aswFsBlk - ok
16:27:18.0918 4656	aswMonFlt       (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
16:27:18.0928 4656	aswMonFlt - ok
16:27:18.0938 4656	aswRdr          (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
16:27:18.0938 4656	aswRdr - ok
16:27:18.0968 4656	aswSnx          (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
16:27:18.0988 4656	aswSnx - ok
16:27:18.0998 4656	aswSP           (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
16:27:19.0008 4656	aswSP - ok
16:27:19.0008 4656	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:27:19.0028 4656	AsyncMac - ok
16:27:19.0038 4656	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:27:19.0048 4656	atapi - ok
16:27:19.0048 4656	AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
16:27:19.0058 4656	AtiHDAudioService - ok
16:27:19.0078 4656	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:27:19.0108 4656	AudioEndpointBuilder - ok
16:27:19.0108 4656	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:27:19.0128 4656	AudioSrv - ok
16:27:19.0138 4656	avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:27:19.0148 4656	avast! Antivirus - ok
16:27:19.0158 4656	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:27:19.0168 4656	AxInstSV - ok
16:27:19.0178 4656	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:27:19.0198 4656	b06bdrv - ok
16:27:19.0208 4656	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:27:19.0218 4656	b57nd60a - ok
16:27:19.0228 4656	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:27:19.0238 4656	BDESVC - ok
16:27:19.0238 4656	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:27:19.0258 4656	Beep - ok
16:27:19.0278 4656	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:27:19.0308 4656	BFE - ok
16:27:19.0328 4656	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:27:19.0368 4656	BITS - ok
16:27:19.0368 4656	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:27:19.0378 4656	blbdrive - ok
16:27:19.0388 4656	Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:27:19.0398 4656	Bonjour Service - ok
16:27:19.0408 4656	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:27:19.0418 4656	bowser - ok
16:27:19.0418 4656	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:27:19.0438 4656	BrFiltLo - ok
16:27:19.0448 4656	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:27:19.0458 4656	BrFiltUp - ok
16:27:19.0458 4656	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:27:19.0488 4656	Browser - ok
16:27:19.0488 4656	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:27:19.0508 4656	Brserid - ok
16:27:19.0508 4656	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:27:19.0518 4656	BrSerWdm - ok
16:27:19.0518 4656	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:27:19.0538 4656	BrUsbMdm - ok
16:27:19.0538 4656	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:27:19.0548 4656	BrUsbSer - ok
16:27:19.0548 4656	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:27:19.0568 4656	BTHMODEM - ok
16:27:19.0568 4656	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:27:19.0588 4656	bthserv - ok
16:27:19.0598 4656	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:27:19.0618 4656	cdfs - ok
16:27:19.0628 4656	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:27:19.0638 4656	cdrom - ok
16:27:19.0638 4656	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:27:19.0668 4656	CertPropSvc - ok
16:27:19.0668 4656	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:27:19.0678 4656	circlass - ok
16:27:19.0688 4656	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:27:19.0708 4656	CLFS - ok
16:27:19.0708 4656	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:27:19.0718 4656	clr_optimization_v2.0.50727_32 - ok
16:27:19.0728 4656	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:27:19.0738 4656	clr_optimization_v2.0.50727_64 - ok
16:27:19.0748 4656	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:27:19.0768 4656	clr_optimization_v4.0.30319_32 - ok
16:27:19.0778 4656	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:27:19.0788 4656	clr_optimization_v4.0.30319_64 - ok
16:27:19.0788 4656	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:27:19.0798 4656	CmBatt - ok
16:27:19.0858 4656	cmdAgent        (539496faa87062bade23726a8b43d209) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:27:19.0898 4656	cmdAgent - ok
16:27:19.0918 4656	cmdGuard        (0020e6598d80b92e4d8618554c4843ab) C:\Windows\system32\DRIVERS\cmdguard.sys
16:27:19.0928 4656	cmdGuard - ok
16:27:19.0928 4656	cmdHlp          (7a2af19b01bf433c23ac1111610acf84) C:\Windows\system32\DRIVERS\cmdhlp.sys
16:27:19.0938 4656	cmdHlp - ok
16:27:19.0938 4656	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:27:19.0948 4656	cmdide - ok
16:27:19.0958 4656	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:27:19.0978 4656	CNG - ok
16:27:19.0988 4656	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:27:19.0998 4656	Compbatt - ok
16:27:19.0998 4656	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:27:20.0008 4656	CompositeBus - ok
16:27:20.0008 4656	COMSysApp - ok
16:27:20.0018 4656	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:27:20.0018 4656	crcdisk - ok
16:27:20.0028 4656	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:27:20.0048 4656	CryptSvc - ok
16:27:20.0058 4656	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:27:20.0078 4656	CSC - ok
16:27:20.0088 4656	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:27:20.0108 4656	CscService - ok
16:27:20.0118 4656	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:27:20.0148 4656	DcomLaunch - ok
16:27:20.0158 4656	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:27:20.0188 4656	defragsvc - ok
16:27:20.0198 4656	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:27:20.0218 4656	DfsC - ok
16:27:20.0228 4656	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:27:20.0258 4656	Dhcp - ok
16:27:20.0258 4656	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:27:20.0278 4656	discache - ok
16:27:20.0288 4656	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:27:20.0298 4656	Disk - ok
16:27:20.0488 4656	DisplayLinkService (aea3261c88904d71ed9366d5070c8af5) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
16:27:20.0558 4656	DisplayLinkService - ok
16:27:20.0578 4656	DisplayLinkUsbPort (f8a6cc460bf1552c72381274ba51de6b) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys
16:27:20.0598 4656	DisplayLinkUsbPort - ok
16:27:20.0608 4656	dlkmd           (9d73e362e8f96838dac5962ac863e01b) C:\Windows\system32\drivers\dlkmd.sys
16:27:20.0618 4656	dlkmd - ok
16:27:20.0618 4656	dlkmdldr        (5bb5c5ba9898b4d9bf4ea0630bfd478a) C:\Windows\system32\drivers\dlkmdldr.sys
16:27:20.0628 4656	dlkmdldr - ok
16:27:20.0628 4656	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:27:20.0648 4656	Dnscache - ok
16:27:20.0648 4656	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:27:20.0678 4656	dot3svc - ok
16:27:20.0688 4656	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:27:20.0708 4656	DPS - ok
16:27:20.0708 4656	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:27:20.0728 4656	drmkaud - ok
16:27:20.0748 4656	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:27:20.0758 4656	DXGKrnl - ok
16:27:20.0768 4656	e1yexpress      (56f127edf97af8295ffc0fa485f9669c) C:\Windows\system32\DRIVERS\e1y62x64.sys
16:27:20.0778 4656	e1yexpress - ok
16:27:20.0788 4656	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:27:20.0808 4656	EapHost - ok
16:27:20.0888 4656	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:27:20.0928 4656	ebdrv - ok
16:27:20.0948 4656	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:27:20.0958 4656	EFS - ok
16:27:20.0978 4656	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:27:20.0988 4656	ehRecvr - ok
16:27:20.0998 4656	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:27:21.0008 4656	ehSched - ok
16:27:21.0028 4656	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:27:21.0038 4656	elxstor - ok
16:27:21.0038 4656	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:27:21.0048 4656	ErrDev - ok
16:27:21.0068 4656	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:27:21.0098 4656	EventSystem - ok
16:27:21.0098 4656	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:27:21.0128 4656	exfat - ok
16:27:21.0128 4656	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:27:21.0158 4656	fastfat - ok
16:27:21.0178 4656	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:27:21.0188 4656	Fax - ok
16:27:21.0198 4656	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:27:21.0208 4656	fdc - ok
16:27:21.0208 4656	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:27:21.0228 4656	fdPHost - ok
16:27:21.0238 4656	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:27:21.0258 4656	FDResPub - ok
16:27:21.0258 4656	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:27:21.0268 4656	FileInfo - ok
16:27:21.0278 4656	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:27:21.0298 4656	Filetrace - ok
16:27:21.0318 4656	FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:27:21.0328 4656	FLEXnet Licensing Service - ok
16:27:21.0328 4656	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:27:21.0338 4656	flpydisk - ok
16:27:21.0348 4656	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:27:21.0358 4656	FltMgr - ok
16:27:21.0388 4656	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:27:21.0408 4656	FontCache - ok
16:27:21.0418 4656	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:27:21.0418 4656	FontCache3.0.0.0 - ok
16:27:21.0428 4656	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:27:21.0438 4656	FsDepends - ok
16:27:21.0438 4656	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:27:21.0448 4656	Fs_Rec - ok
16:27:21.0458 4656	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:27:21.0468 4656	fvevol - ok
16:27:21.0468 4656	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:27:21.0478 4656	gagp30kx - ok
16:27:21.0488 4656	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:27:21.0488 4656	GEARAspiWDM - ok
16:27:21.0508 4656	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:27:21.0538 4656	gpsvc - ok
16:27:21.0548 4656	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:27:21.0558 4656	hcw85cir - ok
16:27:21.0568 4656	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:27:21.0578 4656	HdAudAddService - ok
16:27:21.0588 4656	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:27:21.0598 4656	HDAudBus - ok
16:27:21.0598 4656	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:27:21.0608 4656	HidBatt - ok
16:27:21.0618 4656	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:27:21.0628 4656	HidBth - ok
16:27:21.0628 4656	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:27:21.0648 4656	HidIr - ok
16:27:21.0648 4656	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:27:21.0668 4656	hidserv - ok
16:27:21.0678 4656	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:27:21.0688 4656	HidUsb - ok
16:27:21.0688 4656	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:27:21.0718 4656	hkmsvc - ok
16:27:21.0718 4656	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:27:21.0738 4656	HomeGroupListener - ok
16:27:21.0738 4656	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:27:21.0758 4656	HomeGroupProvider - ok
16:27:21.0758 4656	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:27:21.0768 4656	HpSAMD - ok
16:27:21.0788 4656	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:27:21.0818 4656	HTTP - ok
16:27:21.0818 4656	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:27:21.0828 4656	hwpolicy - ok
16:27:21.0828 4656	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:27:21.0848 4656	i8042prt - ok
16:27:21.0858 4656	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:27:21.0868 4656	iaStorV - ok
16:27:21.0888 4656	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:27:21.0908 4656	idsvc - ok
16:27:21.0908 4656	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:27:21.0918 4656	iirsp - ok
16:27:21.0938 4656	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:27:21.0978 4656	IKEEXT - ok
16:27:21.0978 4656	inspect         (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\Windows\system32\DRIVERS\inspect.sys
16:27:21.0988 4656	inspect - ok
16:27:22.0038 4656	IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
16:27:22.0058 4656	IntcAzAudAddService - ok
16:27:22.0078 4656	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:27:22.0088 4656	intelide - ok
16:27:22.0088 4656	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:27:22.0108 4656	intelppm - ok
16:27:22.0108 4656	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:27:22.0138 4656	IPBusEnum - ok
16:27:22.0138 4656	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:27:22.0158 4656	IpFilterDriver - ok
16:27:22.0178 4656	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:27:22.0208 4656	iphlpsvc - ok
16:27:22.0208 4656	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:27:22.0218 4656	IPMIDRV - ok
16:27:22.0228 4656	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:27:22.0248 4656	IPNAT - ok
16:27:22.0278 4656	iPod Service    (844b87302d856f8eb32a38c35969734a) C:\Program Files\iPod\bin\iPodService.exe
16:27:22.0288 4656	iPod Service - ok
16:27:22.0298 4656	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:27:22.0308 4656	IRENUM - ok
16:27:22.0308 4656	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:27:22.0318 4656	isapnp - ok
16:27:22.0328 4656	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:27:22.0338 4656	iScsiPrt - ok
16:27:22.0348 4656	JRAID           (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
16:27:22.0358 4656	JRAID - ok
16:27:22.0358 4656	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:27:22.0368 4656	kbdclass - ok
16:27:22.0368 4656	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:27:22.0378 4656	kbdhid - ok
16:27:22.0378 4656	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:22.0388 4656	KeyIso - ok
16:27:22.0398 4656	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:27:22.0408 4656	KSecDD - ok
16:27:22.0408 4656	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:27:22.0418 4656	KSecPkg - ok
16:27:22.0428 4656	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:27:22.0448 4656	ksthunk - ok
16:27:22.0458 4656	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:27:22.0488 4656	KtmRm - ok
16:27:22.0488 4656	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:27:22.0518 4656	LanmanServer - ok
16:27:22.0528 4656	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:27:22.0548 4656	LanmanWorkstation - ok
16:27:22.0598 4656	Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
16:27:22.0628 4656	Lavasoft Ad-Aware Service - ok
16:27:22.0648 4656	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:27:22.0658 4656	Lbd - ok
