TechSpot

Alureon.a rootkit detected by MSSE

Solved
By mrtraver
Jan 6, 2013
  1. Security Essentials suggested running Windows Defender Offline. I could not get it to boot from a CD, but I finally did manage to run it from a flash drive and the tool said it successfully removed the threat. However, when I restarted, MSSE said it was still there. I had already been planning on uninstalling MSSE, and I installed Avast tonight. I have also run a full scan of Malwarebytes Antimalware. While searching for a reliable removal tool, I kept seeing conflicting info. I'm just not sure what to do next to remove this, other than reformat and reinstall windows 7 home 64 bit. Are there any LiveCDs I should try? Or any other suggestions?

    Thank you!!
     
  2. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    =========================

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Thank you! sorry for the delayed response; keep getting bsod.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.09.10
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jake :: JAKE-PC [administrator]
    1/9/2013 7:43:12 PM
    MBAM-log-2013-01-09 (19-49-35).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224951
    Time elapsed: 3 minute(s), 11 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1564 -> No action taken.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Users\jake\Downloads\SWBFII_Patch.exe (Malware.Packer.Gen) -> No action taken.
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end)
    --------------

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/31/2012 6:03:22 PM
    System Uptime: 1/9/2013 8:30:57 PM (0 hours ago)
    .
    Motherboard: ECS | | IC780M-A2
    Processor: AMD Athlon(tm) II X3 455 Processor | CPU 1 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 149.59 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP133: 1/9/2013 7:51:34 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.22 (x64 edition)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    AMD OverDrive
    AMD USB Filter Driver
    ATI Catalyst Install Manager
    avast! Free Antivirus
    Battlefield 1942™
    Beowulf TM
    Black & White® 2
    Command & Conquer 3
    Command & Conquer™ 3: Kane's Wrath
    Diablo II
    Empire Earth III
    Free YouTube Downloader 3.5.128
    GameSpy Arcade
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Java(TM) 6 Update 27
    Java(TM) 6 Update 27 (64-bit)
    K-Lite Mega Codec Pack 7.8.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mass Effect™ 3 Demo
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Origin
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.94
    Rome - Total War(TM) Demo
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Star Wars Battlefront II
    TP-LINK Wireless Client Utility
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    VirtualCloneDrive
    Wheelman
    Windows Driver Package - Realtek (RTL8167) Net (05/22/2009 7.003.0522.2009)
    Xfire (remove only)
    Yontoo 1.10.03
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2013 8:44:19 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
    1/9/2013 8:43:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
    1/9/2013 8:35:15 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/9/2013 8:35:15 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    1/9/2013 8:31:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c2ffd0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-41309-01.
    1/9/2013 7:44:03 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    1/9/2013 6:56:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c6266b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-24039-01.
    1/9/2013 5:12:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fef300d, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d100c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-26052-01.
    1/8/2013 7:09:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f7963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-22807-01.
    1/8/2013 10:34:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    1/8/2013 10:29:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c9a715). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-30576-01.
    1/8/2013 10:27:55 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    1/7/2013 11:20:29 AM, Error: cdrom [15] - The device, \Device\CdRom2, is not ready for access yet.
    1/6/2013 4:09:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    1/6/2013 4:09:04 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/6/2013 4:05:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000007691a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d0c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-26239-01.
    1/6/2013 12:52:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fd0a34, 0xfffff880086bce80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-25630-01.
    1/6/2013 12:49:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00001000000103d9, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d140c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-50294-01.
    1/6/2013 10:35:37 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    1/6/2013 10:20:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    1/5/2013 12:46:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    1/5/2013 12:46:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/5/2013 10:34:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/5/2013 10:34:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/5/2013 10:34:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/5/2013 10:22:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    1/5/2013 10:22:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    1/5/2013 10:18:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d130c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-29655-01.
    1/5/2013 10:15:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
    1/5/2013 10:15:01 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/5/2013 10:15:01 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/5/2013 10:15:01 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/5/2013 10:12:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f7963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-36348-01.
    1/5/2013 1:02:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/5/2013 1:01:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c6666b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-39717-01.
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by jake at 20:44:02 on 2013-01-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2663 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: NameServer = 192.168.0.1 76.7.255.188
    TCP: Interfaces\{09B6E950-66FA-4FF0-AEB0-0D9CFDEF3DCA} : DHCPNameServer = 192.168.0.1 76.7.255.188
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-6 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-6 370288]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-6 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-6 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-6 44808]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-31 34872]
    S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-5-5 124256]
    S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-4-28 1847296]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
    S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2012-3-31 438784]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-10 02:13:42 20480 ----a-w- C:\Windows\svchost.exe
    2013-01-09 23:25:44 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 23:25:44 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 23:25:20 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 23:25:20 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 23:25:19 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 23:25:19 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 23:25:14 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 23:25:14 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 23:25:10 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-09 23:25:10 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-09 23:23:48 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04279EAC-43AF-4255-86E9-996558EBB1BB}\mpengine.dll
    2013-01-09 23:22:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 23:22:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-09 02:42:47 -------- d-----w- C:\Program Files\CCleaner
    2013-01-06 06:46:25 4096000 ----a-w- C:\Program Files (x86)\GUT646E.tmp
    2013-01-06 06:46:25 -------- d-----w- C:\Program Files (x86)\GUM646D.tmp
    2013-01-06 06:40:24 -------- d-----w- C:\Users\jake\AppData\Local\Google
    2013-01-06 06:40:15 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-01-06 06:40:11 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-01-06 06:40:02 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-01-06 06:39:40 41224 ----a-w- C:\Windows\avastSS.scr
    2013-01-06 06:39:30 -------- d-----w- C:\ProgramData\AVAST Software
    2013-01-06 06:39:30 -------- d-----w- C:\Program Files\AVAST Software
    2013-01-06 04:52:04 -------- d-----w- C:\Users\jake\AppData\Local\Programs
    2013-01-06 04:41:57 -------- d-----w- C:\Windows\pss
    2013-01-05 21:09:21 -------- d-----w- C:\Windows\Microsoft Antimalware
    2013-01-01 06:54:29 -------- d-----w- C:\Users\jake\AppData\Local\Stronghold_LLC
    2013-01-01 06:53:20 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2013-01-01 06:52:33 -------- d-----w- C:\Program Files\Babylon
    2013-01-01 06:52:33 -------- d-----w- C:\Program Files (x86)\Babylon
    2013-01-01 06:52:27 -------- d-----w- C:\Users\jake\AppData\Roaming\Strongvault
    2013-01-01 06:52:11 -------- d-----w- C:\Program Files (x86)\Yontoo
    2013-01-01 06:52:08 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-12-21 09:00:53 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 09:00:53 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 09:00:52 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 09:00:51 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-21 01:37:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-21 01:37:57 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-21 01:35:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-21 01:35:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-12 00:56:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-12 00:56:24 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    .
    ============= FINISH: 20:44:15.08 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Part 1:
    22:16:06.0821 1076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    22:16:07.0445 1076 ============================================================
    22:16:07.0445 1076 Current date / time: 2013/01/09 22:16:07.0445
    22:16:07.0445 1076 SystemInfo:
    22:16:07.0445 1076
    22:16:07.0445 1076 OS Version: 6.1.7601 ServicePack: 1.0
    22:16:07.0445 1076 Product type: Workstation
    22:16:07.0445 1076 ComputerName: JAKE-PC
    22:16:07.0445 1076 UserName: jake
    22:16:07.0445 1076 Windows directory: C:\Windows
    22:16:07.0445 1076 System windows directory: C:\Windows
    22:16:07.0445 1076 Running under WOW64
    22:16:07.0445 1076 Processor architecture: Intel x64
    22:16:07.0445 1076 Number of processors: 3
    22:16:07.0445 1076 Page size: 0x1000
    22:16:07.0445 1076 Boot type: Normal boot
    22:16:07.0445 1076 ============================================================