16:27:22.0658 4656	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
16:27:22.0668 4656	LGBusEnum - ok
16:27:22.0678 4656	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
16:27:22.0678 4656	LGVirHid - ok
16:27:22.0688 4656	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:27:22.0708 4656	lltdio - ok
16:27:22.0718 4656	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:27:22.0748 4656	lltdsvc - ok
16:27:22.0748 4656	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:27:22.0768 4656	lmhosts - ok
16:27:22.0778 4656	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:27:22.0788 4656	LSI_FC - ok
16:27:22.0788 4656	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:27:22.0798 4656	LSI_SAS - ok
16:27:22.0808 4656	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:27:22.0818 4656	LSI_SAS2 - ok
16:27:22.0818 4656	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:27:22.0828 4656	LSI_SCSI - ok
16:27:22.0838 4656	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:27:22.0858 4656	luafv - ok
16:27:22.0868 4656	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:27:22.0878 4656	Mcx2Svc - ok
16:27:22.0878 4656	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:27:22.0888 4656	megasas - ok
16:27:22.0898 4656	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:27:22.0908 4656	MegaSR - ok
16:27:22.0918 4656	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:27:22.0928 4656	Microsoft Office Groove Audit Service - ok
16:27:22.0928 4656	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:27:22.0958 4656	MMCSS - ok
16:27:22.0958 4656	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:27:22.0978 4656	Modem - ok
16:27:22.0988 4656	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:27:22.0998 4656	monitor - ok
16:27:22.0998 4656	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:27:23.0008 4656	mouclass - ok
16:27:23.0008 4656	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:27:23.0028 4656	mouhid - ok
16:27:23.0028 4656	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:27:23.0038 4656	mountmgr - ok
16:27:23.0048 4656	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:27:23.0048 4656	MozillaMaintenance - ok
16:27:23.0058 4656	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:27:23.0068 4656	mpio - ok
16:27:23.0078 4656	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:27:23.0098 4656	mpsdrv - ok
16:27:23.0118 4656	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:27:23.0148 4656	MpsSvc - ok
16:27:23.0158 4656	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:27:23.0168 4656	MRxDAV - ok
16:27:23.0178 4656	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:27:23.0188 4656	mrxsmb - ok
16:27:23.0198 4656	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:27:23.0208 4656	mrxsmb10 - ok
16:27:23.0218 4656	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:27:23.0228 4656	mrxsmb20 - ok
16:27:23.0228 4656	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:27:23.0238 4656	msahci - ok
16:27:23.0238 4656	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:27:23.0248 4656	msdsm - ok
16:27:23.0258 4656	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:27:23.0268 4656	MSDTC - ok
16:27:23.0278 4656	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:27:23.0298 4656	Msfs - ok
16:27:23.0298 4656	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:27:23.0328 4656	mshidkmdf - ok
16:27:23.0328 4656	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:27:23.0338 4656	msisadrv - ok
16:27:23.0338 4656	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:27:23.0368 4656	MSiSCSI - ok
16:27:23.0368 4656	msiserver - ok
16:27:23.0368 4656	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:27:23.0398 4656	MSKSSRV - ok
16:27:23.0398 4656	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:27:23.0418 4656	MSPCLOCK - ok
16:27:23.0418 4656	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:27:23.0448 4656	MSPQM - ok
16:27:23.0458 4656	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:27:23.0468 4656	MsRPC - ok
16:27:23.0478 4656	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:27:23.0478 4656	mssmbios - ok
16:27:23.0488 4656	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:27:23.0508 4656	MSTEE - ok
16:27:23.0508 4656	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:27:23.0518 4656	MTConfig - ok
16:27:23.0528 4656	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
16:27:23.0528 4656	MTsensor - ok
16:27:23.0538 4656	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:27:23.0548 4656	Mup - ok
16:27:23.0548 4656	mv91xx          (8db5861a8db19abaf430fcd001ef5e93) C:\Windows\system32\DRIVERS\mv91xx.sys
16:27:23.0558 4656	mv91xx - ok
16:27:23.0568 4656	NAL             (091127e892a86a8376909ac1aff59563) C:\Windows\system32\Drivers\iqvw64e.sys
16:27:23.0578 4656	NAL - ok
16:27:23.0588 4656	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:27:23.0618 4656	napagent - ok
16:27:23.0628 4656	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:27:23.0648 4656	NativeWifiP - ok
16:27:23.0668 4656	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:27:23.0688 4656	NDIS - ok
16:27:23.0688 4656	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:27:23.0718 4656	NdisCap - ok
16:27:23.0718 4656	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:27:23.0748 4656	NdisTapi - ok
16:27:23.0748 4656	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:27:23.0768 4656	Ndisuio - ok
16:27:23.0778 4656	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:27:23.0798 4656	NdisWan - ok
16:27:23.0808 4656	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:27:23.0828 4656	NDProxy - ok
16:27:23.0828 4656	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:27:23.0858 4656	NetBIOS - ok
16:27:23.0858 4656	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:27:23.0888 4656	NetBT - ok
16:27:23.0888 4656	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:23.0898 4656	Netlogon - ok
16:27:23.0908 4656	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:27:23.0938 4656	Netman - ok
16:27:23.0948 4656	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:27:23.0958 4656	NetMsmqActivator - ok
16:27:23.0968 4656	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:27:23.0968 4656	NetPipeActivator - ok
16:27:23.0988 4656	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:27:24.0018 4656	netprofm - ok
16:27:24.0018 4656	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:27:24.0028 4656	NetTcpActivator - ok
16:27:24.0028 4656	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:27:24.0038 4656	NetTcpPortSharing - ok
16:27:24.0038 4656	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:27:24.0048 4656	nfrd960 - ok
16:27:24.0058 4656	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:27:24.0088 4656	NlaSvc - ok
16:27:24.0088 4656	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:27:24.0118 4656	Npfs - ok
16:27:24.0118 4656	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:27:24.0138 4656	nsi - ok
16:27:24.0148 4656	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:27:24.0168 4656	nsiproxy - ok
16:27:24.0208 4656	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:27:24.0238 4656	Ntfs - ok
16:27:24.0258 4656	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:27:24.0278 4656	Null - ok
16:27:24.0278 4656	nusb3hub        (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:27:24.0288 4656	nusb3hub - ok
16:27:24.0298 4656	nusb3xhc        (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:27:24.0308 4656	nusb3xhc - ok
16:27:24.0318 4656	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
16:27:24.0328 4656	NVHDA - ok
16:27:24.0608 4656	nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:27:24.0728 4656	nvlddmkm - ok
16:27:24.0748 4656	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:27:24.0758 4656	nvraid - ok
16:27:24.0768 4656	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:27:24.0778 4656	nvstor - ok
16:27:24.0808 4656	nvsvc           (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
16:27:24.0838 4656	nvsvc - ok
16:27:24.0888 4656	nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:27:24.0928 4656	nvUpdatusService - ok
16:27:24.0948 4656	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:27:24.0958 4656	nv_agp - ok
16:27:24.0978 4656	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:27:24.0988 4656	odserv - ok
16:27:24.0988 4656	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:27:25.0008 4656	ohci1394 - ok
16:27:25.0008 4656	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:27:25.0018 4656	ose - ok
16:27:25.0028 4656	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:27:25.0048 4656	p2pimsvc - ok
16:27:25.0058 4656	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:27:25.0078 4656	p2psvc - ok
16:27:25.0078 4656	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:27:25.0088 4656	Parport - ok
16:27:25.0098 4656	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:27:25.0108 4656	partmgr - ok
16:27:25.0108 4656	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:27:25.0128 4656	PcaSvc - ok
16:27:25.0138 4656	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:27:25.0148 4656	pci - ok
16:27:25.0148 4656	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:27:25.0158 4656	pciide - ok
16:27:25.0158 4656	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:27:25.0178 4656	pcmcia - ok
16:27:25.0178 4656	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:27:25.0188 4656	pcw - ok
16:27:25.0198 4656	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:27:25.0228 4656	PEAUTH - ok
16:27:25.0258 4656	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:27:25.0288 4656	PeerDistSvc - ok
16:27:25.0308 4656	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:27:25.0318 4656	PerfHost - ok
16:27:25.0368 4656	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:27:25.0408 4656	pla - ok
16:27:25.0418 4656	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:27:25.0428 4656	PlugPlay - ok
16:27:25.0438 4656	PnkBstrA - ok
16:27:25.0438 4656	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:27:25.0448 4656	PNRPAutoReg - ok
16:27:25.0458 4656	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:27:25.0468 4656	PNRPsvc - ok
16:27:25.0488 4656	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:27:25.0508 4656	PolicyAgent - ok
16:27:25.0518 4656	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:27:25.0548 4656	Power - ok
16:27:25.0558 4656	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:27:25.0578 4656	PptpMiniport - ok
16:27:25.0578 4656	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:27:25.0598 4656	Processor - ok
16:27:25.0598 4656	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:27:25.0618 4656	ProfSvc - ok
16:27:25.0618 4656	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:25.0628 4656	ProtectedStorage - ok
16:27:25.0628 4656	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:27:25.0658 4656	Psched - ok
16:27:25.0688 4656	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:27:25.0718 4656	ql2300 - ok
16:27:25.0738 4656	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:27:25.0748 4656	ql40xx - ok
16:27:25.0758 4656	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:27:25.0778 4656	QWAVE - ok
16:27:25.0778 4656	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:27:25.0788 4656	QWAVEdrv - ok
16:27:25.0798 4656	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:27:25.0818 4656	RasAcd - ok
16:27:25.0818 4656	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:27:25.0848 4656	RasAgileVpn - ok
16:27:25.0848 4656	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:27:25.0878 4656	RasAuto - ok
16:27:25.0878 4656	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:27:25.0908 4656	Rasl2tp - ok
16:27:25.0918 4656	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:27:25.0938 4656	RasMan - ok
16:27:25.0948 4656	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:27:25.0968 4656	RasPppoe - ok
16:27:25.0978 4656	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:27:25.0998 4656	RasSstp - ok
16:27:26.0008 4656	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:27:26.0038 4656	rdbss - ok
16:27:26.0048 4656	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:27:26.0058 4656	rdpbus - ok
16:27:26.0068 4656	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:27:26.0088 4656	RDPCDD - ok
16:27:26.0098 4656	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:27:26.0108 4656	RDPDR - ok
16:27:26.0108 4656	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:27:26.0128 4656	RDPENCDD - ok
16:27:26.0138 4656	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:27:26.0158 4656	RDPREFMP - ok
16:27:26.0168 4656	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:27:26.0178 4656	RDPWD - ok
16:27:26.0188 4656	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:27:26.0198 4656	rdyboost - ok
16:27:26.0198 4656	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:27:26.0228 4656	RemoteAccess - ok
16:27:26.0228 4656	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:27:26.0258 4656	RemoteRegistry - ok
16:27:26.0268 4656	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:27:26.0288 4656	RpcEptMapper - ok
16:27:26.0288 4656	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:27:26.0298 4656	RpcLocator - ok
16:27:26.0318 4656	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:27:26.0338 4656	RpcSs - ok
16:27:26.0348 4656	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:27:26.0368 4656	rspndr - ok
16:27:26.0378 4656	RTCore64        (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
16:27:26.0388 4656	RTCore64 - ok
16:27:26.0388 4656	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:27:26.0398 4656	s3cap - ok
16:27:26.0398 4656	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:26.0408 4656	SamSs - ok
16:27:26.0418 4656	SbieDrv         (495588414f5c62c333f1a69e17e5fb9f) C:\Program Files\Sandboxie\SbieDrv.sys
16:27:26.0438 4656	SbieDrv - ok
16:27:26.0438 4656	SbieSvc         (099007b7a80e1917ffa110ce7785a3c9) C:\Program Files\Sandboxie\SbieSvc.exe
16:27:26.0448 4656	SbieSvc - ok
16:27:26.0458 4656	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:27:26.0468 4656	sbp2port - ok
16:27:26.0468 4656	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:27:26.0498 4656	SCardSvr - ok
16:27:26.0498 4656	SCDEmu          (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
16:27:26.0508 4656	SCDEmu - ok
16:27:26.0518 4656	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:27:26.0538 4656	scfilter - ok
16:27:26.0558 4656	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:27:26.0598 4656	Schedule - ok
16:27:26.0598 4656	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:27:26.0628 4656	SCPolicySvc - ok