    22:16:07.0617 1076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:16:07.0617 1076 Drive \Device\Harddisk1\DR1 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:16:07.0617 1076 ============================================================
    22:16:07.0617 1076 \Device\Harddisk0\DR0:
    22:16:07.0617 1076 MBR partitions:
    22:16:07.0617 1076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
    22:16:07.0617 1076 \Device\Harddisk1\DR1:
    22:16:07.0617 1076 MBR partitions:
    22:16:07.0617 1076 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xEE4080
    22:16:07.0617 1076 ============================================================
    22:16:07.0648 1076 C: <-> \Device\Harddisk0\DR0\Partition1
    22:16:07.0648 1076 ============================================================
    22:16:07.0648 1076 Initialize success
    22:16:07.0648 1076 ============================================================
    22:16:08.0865 2608 ============================================================
    22:16:08.0865 2608 Scan started
    22:16:08.0865 2608 Mode: Manual;
    22:16:08.0865 2608 ============================================================
    22:16:09.0317 2608 ================ Scan system memory ========================
    22:16:09.0317 2608 System memory - ok
    22:16:09.0317 2608 ================ Scan services =============================
    22:16:09.0489 2608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:16:09.0489 2608 1394ohci - ok
    22:16:09.0567 2608 [ F146E2BA475893DD77B2370DC1211FC6 ] 81202784 C:\Windows\system32\drivers\71681885.sys
    22:16:09.0598 2608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:16:09.0598 2608 ACPI - ok
    22:16:09.0629 2608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:16:09.0629 2608 AcpiPmi - ok
    22:16:09.0692 2608 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:16:09.0692 2608 AdobeARMservice - ok
    22:16:09.0879 2608 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:16:09.0879 2608 AdobeFlashPlayerUpdateSvc - ok
    22:16:09.0910 2608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    22:16:09.0910 2608 adp94xx - ok
    22:16:09.0941 2608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    22:16:09.0941 2608 adpahci - ok
    22:16:09.0957 2608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    22:16:09.0957 2608 adpu320 - ok
    22:16:09.0988 2608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:16:09.0988 2608 AeLookupSvc - ok
    22:16:10.0144 2608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:16:10.0144 2608 AFD - ok
    22:16:10.0175 2608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:16:10.0175 2608 agp440 - ok
    22:16:10.0191 2608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:16:10.0191 2608 ALG - ok
    22:16:10.0207 2608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:16:10.0207 2608 aliide - ok
    22:16:10.0222 2608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:16:10.0222 2608 amdide - ok
    22:16:10.0238 2608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    22:16:10.0238 2608 AmdK8 - ok
    22:16:10.0269 2608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:16:10.0269 2608 AmdPPM - ok
    22:16:10.0316 2608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:16:10.0316 2608 amdsata - ok
    22:16:10.0363 2608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    22:16:10.0363 2608 amdsbs - ok
    22:16:10.0378 2608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:16:10.0378 2608 amdxata - ok
    22:16:10.0456 2608 [ 4FA3B5A200AB70F3B62F2A82DAC8DCBD ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    22:16:10.0472 2608 AODService - ok
    22:16:10.0534 2608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:16:10.0534 2608 AppID - ok
    22:16:10.0565 2608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:16:10.0565 2608 AppIDSvc - ok
    22:16:10.0612 2608 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:16:10.0628 2608 Appinfo - ok
    22:16:10.0659 2608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    22:16:10.0659 2608 arc - ok
    22:16:10.0675 2608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    22:16:10.0675 2608 arcsas - ok
    22:16:10.0893 2608 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:16:10.0893 2608 aspnet_state - ok
    22:16:10.0987 2608 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
    22:16:10.0987 2608 aswFsBlk - ok
    22:16:11.0065 2608 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    22:16:11.0065 2608 aswMonFlt - ok
    22:16:11.0158 2608 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
    22:16:11.0158 2608 aswRdr - ok
    22:16:11.0236 2608 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    22:16:11.0252 2608 aswSnx - ok
    22:16:11.0314 2608 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    22:16:11.0314 2608 aswSP - ok
    22:16:11.0345 2608 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
    22:16:11.0345 2608 aswTdi - ok
    22:16:11.0392 2608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:16:11.0392 2608 AsyncMac - ok
    22:16:11.0439 2608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:16:11.0439 2608 atapi - ok
    22:16:11.0517 2608 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