16:27:26.0628 4656	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:27:26.0648 4656	SDRSVC - ok
16:27:26.0648 4656	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:27:26.0668 4656	secdrv - ok
16:27:26.0678 4656	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:27:26.0698 4656	seclogon - ok
16:27:26.0708 4656	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:27:26.0728 4656	SENS - ok
16:27:26.0738 4656	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:27:26.0748 4656	SensrSvc - ok
16:27:26.0748 4656	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:27:26.0758 4656	Serenum - ok
16:27:26.0758 4656	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:27:26.0778 4656	Serial - ok
16:27:26.0778 4656	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:27:26.0788 4656	sermouse - ok
16:27:26.0798 4656	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:27:26.0818 4656	SessionEnv - ok
16:27:26.0828 4656	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:27:26.0838 4656	sffdisk - ok
16:27:26.0838 4656	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:27:26.0848 4656	sffp_mmc - ok
16:27:26.0848 4656	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:27:26.0858 4656	sffp_sd - ok
16:27:26.0868 4656	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:27:26.0878 4656	sfloppy - ok
16:27:26.0888 4656	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:27:26.0908 4656	SharedAccess - ok
16:27:26.0918 4656	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:27:26.0948 4656	ShellHWDetection - ok
16:27:26.0958 4656	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:27:26.0968 4656	SiSRaid2 - ok
16:27:26.0968 4656	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:27:26.0978 4656	SiSRaid4 - ok
16:27:26.0988 4656	SmartDefragDriver (94ce7845af6a2065b829e0126cd56236) C:\Windows\system32\Drivers\SmartDefragDriver.sys
16:27:26.0988 4656	SmartDefragDriver - ok
16:27:26.0998 4656	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:27:27.0028 4656	Smb - ok
16:27:27.0028 4656	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:27:27.0038 4656	SNMPTRAP - ok
16:27:27.0048 4656	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:27:27.0048 4656	spldr - ok
16:27:27.0068 4656	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:27:27.0098 4656	Spooler - ok
16:27:27.0168 4656	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:27:27.0208 4656	sppsvc - ok
16:27:27.0228 4656	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:27:27.0248 4656	sppuinotify - ok
16:27:27.0268 4656	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:27:27.0278 4656	srv - ok
16:27:27.0288 4656	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:27:27.0308 4656	srv2 - ok
16:27:27.0318 4656	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:27:27.0328 4656	srvnet - ok
16:27:27.0328 4656	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:27:27.0358 4656	SSDPSRV - ok
16:27:27.0368 4656	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:27:27.0388 4656	SstpSvc - ok
16:27:27.0398 4656	Steam Client Service - ok
16:27:27.0398 4656	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:27:27.0408 4656	stexstor - ok
16:27:27.0418 4656	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:27:27.0438 4656	stisvc - ok
16:27:27.0448 4656	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:27:27.0458 4656	storflt - ok
16:27:27.0458 4656	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:27:27.0468 4656	StorSvc - ok
16:27:27.0478 4656	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:27:27.0478 4656	storvsc - ok
16:27:27.0488 4656	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:27:27.0498 4656	swenum - ok
16:27:27.0498 4656	SwOffScheduler - ok
16:27:27.0498 4656	SwOffWeb - ok
16:27:27.0518 4656	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:27:27.0548 4656	swprv - ok
16:27:27.0588 4656	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:27:27.0618 4656	SysMain - ok
16:27:27.0638 4656	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:27:27.0658 4656	TabletInputService - ok
16:27:27.0668 4656	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:27:27.0698 4656	TapiSrv - ok
16:27:27.0698 4656	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:27:27.0718 4656	TBS - ok
16:27:27.0768 4656	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:27:27.0808 4656	Tcpip - ok
16:27:27.0878 4656	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:27:27.0908 4656	TCPIP6 - ok
16:27:27.0928 4656	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:27:27.0948 4656	tcpipreg - ok
16:27:27.0958 4656	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:27:27.0968 4656	TDPIPE - ok
16:27:27.0968 4656	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:27:27.0978 4656	TDTCP - ok
16:27:27.0978 4656	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:27:28.0008 4656	tdx - ok
16:27:28.0008 4656	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:27:28.0018 4656	TermDD - ok
16:27:28.0038 4656	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:27:28.0068 4656	TermService - ok
16:27:28.0068 4656	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:27:28.0088 4656	Themes - ok
16:27:28.0088 4656	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:27:28.0108 4656	THREADORDER - ok
16:27:28.0118 4656	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:27:28.0148 4656	TrkWks - ok
16:27:28.0148 4656	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:27:28.0178 4656	TrustedInstaller - ok
16:27:28.0178 4656	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:27:28.0208 4656	tssecsrv - ok
16:27:28.0208 4656	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:27:28.0218 4656	TsUsbFlt - ok
16:27:28.0228 4656	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:27:28.0258 4656	tunnel - ok
16:27:28.0258 4656	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:27:28.0268 4656	uagp35 - ok
16:27:28.0278 4656	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:27:28.0298 4656	udfs - ok
16:27:28.0308 4656	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:27:28.0318 4656	UI0Detect - ok
16:27:28.0328 4656	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:27:28.0338 4656	uliagpkx - ok
16:27:28.0338 4656	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:27:28.0348 4656	umbus - ok
16:27:28.0348 4656	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:27:28.0358 4656	UmPass - ok
16:27:28.0368 4656	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:27:28.0378 4656	UmRdpService - ok
16:27:28.0388 4656	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:27:28.0418 4656	upnphost - ok
16:27:28.0428 4656	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
16:27:28.0438 4656	USBAAPL64 - ok
16:27:28.0438 4656	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:27:28.0458 4656	usbaudio - ok
16:27:28.0458 4656	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:27:28.0468 4656	usbccgp - ok
16:27:28.0478 4656	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:27:28.0488 4656	usbcir - ok
16:27:28.0488 4656	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:27:28.0498 4656	usbehci - ok
16:27:28.0508 4656	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:27:28.0528 4656	usbhub - ok
16:27:28.0528 4656	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:27:28.0538 4656	usbohci - ok
16:27:28.0538 4656	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:27:28.0548 4656	usbprint - ok
16:27:28.0558 4656	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:27:28.0568 4656	usbscan - ok
16:27:28.0568 4656	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:27:28.0588 4656	USBSTOR - ok
16:27:28.0588 4656	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:27:28.0598 4656	usbuhci - ok
16:27:28.0598 4656	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:27:28.0628 4656	UxSms - ok
16:27:28.0628 4656	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:27:28.0638 4656	VaultSvc - ok
16:27:28.0638 4656	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:27:28.0648 4656	vdrvroot - ok
16:27:28.0658 4656	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:27:28.0698 4656	vds - ok
16:27:28.0698 4656	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:27:28.0708 4656	vga - ok
16:27:28.0718 4656	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:27:28.0738 4656	VgaSave - ok
16:27:28.0748 4656	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:27:28.0758 4656	vhdmp - ok
16:27:28.0758 4656	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:27:28.0768 4656	viaide - ok
16:27:28.0778 4656	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:27:28.0788 4656	vmbus - ok
16:27:28.0788 4656	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:27:28.0798 4656	VMBusHID - ok
16:27:28.0798 4656	vmci - ok
16:27:28.0808 4656	VMnetAdapter - ok
16:27:28.0808 4656	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:27:28.0818 4656	volmgr - ok
16:27:28.0828 4656	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:27:28.0838 4656	volmgrx - ok
16:27:28.0848 4656	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:27:28.0868 4656	volsnap - ok
16:27:28.0868 4656	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:27:28.0878 4656	vsmraid - ok
16:27:28.0918 4656	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:27:28.0958 4656	VSS - ok
16:27:28.0978 4656	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:27:28.0988 4656	vwifibus - ok
16:27:28.0998 4656	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:27:29.0028 4656	W32Time - ok
16:27:29.0038 4656	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:27:29.0048 4656	WacomPen - ok
16:27:29.0048 4656	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:29.0078 4656	WANARP - ok
16:27:29.0078 4656	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:27:29.0098 4656	Wanarpv6 - ok
16:27:29.0128 4656	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:27:29.0148 4656	WatAdminSvc - ok
16:27:29.0188 4656	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:27:29.0218 4656	wbengine - ok
16:27:29.0238 4656	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:27:29.0258 4656	WbioSrvc - ok
16:27:29.0268 4656	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:27:29.0288 4656	wcncsvc - ok
16:27:29.0288 4656	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:27:29.0298 4656	WcsPlugInService - ok
16:27:29.0308 4656	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:27:29.0318 4656	Wd - ok
16:27:29.0328 4656	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:27:29.0348 4656	Wdf01000 - ok
16:27:29.0348 4656	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:27:29.0368 4656	WdiServiceHost - ok
16:27:29.0368 4656	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:27:29.0388 4656	WdiSystemHost - ok
16:27:29.0388 4656	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:27:29.0408 4656	WebClient - ok
16:27:29.0418 4656	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:27:29.0448 4656	Wecsvc - ok
16:27:29.0448 4656	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:27:29.0478 4656	wercplsupport - ok
16:27:29.0478 4656	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:27:29.0508 4656	WerSvc - ok
16:27:29.0508 4656	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:27:29.0538 4656	WfpLwf - ok
16:27:29.0538 4656	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:27:29.0548 4656	WIMMount - ok
16:27:29.0548 4656	WinDefend - ok
16:27:29.0558 4656	WinHttpAutoProxySvc - ok
16:27:29.0568 4656	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:27:29.0588 4656	Winmgmt - ok
16:27:29.0638 4656	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:27:29.0698 4656	WinRM - ok
16:27:29.0718 4656	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:27:29.0728 4656	WinUsb - ok
16:27:29.0748 4656	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:27:29.0778 4656	Wlansvc - ok
16:27:29.0778 4656	WmBEnum         (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
16:27:29.0788 4656	WmBEnum - ok
16:27:29.0788 4656	WmFilter        (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
16:27:29.0798 4656	WmFilter - ok
16:27:29.0808 4656	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:27:29.0818 4656	WmiAcpi - ok
16:27:29.0828 4656	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:27:29.0838 4656	wmiApSrv - ok
16:27:29.0838 4656	WMPNetworkSvc - ok
16:27:29.0848 4656	WmVirHid        (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
16:27:29.0848 4656	WmVirHid - ok
16:27:29.0858 4656	WmXlCore        (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
16:27:29.0868 4656	WmXlCore - ok
16:27:29.0868 4656	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:27:29.0878 4656	WPCSvc - ok
16:27:29.0888 4656	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:27:29.0898 4656	WPDBusEnum - ok
16:27:29.0898 4656	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:27:29.0928 4656	ws2ifsl - ok
16:27:29.0928 4656	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:27:29.0948 4656	wscsvc - ok
16:27:29.0948 4656	WSearch - ok
16:27:30.0008 4656	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:27:30.0058 4656	wuauserv - ok
16:27:30.0078 4656	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:27:30.0098 4656	WudfPf - ok
16:27:30.0108 4656	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:27:30.0128 4656	WUDFRd - ok
16:27:30.0138 4656	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:27:30.0158 4656	wudfsvc - ok
16:27:30.0168 4656	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:27:30.0188 4656	WwanSvc - ok
16:27:30.0188 4656	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:27:30.0248 4656	\Device\Harddisk0\DR0 - ok
16:27:30.0268 4656	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:27:30.0338 4656	\Device\Harddisk1\DR1 - ok
16:27:30.0348 4656	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
16:27:30.0448 4656	\Device\Harddisk2\DR2 - ok
16:27:30.0448 4656	Boot (0x1200)   (6d75b0161ed635861de271714a50ebf3) \Device\Harddisk0\DR0\Partition0
16:27:30.0448 4656	\Device\Harddisk0\DR0\Partition0 - ok
16:27:30.0458 4656	Boot (0x1200)   (db04f43de79e3e4520bee111daa48ee5) \Device\Harddisk0\DR0\Partition1
16:27:30.0458 4656	\Device\Harddisk0\DR0\Partition1 - ok
16:27:30.0488 4656	Boot (0x1200)   (2defcdbd6f6ecebaef6e406bb0acbae7) \Device\Harddisk1\DR1\Partition0
16:27:30.0488 4656	\Device\Harddisk1\DR1\Partition0 - ok
16:27:30.0498 4656	Boot (0x1200)   (825173eb5c20f58924d00cc0652c64a4) \Device\Harddisk2\DR2\Partition0
16:27:30.0498 4656	\Device\Harddisk2\DR2\Partition0 - ok
16:27:30.0498 4656	============================================================
16:27:30.0498 4656	Scan finished
16:27:30.0498 4656	============================================================
16:27:30.0508 2536	Detected object count: 0
16:27:30.0508 2536	Actual detected object count: 0
[/code]