    22:16:11.0533 2608 athur - ok
    22:16:11.0579 2608 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    22:16:11.0579 2608 AtiPcie - ok
    22:16:11.0626 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:16:11.0626 2608 AudioEndpointBuilder - ok
    22:16:11.0642 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:16:11.0657 2608 AudioSrv - ok
    22:16:11.0735 2608 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:16:11.0751 2608 avast! Antivirus - ok
    22:16:11.0813 2608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:16:11.0813 2608 AxInstSV - ok
    22:16:11.0860 2608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    22:16:11.0860 2608 b06bdrv - ok
    22:16:11.0907 2608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:16:11.0907 2608 b57nd60a - ok
    22:16:11.0907 2608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:16:11.0907 2608 BDESVC - ok
    22:16:11.0938 2608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:16:11.0938 2608 Beep - ok
    22:16:11.0985 2608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:16:12.0001 2608 BFE - ok
    22:16:12.0047 2608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    22:16:12.0063 2608 BITS - ok
    22:16:12.0079 2608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:16:12.0079 2608 blbdrive - ok
    22:16:12.0125 2608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:16:12.0125 2608 bowser - ok
    22:16:12.0141 2608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    22:16:12.0141 2608 BrFiltLo - ok
    22:16:12.0157 2608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    22:16:12.0157 2608 BrFiltUp - ok
    22:16:12.0203 2608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:16:12.0203 2608 Browser - ok
    22:16:12.0219 2608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:16:12.0219 2608 Brserid - ok
    22:16:12.0266 2608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:16:12.0266 2608 BrSerWdm - ok
    22:16:12.0266 2608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:16:12.0266 2608 BrUsbMdm - ok
    22:16:12.0297 2608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:16:12.0297 2608 BrUsbSer - ok
    22:16:12.0344 2608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    22:16:12.0344 2608 BTHMODEM - ok
    22:16:12.0484 2608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:16:12.0484 2608 bthserv - ok
    22:16:12.0515 2608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:16:12.0515 2608 cdfs - ok
    22:16:12.0547 2608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:16:12.0547 2608 cdrom - ok
    22:16:12.0562 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:16:12.0578 2608 CertPropSvc - ok
    22:16:12.0609 2608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    22:16:12.0609 2608 circlass - ok
    22:16:12.0640 2608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:16:12.0640 2608 CLFS - ok
    22:16:12.0703 2608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:16:12.0703 2608 clr_optimization_v2.0.50727_32 - ok
    22:16:12.0749 2608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:16:12.0749 2608 clr_optimization_v2.0.50727_64 - ok
    22:16:12.0890 2608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:16:12.0890 2608 clr_optimization_v4.0.30319_32 - ok
    22:16:12.0905 2608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:16:12.0905 2608 clr_optimization_v4.0.30319_64 - ok
    22:16:12.0937 2608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    22:16:12.0937 2608 CmBatt - ok
    22:16:12.0952 2608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:16:12.0952 2608 cmdide - ok
    22:16:13.0015 2608 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
    22:16:13.0015 2608 CNG - ok
    22:16:13.0030 2608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    22:16:13.0030 2608 Compbatt - ok
    22:16:13.0061 2608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    22:16:13.0061 2608 CompositeBus - ok
    22:16:13.0077 2608 COMSysApp - ok
    22:16:13.0093 2608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    22:16:13.0093 2608 crcdisk - ok
    22:16:13.0155 2608 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:16:13.0155 2608 CryptSvc - ok
    22:16:13.0186 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:16:13.0202 2608 DcomLaunch - ok
    22:16:13.0233 2608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:16:13.0233 2608 defragsvc - ok
    22:16:13.0264 2608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:16:13.0264 2608 DfsC - ok
    22:16:13.0295 2608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:16:13.0295 2608 Dhcp - ok
    22:16:13.0311 2608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:16:13.0311 2608 discache - ok
    22:16:13.0327 2608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    22:16:13.0342 2608 Disk - ok
    22:16:13.0373 2608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:16:13.0373 2608 Dnscache - ok
    22:16:13.0389 2608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:16:13.0389 2608 dot3svc - ok
    22:16:13.0405 2608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:16:13.0405 2608 DPS - ok