ASMBR
[code]aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 16:44:09
-----------------------------
16:44:09.508    OS Version: Windows x64 6.1.7601 Service Pack 1
16:44:09.508    Number of processors: 12 586 0x2C02
16:44:09.508    ComputerName: QUANTUM-C  UserName: Yoshi
16:44:09.638    Initialize success
16:44:12.378    AVAST engine defs: 12072500
16:44:27.748    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0
16:44:27.748    Disk 0 Vendor: INTEL_SS 2CV1 Size: 152627MB BusType: 11
16:44:27.748    Disk 1  \Device\Harddisk1\DR1 -> \Device\Scsi\mv91xx1Port5Path0Target1Lun0
16:44:27.748    Disk 1 Vendor: WDC_WD10 08.0 Size: 953869MB BusType: 11
16:44:27.758    Disk 0 MBR read successfully
16:44:27.758    Disk 0 MBR scan
16:44:27.758    Disk 0 Windows 7 default MBR code
16:44:27.758    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:44:27.758    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       152525 MB offset 206848
16:44:27.768    Disk 0 scanning C:\Windows\system32\drivers
16:44:28.748    Service scanning
16:44:31.558    Modules scanning
16:44:31.558    Disk 0 trace - called modules:
16:44:31.568    ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll mv91xx.sys 
16:44:31.578    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a788790]
16:44:31.578    3 CLASSPNP.SYS[fffff88001bc943f] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port5Path0Target0Lun0[0xfffffa800a3a3050]
16:44:31.708    AVAST engine scan C:\Windows
16:44:31.958    AVAST engine scan C:\Windows\system32
16:44:56.718    AVAST engine scan C:\Windows\system32\drivers
16:44:58.238    AVAST engine scan C:\Users\Yoshi
16:46:13.688    AVAST engine scan C:\ProgramData
16:46:35.798    Scan finished successfully
16:47:39.798    Disk 0 MBR has been saved successfully to "G:\MBR.dat"
16:47:39.818    The log file has been saved successfully to "G:\aswMBR.txt"[/code]




Then I restarted my computer and used the System Recovery Options to run Farbar Recovery Scanner, through the command prompt.

Farbar Recovery Scanner log
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 25-07-2012 15:48:26
Running from H:\
Windows 7 Professional   (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9048392 2012-02-01] (COMODO)
HKLM\...\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2010-07-29] (IvoSoft)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-28] (Realtek Semiconductor)
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Yoshi\...\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_S2FD6.tmp" /EF "HKCU" [209408 2007-02-15] (SEIKO EPSON CORPORATION)
HKU\Yoshi\...\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" [694032 2012-06-16] (SANDBOXIE L.T.D)
HKU\Yoshi\...\Run: [PlayNC Launcher]  [x]
HKU\Yoshi\...\Run: [Google Update] "C:\Users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-04] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs:     C:\Windows\system32\guard64.dll
IMEO\taskmgr.exe: [Debugger] "C:\PROGRAM FILES\PROCESS EXPLORER\PROCEXP.EXE"
Startup: C:\Users\Yoshi\Start Menu\Programs\Startup\procexp.lnk
ShortcutTarget: procexp.lnk -> C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)

==================== Services (Whitelisted) ======

2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2528096 2012-02-01] (COMODO)
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [8454064 2012-02-08] (DisplayLink Corp.)
4 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-27] ()
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [98576 2012-06-16] (SANDBOXIE L.T.D)
2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe -service [173056 2011-05-28] (Airytec)
2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe -service [173056 2011-05-28] (Airytec)

========================== Drivers (Whitelisted) =============

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2010-04-22] ()
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [252344 2012-02-01] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [41712 2012-02-01] (COMODO)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [17408 2012-02-08] (http://libusb-win32.sourceforge.net)
3 dlkmd; C:\Windows\System32\Drivers\dlkmd.sys [308560 2012-02-08] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\Drivers\dlkmdldr.sys [15184 2012-02-08] (DisplayLink Corp.)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [92688 2012-02-01] (COMODO)
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-07-21] (Lavasoft AB)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 NAL; \??\C:\Windows\system32\Drivers\iqvw64e.sys [34472 2009-12-02] (Intel Corporation )
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [166576 2012-06-16] (SANDBOXIE L.T.D)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
3 W32iptw;  [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-25 11:11 - 2012-07-25 11:11 - 02117108 ____A C:\Users\Yoshi\Desktop\tdsskiller.zip
2012-07-25 11:07 - 2012-07-25 11:07 - 00000000 ____D C:\Users\Yoshi\Desktop\RK_Quarantine
2012-07-25 11:06 - 2012-07-25 11:06 - 01438391 ____A (Farbar) C:\Users\Yoshi\Desktop\FRST64.exe
2012-07-25 10:13 - 2012-07-25 10:13 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-25 10:10 - 2012-07-25 11:34 - 00036673 ____A C:\Windows\WindowsUpdate.log
2012-07-25 10:10 - 2012-07-25 11:23 - 00000280 ____A C:\Windows\setupact.log
2012-07-25 10:10 - 2012-07-25 10:10 - 00000802 ____A C:\Windows\PFRO.log
2012-07-25 10:10 - 2012-07-25 10:10 - 00000000 ____A C:\Windows\setuperr.log
2012-07-25 04:38 - 2012-07-25 04:42 - 00000000 ____D C:\Windows\Minidump
2012-07-23 05:43 - 2012-07-23 05:43 - 00000068 ____A C:\Users\Yoshi\Desktop\Darker colors in Diablo 3 (Direct3D filter) darkd3.com - YouTube.URL
2012-07-19 17:47 - 2012-07-19 17:47 - 00000000 ____D C:\Users\Yoshi\AppData\Local\Cockatrice
2012-07-19 13:52 - 2012-07-19 13:52 - 00000000 ____D C:\Users\Yoshi\Desktop\Unid Item ID
2012-07-19 12:31 - 2012-07-19 15:32 - 00000000 ____D C:\Users\Yoshi\Desktop\Mehdi Logo
2012-07-18 15:52 - 2012-07-18 15:56 - 00000000 ____D C:\Users\Yoshi\Desktop\MTG Tournament Draft
2012-07-18 15:40 - 2012-07-18 15:40 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\WizardEventReporter
2012-07-18 15:40 - 2012-07-18 15:40 - 00000000 ____D C:\Program Files (x86)\Wizards of the Coast
2012-07-17 20:27 - 2012-07-17 20:27 - 00000000 ____D C:\Users\Yoshi\Documents\4A Games
2012-07-17 20:24 - 2012-07-17 20:24 - 00000000 ____D C:\Users\Yoshi\AppData\Local\4A Games
2012-07-16 09:08 - 2012-07-16 09:08 - 00000000 ____D C:\Program Files (x86)\TimeBell
2012-07-14 17:54 - 2012-07-14 19:03 - 00000809 ____A C:\Users\Yoshi\Desktop\PixelSearch.au3
2012-07-08 15:02 - 2012-07-08 15:02 - 00000082 ____A C:\Users\Yoshi\Desktop\Diablo 3 Mechanics Compendium - IMPORTANT.URL
2012-07-07 18:12 - 2012-07-07 18:12 - 00000115 ____A C:\Users\Yoshi\Desktop\Diablo 3 - Dupe 1.0.3 - YouTube.URL
2012-07-05 13:24 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-05 11:56 - 2012-07-25 11:29 - 00697364 ____A C:\Windows\System32\perfh007.dat
2012-07-05 11:56 - 2012-07-25 11:29 - 00148428 ____A C:\Windows\System32\perfc007.dat
2012-07-05 11:56 - 2012-07-05 11:56 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-07-05 11:56 - 2012-07-05 11:56 - 00000000 ____D C:\Windows\SysWOW64\de
2012-07-05 11:56 - 2012-07-05 11:56 - 00000000 ____D C:\Windows\SysWOW64\0407
2012-07-05 11:56 - 2012-07-05 11:55 - 00295922 ____A C:\Windows\System32\perfi007.dat
2012-07-05 11:56 - 2012-07-05 11:55 - 00038104 ____A C:\Windows\System32\perfd007.dat
2012-07-05 11:55 - 2012-07-05 11:55 - 00000000 ____D C:\Windows\System32\de
2012-07-05 11:55 - 2012-07-05 11:55 - 00000000 ____D C:\Windows\System32\0407
2012-07-05 11:39 - 2012-07-16 17:48 - 00000000 ____D C:\Users\Yoshi\AppData\Local\VirtualStore
2012-07-05 11:19 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-07-05 11:19 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-07-05 11:19 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-07-05 11:19 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-07-05 11:19 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-07-05 11:19 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-07-05 11:19 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-07-05 11:17 - 2012-02-08 06:19 - 00308560 ____A (DisplayLink Corp.) C:\Windows\System32\Drivers\dlkmd.sys
2012-07-05 11:17 - 2012-02-08 06:19 - 00015184 ____A (DisplayLink Corp.) C:\Windows\System32\Drivers\dlkmdldr.sys
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd9.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd11.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd10.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd9.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd11.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd10.dll
2012-07-05 11:15 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-05 11:15 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-05 11:15 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-05 11:15 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-05 11:15 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-05 11:15 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-07-05 11:15 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-05 11:15 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-07-05 11:15 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-07-05 11:15 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-05 11:15 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-07-05 11:15 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-07-05 11:15 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-07-05 11:15 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-07-05 11:15 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-05 11:15 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-05 11:15 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-05 11:15 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-05 11:15 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-05 11:15 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-05 11:15 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-05 11:15 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-05 11:15 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-05 11:15 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-05 11:15 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-07-05 11:15 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-05 11:15 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-05 11:15 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-05 11:15 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-05 11:15 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-05 11:15 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-05 11:15 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-05 11:15 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-05 11:15 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-07-05 11:15 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-07-05 11:15 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-07-05 11:15 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-07-05 11:15 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-07-05 11:15 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-07-05 11:15 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-07-05 11:15 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-07-05 11:15 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-07-05 11:15 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-05 11:15 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-07-05 11:15 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-05 11:15 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-07-05 11:15 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-07-05 11:15 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-07-05 11:15 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-07-05 11:15 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-07-05 11:15 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-07-05 11:14 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-07-05 11:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-05 11:11 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-05 11:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-05 11:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-05 11:11 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-05 11:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-05 11:11 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-05 11:11 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-05 11:11 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-04 10:08 - 2012-07-23 05:49 - 00000000 ____D C:\Users\Yoshi\Desktop\Resumes
2012-06-27 07:18 - 2012-06-27 07:18 - 00000000 ____D C:\Users\Yoshi\AppData\Roaming\Airytec
2012-06-27 07:17 - 2012-06-27 07:17 - 00195897 ____A C:\Users\Yoshi\Downloads\swoff341.exe
2012-06-27 07:17 - 2012-06-27 07:17 - 00000000 ____D C:\Program Files\Airytec


============ 3 Months Modified Files ========================

2012-07-25 11:34 - 2012-07-25 10:10 - 00036673 ____A C:\Windows\WindowsUpdate.log
2012-07-25 11:30 - 2009-07-13 20:45 - 00025232 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-25 11:30 - 2009-07-13 20:45 - 00025232 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-25 11:29 - 2012-07-05 11:56 - 00697364 ____A C:\Windows\System32\perfh007.dat
2012-07-25 11:29 - 2012-07-05 11:56 - 00148428 ____A C:\Windows\System32\perfc007.dat
2012-07-25 11:29 - 2009-07-13 21:13 - 01621784 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-25 11:23 - 2012-07-25 10:10 - 00000280 ____A C:\Windows\setupact.log
2012-07-25 11:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-25 11:11 - 2012-07-25 11:11 - 02117108 ____A C:\Users\Yoshi\Desktop\tdsskiller.zip
2012-07-25 11:06 - 2012-07-25 11:06 - 01438391 ____A (Farbar) C:\Users\Yoshi\Desktop\FRST64.exe
2012-07-25 11:05 - 2011-07-04 11:29 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000UA.job
2012-07-25 10:13 - 2012-07-25 10:13 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-07-25 10:10 - 2012-07-25 10:10 - 00000802 ____A C:\Windows\PFRO.log
2012-07-25 10:10 - 2012-07-25 10:10 - 00000000 ____A C:\Windows\setuperr.log
2012-07-24 21:10 - 2011-03-30 18:58 - 00001938 ____A C:\Windows\Sandboxie.ini
2012-07-24 14:05 - 2011-07-04 11:29 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000Core.job
2012-07-24 13:13 - 2011-07-03 16:38 - 00001103 ____A C:\Users\Yoshi\SciTE.session
2012-07-24 09:37 - 2012-03-31 09:32 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-24 09:37 - 2011-05-19 10:20 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-23 05:43 - 2012-07-23 05:43 - 00000068 ____A C:\Users\Yoshi\Desktop\Darker colors in Diablo 3 (Direct3D filter) darkd3.com - YouTube.URL
2012-07-14 19:03 - 2012-07-14 17:54 - 00000809 ____A C:\Users\Yoshi\Desktop\PixelSearch.au3
2012-07-08 15:02 - 2012-07-08 15:02 - 00000082 ____A C:\Users\Yoshi\Desktop\Diablo 3 Mechanics Compendium - IMPORTANT.URL
2012-07-07 18:12 - 2012-07-07 18:12 - 00000115 ____A C:\Users\Yoshi\Desktop\Diablo 3 - Dupe 1.0.3 - YouTube.URL
2012-07-07 02:24 - 2011-04-02 09:59 - 00010844 ____A C:\Users\Yoshi\Desktop\Assets and Liabilities.xlsx
2012-07-06 09:34 - 2012-06-21 10:28 - 00000244 ____A C:\Users\Yoshi\AppData\Roaming\GPU Meter_Settings.ini
2012-07-06 09:33 - 2012-03-07 17:15 - 00001776 ____A C:\Users\Yoshi\AppData\Roaming\System Monitor II_CPU0_Settings.ini
2012-07-05 13:25 - 2010-10-21 02:05 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-05 11:55 - 2012-07-05 11:56 - 00295922 ____A C:\Windows\System32\perfi007.dat
2012-07-05 11:55 - 2012-07-05 11:56 - 00038104 ____A C:\Windows\System32\perfd007.dat
2012-07-05 11:39 - 2009-07-13 20:45 - 00445440 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-05 11:19 - 2011-02-12 15:19 - 00778034 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd9.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd11.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\SysWOW64\dlumd10.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd9.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd11.dll
2012-07-05 11:16 - 2012-07-05 11:16 - 00000000 ____A C:\Windows\System32\dlumd10.dll
2012-07-03 09:46 - 2010-10-21 01:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-07-05 13:24 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2011-03-10 11:19 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2011-01-26 17:02 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2010-11-07 10:27 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2010-11-07 10:27 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2010-11-07 10:27 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2010-11-07 10:27 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 08:21 - 2010-11-07 10:27 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-27 07:17 - 2012-06-27 07:17 - 00195897 ____A C:\Users\Yoshi\Downloads\swoff341.exe
2012-06-24 17:36 - 2012-06-24 17:36 - 00002062 ____A C:\Users\UpdatusUser\Desktop\IconCool Studio 7 Pro.lnk
2012-06-24 17:36 - 2012-06-24 17:36 - 00000022 ____A C:\Windows\SysWOW64\winStudio.bin
2012-06-18 13:07 - 2012-06-18 13:07 - 00000084 ____A C:\Users\Yoshi\Desktop\THE BEST 2011 - YouTube.URL
2012-06-17 23:04 - 2012-06-17 23:04 - 00000082 ____A C:\Users\Yoshi\Desktop\More than Human (TV series) - Wikipedia, the free encyclopedia.URL
2012-06-17 20:57 - 2012-06-17 20:57 - 00000263 ____A C:\Users\Yoshi\Desktop\3rd rock from the sun - Google Search.URL
2012-06-13 00:53 - 2012-06-13 00:53 - 00000117 ____A C:\Users\Yoshi\Desktop\Amazon.com Tears to Tiara [Blu-ray] Artist Not Provided Movies & TV.URL
2012-06-10 14:48 - 2012-06-22 08:49 - 00058880 ____A C:\Windows\System32\ImageSearchDLL_x64.dll
2012-06-08 14:15 - 2012-06-08 14:15 - 00311369 ____A C:\Users\Yoshi\Desktop\Coordinates and color.exe
2012-06-06 23:36 - 2012-06-06 23:36 - 00001414 ____A C:\Users\Yoshi\Desktop\Diablo III.exe (C).lnk
2012-06-05 10:45 - 2010-10-21 02:44 - 00119400 ____A C:\Users\Yoshi\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-03 19:28 - 2010-10-21 01:11 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-03 09:35 - 2012-06-03 09:21 - 00000101 ____A C:\Users\Yoshi\Desktop\Magic card guy.txt
2012-06-02 14:19 - 2012-07-05 11:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-05 11:11 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-05 11:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-05 11:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-05 11:11 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-05 11:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-05 11:11 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-07-05 11:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-07-05 11:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 08:25 - 2010-10-21 00:06 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-24 11:28 - 2012-05-24 11:27 - 00001155 ____A C:\Users\Yoshi\Desktop\Diablo III.exe (F).lnk
2012-05-21 23:26 - 2012-05-21 23:26 - 00000129 ____A C:\Users\Yoshi\Desktop\Leap Motion 3D hands-free motion control, unbound Games Blog - Yahoo! Games.URL
2012-05-21 20:14 - 2010-11-13 21:08 - 00000842 ____A C:\Users\Yoshi\AppData\Roaming\MPQEditor.ini
2012-05-21 09:00 - 2009-07-13 21:08 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-14 20:01 - 2012-07-05 11:15 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-07-05 11:15 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-07-05 11:15 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-07-05 11:15 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-07-05 11:15 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 14:38 - 2012-05-10 14:38 - 00000112 ____A C:\Users\Yoshi\Desktop\War, what is it good for - Tuke International Consulting.URL
2012-05-10 08:37 - 2012-05-10 08:37 - 00000077 ____A C:\Users\Yoshi\Desktop\Writing Skills - Communication Skills Training from MindTools.com.URL
2012-05-09 13:43 - 2011-12-11 19:36 - 00009506 ____A C:\Users\Yoshi\Desktop\My Christmas List.xlsx
2012-05-08 17:36 - 2012-05-08 17:36 - 00000132 ____A C:\Users\Yoshi\Desktop\BardUI++ [v1.33] (May 02, 2012) - Page 84.URL
2012-05-06 14:27 - 2011-07-26 19:33 - 00271200 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-06 14:27 - 2011-07-26 19:33 - 00271200 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-04 03:06 - 2012-07-05 11:15 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-07-05 11:15 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-07-05 11:15 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-07-05 11:15 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-07-05 11:15 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-07-05 11:15 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-30 15:18 - 2011-09-01 03:34 - 00009609 ____A C:\Users\Yoshi\Desktop\FOOD.xlsx
2012-04-27 19:55 - 2012-07-05 11:14 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 8%
Total physical RAM: 12279.11 MB
Available physical RAM: 11256.85 MB
Total Pagefile: 12277.26 MB
Available Pagefile: 11246.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:148.95 GB) (Free:53.51 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:577.17 GB) NTFS
5 Drive h: (PATRIOT) (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          149 GB      0 B         
  Disk 1    Online          931 GB      0 B         
  Disk 2    Online         7640 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            148 GB   101 MB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     Y   System Rese  NTFS   Partition    100 MB  Healthy            

==================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     C                NTFS   Partition    148 GB  Healthy            

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB  1024 KB

==================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     D   New Volume   NTFS   Partition    931 GB  Healthy            

==================================================================================

Partitions of Disk 2:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7636 MB  4032 KB

==================================================================================

Disk: 2
Partition 1
Type  : 0C
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   PATRIOT      FAT32  Removable   7636 MB  Healthy            

==================================================================================

==========================================================

Last Boot: 2012-07-18 10:03

======================= End Of Log ==========================

I am now posting this information here, seeking help, since it seems that the rootkit and the original trojan are still there.

Thank you for any and all hep offered.

Attached Files


Edited by King_Yoshi, 25 July 2012 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 PM

Posted 31 July 2012 - 02:20 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462474 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 31 July 2012 - 12:16 PM

1. Step 1 Done
2. Since the computer has not even been turned on, since I posted the previous logs, I do not see a point in reposting them, since I know nothing has changed.
3. Yes I have a copy of my original windows CD. It can be used for restoration, however a complete wipe IS NOT an option. Too much valuable data is stored on the computer at the moment.
4. I just wanted to ad a few pieces of additional information, which I had forgotten to mention in the previous post.

#1 I flushed both the DNS and Java caches after uninstalling Java completely.
#2 Additionally I had also run CCleaner to clear all cookies and internet cache files from the computer.

Thank you for your time and dedication, I await your response.

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 01 August 2012 - 03:40 PM

King_Yoshi,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Multiple Antivirus Programs
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Lavasoft Ad-Watch Live! Anti-Virus.


:step2: Combofix
Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Edited by jntkwx, 01 August 2012 - 07:54 PM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 August 2012 - 07:51 PM

I apologize for taking s long to respond. I had been checking this site every 3 hours for the last five days, however I happened to not be home when this was posted.

From this point on I will be checking this post constantly, awaiting your replys, so that this can be soled as quickly and efficiently as possible.

Just as a reminder, the infected computer is currently disconnected from the internet, and therefore I will be downloading and transferring all files from my mac laptop to the infected computer via USB.


Below is the requested ComboFix Log.



================================================================================================================================================================
________________________________________________________________________________________________________________________________________________________________

ComboFix 12-07-31.03 - Yoshi 08/01/2012 20:39:18.2.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10424 [GMT -4:00]
Running from: G:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yoshi\AppData\Local\Temp\procexp64.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 00:43 . 2012-08-02 00:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 00:43 . 2012-08-02 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 04:38 . 2012-07-28 04:38 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 18:25 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA19040-5986-4643-B44E-A2DBAC6A7710}\mpengine.dll
2012-07-25 18:13 . 2012-07-25 18:13 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-20 01:47 . 2012-07-20 01:47 -------- d-----w- c:\users\Yoshi\AppData\Local\Cockatrice
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\users\Yoshi\AppData\Roaming\WizardEventReporter
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\program files (x86)\Wizards of the Coast
2012-07-18 04:24 . 2012-07-18 04:24 -------- d-----w- c:\users\Yoshi\AppData\Local\4A Games
2012-07-16 17:08 . 2012-07-16 17:08 -------- d-----w- c:\program files (x86)\TimeBell
2012-07-05 21:24 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\drivers\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\de
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\0407
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\drivers\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\0407
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\de
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2012-07-05 19:50 . 2012-07-05 19:50 1102359 ----a-w- c:\users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Vistalizator\Vistalizator.exe
2012-07-05 19:39 . 2012-07-17 01:48 -------- d-----w- c:\users\Yoshi\AppData\Local\VirtualStore
2012-07-05 19:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-05 19:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-05 19:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-05 19:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-05 19:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-05 19:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-05 19:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-05 19:17 . 2012-02-08 14:19 308560 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2012-07-05 19:17 . 2012-02-08 14:19 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd9.dll
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd11.dll
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd10.dll
2012-07-05 19:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 19:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-05 19:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-05 19:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-05 19:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-05 19:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-05 19:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-05 19:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-05 19:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-05 19:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 19:55 . 2012-07-05 19:55 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-07-05 19:55 . 2012-07-05 19:55 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-07-03 17:46 . 2010-10-21 09:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-03-10 19:19 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-11-07 18:27 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-11-07 18:27 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-11-07 18:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-11-07 18:27 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-11-07 18:27 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-27 01:02 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-10 22:48 . 2012-06-22 16:49 58880 ----a-w- c:\windows\system32\ImageSearchDLL_x64.dll
2012-06-04 03:28 . 2010-10-21 09:11 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-31 16:25 . 2010-10-21 08:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-06 22:27 . 2011-07-27 03:33 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-06 22:27 . 2011-07-27 03:33 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 316416 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
.
c:\users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
procexp.lnk - c:\program files\Process Explorer\procexp.exe [2012-6-29 2691184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1255736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-02-08 15184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 69376]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-02-02 252344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-02-02 41712]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2009-12-28 96896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-02-08 8454064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [2012-02-08 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-02-08 308560]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-10-20 289496]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000Core.job
- c:\users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:29]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000UA.job
- c:\users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 378368 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-02-02 9048392]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 98304]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: googlecode.com\feedflow
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\a4do6tuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cockatrice - c:\program files (x86)\Cockatrice\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Completion time: 2012-08-01 20:47:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 00:47
.
Pre-Run: 58,672,390,144 bytes free
Post-Run: 58,116,206,592 bytes free
.
- - End Of File - - 1FF77FCF3B8EBE68C065DC7F1F8A141D

#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 01 August 2012 - 08:06 PM

King_Yoshi,

No need to apologize, it hasn't been long for you to respond - only a couple hours. :)

It's safe to reconnect your computer to the Internet.

:step1: Multiple Antivirus Programs
Your Combofix log still shows multiple antivirus programs installed. I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Programs and Features in the Control Panel and remove either Avast or Lavasoft Ad-Watch Live! Anti-Virus.

:step2: Rerun Combofix
Please download a NEW version of Combofix from one of these links, and save it to your desktop.
Link 1
Link 2
Link 3
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<

    DirLook::
    C:\ProgramData\Microsoft\Windows\DRM\
    C:\Users\Yoshi\AppData\Local\Temp\
  • Save this as CFScript.txt

    Posted Image

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.


In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 August 2012 - 08:35 PM

To my knowledge I do not use any real time protection, except what is included in windows defender. All other programs are currently just used for scanning.


ComboFix 12-07-31.03 - Yoshi 08/01/2012 21:21:53.3.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10278 [GMT -4:00]
Running from: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 01:25 . 2012-08-02 01:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 01:25 . 2012-08-02 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 04:38 . 2012-07-28 04:38 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 18:25 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCA19040-5986-4643-B44E-A2DBAC6A7710}\mpengine.dll
2012-07-25 18:13 . 2012-07-25 18:13 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-20 01:47 . 2012-07-20 01:47 -------- d-----w- c:\users\Yoshi\AppData\Local\Cockatrice
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\users\Yoshi\AppData\Roaming\WizardEventReporter
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\program files (x86)\Wizards of the Coast
2012-07-18 04:24 . 2012-07-18 04:24 -------- d-----w- c:\users\Yoshi\AppData\Local\4A Games
2012-07-16 17:08 . 2012-07-16 17:08 -------- d-----w- c:\program files (x86)\TimeBell
2012-07-05 21:24 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\drivers\de-DE
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\de
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\0407
2012-07-05 19:56 . 2012-07-05 19:56 -------- d-----w- c:\windows\SysWow64\wbem\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\drivers\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\0407
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\de
2012-07-05 19:55 . 2012-07-05 19:55 -------- d-----w- c:\windows\system32\wbem\de-DE
2012-07-05 19:55 . 2012-07-05 19:55 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2012-07-05 19:50 . 2012-07-05 19:50 1102359 ----a-w- c:\users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities\Vistalizator\Vistalizator.exe
2012-07-05 19:39 . 2012-07-17 01:48 -------- d-----w- c:\users\Yoshi\AppData\Local\VirtualStore
2012-07-05 19:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-05 19:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-05 19:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-05 19:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-05 19:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-05 19:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-05 19:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-05 19:17 . 2012-02-08 14:19 308560 ----a-w- c:\windows\system32\drivers\dlkmd.sys
2012-07-05 19:17 . 2012-02-08 14:19 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd9.dll
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd11.dll
2012-07-05 19:16 . 2012-07-05 19:16 0 ----a-w- c:\windows\system32\dlumd10.dll
2012-07-05 19:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-05 19:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-05 19:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-05 19:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-05 19:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-05 19:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-05 19:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-05 19:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-05 19:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-05 19:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 19:55 . 2012-07-05 19:55 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 2560 ----a-w- c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 5632 ----a-w- c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 51712 ----a-w- c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-07-05 19:55 . 2012-07-05 19:55 29696 ----a-w- c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-07-05 19:55 . 2012-07-05 19:55 16896 ----a-w- c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-07-03 17:46 . 2010-10-21 09:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2011-03-10 19:19 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-11-07 18:27 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-11-07 18:27 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-11-07 18:27 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-11-07 18:27 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-11-07 18:27 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-27 01:02 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-10 22:48 . 2012-06-22 16:49 58880 ----a-w- c:\windows\system32\ImageSearchDLL_x64.dll
2012-06-04 03:28 . 2010-10-21 09:11 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-31 16:25 . 2010-10-21 08:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-06 22:27 . 2011-07-27 03:33 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-06 22:27 . 2011-07-27 03:33 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\Microsoft\Windows\DRM ----
.
2011-03-16 19:46 . 2010-10-22 22:00 1401112 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-619066037-2489160400-3919742858-1000\Indiv01.key
2010-10-22 22:00 . 2010-10-22 22:00 1401112 --sha-w- c:\programdata\Microsoft\Windows\DRM\IndivBox.key
2010-10-22 22:00 . 2010-10-22 22:00 1538096 --sha-w- c:\programdata\Microsoft\Windows\DRM\IndivBox_64.key
2010-10-22 22:00 . 2010-10-22 22:00 11551 --sha-w- c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
2010-10-22 22:00 . 2010-10-22 22:00 11551 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
2010-10-22 22:00 . 2010-10-22 22:00 1401112 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
2010-10-22 22:00 . 2010-10-22 22:00 0 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
2010-10-22 22:00 . 2010-10-22 22:00 1538096 --sha-w- c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01_64.key
2010-10-21 11:45 . 2010-10-21 11:45 20 --sha-w- c:\programdata\Microsoft\Windows\DRM\blackbox.bin
2010-10-21 11:45 . 2010-10-21 11:45 9506 --sha-w- c:\programdata\Microsoft\Windows\DRM\v3ks.bla
2010-10-21 11:45 . 2010-10-21 11:45 740 --sha-w- c:\programdata\Microsoft\Windows\DRM\v3ks.sec
2010-10-21 11:45 . 2011-11-21 06:14 167936 --sha-w- c:\programdata\Microsoft\Windows\DRM\drmstore.hds
.
---- Directory of c:\users\Yoshi\AppData\Local\Temp ----
.
2010-10-20 21:17 . 2010-10-20 21:17 0 ------w- c:\users\Yoshi\AppData\Local\Temp\FXSAPIDebugLogFile.txt
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_00.46.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-02 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-02 01:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-02 00:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 01:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 01:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 00:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 08:21 . 2012-08-02 01:17 58158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 01:17 35780 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-21 08:01 . 2012-08-02 01:17 10554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-619066037-2489160400-3919742858-1000_UserData.bin
+ 2010-10-20 21:05 . 2012-08-02 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-20 21:05 . 2012-08-02 00:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-20 21:05 . 2012-08-02 01:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-20 21:05 . 2012-08-02 00:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-02 00:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 08:55 . 2012-08-02 00:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-21 08:55 . 2012-07-28 03:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-21 08:55 . 2012-07-28 03:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 08:55 . 2012-08-02 00:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-02 00:45 . 2012-08-02 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 01:26 . 2012-08-02 01:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-02 00:43 662972 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-02 01:19 662972 c:\windows\system32\perfh009.dat
- 2012-07-05 19:56 . 2012-08-02 00:43 697364 c:\windows\system32\perfh007.dat
+ 2012-07-05 19:56 . 2012-08-02 01:19 697364 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-08-02 01:19 121840 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 00:43 121840 c:\windows\system32\perfc009.dat
+ 2012-07-05 19:56 . 2012-08-02 01:19 148428 c:\windows\system32\perfc007.dat
- 2012-07-05 19:56 . 2012-08-02 00:43 148428 c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-08-02 00:43 443000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-02 01:25 443000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 316416 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
.
c:\users\Yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
procexp.lnk - c:\program files\Process Explorer\procexp.exe [2012-6-29 2691184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [2011-05-28 173056]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-17 113120]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-26 1255736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2012-02-08 15184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 69376]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2009-12-25 297512]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-02-02 252344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-02-02 41712]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2009-12-28 96896]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-02-08 8454064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.36484.0.sys [2012-02-08 17408]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2012-02-08 308560]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-10-20 289496]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000Core.job
- c:\users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:29]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619066037-2489160400-3919742858-1000UA.job
- c:\users\Yoshi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-04 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2010-07-29 14:15 378368 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-02-02 9048392]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-07-29 98304]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: googlecode.com\feedflow
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Yoshi\AppData\Roaming\Mozilla\Firefox\Profiles\a4do6tuu.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
.
**************************************************************************
.
Completion time: 2012-08-01 21:28:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 01:28
ComboFix2.txt 2012-08-02 00:47
.
Pre-Run: 57,945,325,568 bytes free
Post-Run: 57,880,227,840 bytes free
.
- - End Of File - - B6689675EC5BBA5B55EAC7846F19CE68

#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 01 August 2012 - 08:43 PM

King_Yoshi,

To my knowledge I do not use any real time protection, except what is included in windows defender. All other programs are currently just used for scanning.


Your Combofix log shows that you have Ad-Aware and Avast installed (the DDS Attach file does, too).

Please click on Start, Control Panel, Programs and Features and remove either avast! Free Antivirus or Ad-Aware. Both of these programs contain antivirus components that can conflict with each other, so I strongly recommend removing one of them.


I don't see any malware in your latest log. How is your computer running now? Please be as descriptive as possible.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 August 2012 - 08:48 PM

Avast runs an additional process which I allow it to run, however its real-time protection is not active.

Ad-aware has a additional process that is required for it to run, however I manually enable and disable it.
(It remains disabled at all times, except when I run a scan. Yes I understand the dangers that this exposes Ad-aware to.)

I currently have had a post asking about a certain real-time protection program that I wish to use, and will be trying out some other programs suggested by members of this site.

You can view this thread HERE



I am unable to give you a solid answer as combofix still has my network connections disabled.
In order to re-enable them, to my knowledge, it must first be uninstalled.

May I go ahead and do so?

Edited by King_Yoshi, 01 August 2012 - 08:50 PM.


#10 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 01 August 2012 - 08:51 PM

Okay, that makes sense. I would recommend allowing the realtime protection for Avast.

Let's not uninstall Combofix yet. Combofix shouldn't disable your network connections. Are you able to access the Internet on this computer? Have you tried restarting your computer after having run Combofix?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#11 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 August 2012 - 09:03 PM

Yes the computer was restarted an additional time, after the time combofix rebooted it.

I had to restart the computer 2 more times to get the network connection back. And there currently are no additional connections being made, besides the normal ones.


For my personal knowledge, may I know specifically what kind of malicious software I had on the computer, as it had managed to not only infect this computer, but a second back up computer which I use for program testing, when I directly connected them. (I had wanted to try scanning the infected computer using a clean computer over a network.)

(The backup computer has since been wiped using the "7-Pass Erase")

Edited by King_Yoshi, 01 August 2012 - 09:05 PM.


#12 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 01 August 2012 - 09:09 PM

You had ZeroAccess, which looks in your case like it downloaded additional files (Malwarebytes was able to remove them all.)

Please copy and paste the contents of C:\Qoobox\Add-Remove Programs.txt in your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#13 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 01 August 2012 - 09:32 PM

From reading other peoples threads about this same error on these forums, I gather there is either a maximum number of posts in a specific timespan, or a specific amount of text allowed in a specific timespan.

As a temporary workaround I am copying and pasting the requested text into a new text file attaching it to this post works. but if I try pasting anything longer then 15 lines long I get the error.

I have attached the requested information in two files in .rtf and .txt format.
(I was not sure which would be easier for you to open.)

____________________________________________________________________

You will also notice from reading the text file, that I have Utorrent installed. (Before you warn me about it) I am aware of the dangers of P2P programs, however find it much easier and faster to download game updates using this torrent program, as opposed to the game developers default torrent program.

Attached File  Add-Remove Programs.rtf   5.95KB   0 downloads
Attached File   Add-Remove Programs.txt   5.64KB   2 downloads

____________________________________________________________________

I have also noticed that my video drivers keep crashing and then recovering. It seems that they were effected by the infection and need to be reinstalled.
Can I go ahead and reinstall them, or should I wait?

Edited by King_Yoshi, 02 August 2012 - 12:53 PM.


#14 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:02:57 PM

Posted 02 August 2012 - 04:20 PM

King_Yoshi,

Your computer looks clean, how is it running now?

Yes, go ahead and reinstall the graphics drivers (thanks for asking first! :))


:step1: Uninstall ComboFix and Clean Up
You didn't completely follow my previous instructions (you didn't save Combofix to the desktop). Please download a NEW version of Combofix and save it to your desktop.
Hold down the Windows key and press the R key.
In the run window, type Combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.

:step2: Download and Run OTC
We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click Posted Imageicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Please feel free to post any future computer problems in the appropriate forum, and have a great day! :)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#15 King_Yoshi

King_Yoshi
  • Topic Starter

  • Malware Study Hall Senior
  • 1,322 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 02 August 2012 - 05:21 PM

Everything is running just fine now.

Thank you for your time and patients.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users