    22:16:13.0451 2608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:16:13.0451 2608 drmkaud - ok
    22:16:13.0498 2608 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:16:13.0514 2608 DXGKrnl - ok
    22:16:13.0545 2608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:16:13.0545 2608 EapHost - ok
    22:16:13.0670 2608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    22:16:13.0701 2608 ebdrv - ok
    22:16:13.0732 2608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:16:13.0732 2608 EFS - ok
    22:16:13.0795 2608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:16:13.0810 2608 ehRecvr - ok
    22:16:13.0841 2608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:16:13.0857 2608 ehSched - ok
    22:16:13.0919 2608 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    22:16:13.0919 2608 ElbyCDIO - ok
    22:16:13.0966 2608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    22:16:13.0982 2608 elxstor - ok
    22:16:13.0997 2608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:16:13.0997 2608 ErrDev - ok
    22:16:14.0044 2608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:16:14.0060 2608 EventSystem - ok
    22:16:14.0060 2608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:16:14.0075 2608 exfat - ok
    22:16:14.0075 2608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:16:14.0075 2608 fastfat - ok
    22:16:14.0138 2608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:16:14.0153 2608 Fax - ok
    22:16:14.0185 2608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    22:16:14.0185 2608 fdc - ok
    22:16:14.0185 2608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:16:14.0200 2608 fdPHost - ok
    22:16:14.0200 2608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:16:14.0200 2608 FDResPub - ok
    22:16:14.0216 2608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:16:14.0216 2608 FileInfo - ok
    22:16:14.0231 2608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:16:14.0231 2608 Filetrace - ok
    22:16:14.0231 2608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    22:16:14.0247 2608 flpydisk - ok
    22:16:14.0263 2608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:16:14.0263 2608 FltMgr - ok
    22:16:14.0294 2608 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:16:14.0309 2608 FontCache - ok
    22:16:14.0341 2608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:16:14.0341 2608 FontCache3.0.0.0 - ok
    22:16:14.0356 2608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:16:14.0356 2608 FsDepends - ok
    22:16:14.0387 2608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:16:14.0387 2608 Fs_Rec - ok
    22:16:14.0419 2608 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:16:14.0419 2608 fvevol - ok
    22:16:14.0434 2608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    22:16:14.0434 2608 gagp30kx - ok
    22:16:14.0465 2608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:16:14.0465 2608 gpsvc - ok
    22:16:14.0575 2608 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:16:14.0575 2608 gupdate - ok
    22:16:14.0590 2608 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:16:14.0606 2608 gupdatem - ok
    22:16:14.0668 2608 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:16:14.0684 2608 gusvc - ok
    22:16:14.0715 2608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:16:14.0715 2608 hcw85cir - ok
    22:16:14.0762 2608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:16:14.0762 2608 HdAudAddService - ok
    22:16:14.0824 2608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:16:14.0824 2608 HDAudBus - ok
    22:16:14.0840 2608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    22:16:14.0840 2608 HidBatt - ok
    22:16:14.0871 2608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    22:16:14.0871 2608 HidBth - ok
    22:16:14.0918 2608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    22:16:14.0918 2608 HidIr - ok
    22:16:14.0980 2608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:16:14.0980 2608 hidserv - ok
    22:16:15.0074 2608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:16:15.0074 2608 HidUsb - ok
    22:16:15.0105 2608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:16:15.0121 2608 hkmsvc - ok
    22:16:15.0136 2608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:16:15.0152 2608 HomeGroupListener - ok
    22:16:15.0199 2608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:16:15.0199 2608 HomeGroupProvider - ok
    22:16:15.0230 2608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:16:15.0230 2608 HpSAMD - ok
    22:16:15.0261 2608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:16:15.0277 2608 HTTP - ok
    22:16:15.0292 2608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:16:15.0292 2608 hwpolicy - ok
    22:16:15.0292 2608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:16:15.0292 2608 i8042prt - ok
    22:16:15.0323 2608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:16:15.0339 2608 iaStorV - ok
    22:16:15.0386 2608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:16:15.0401 2608 idsvc - ok
    22:16:15.0417 2608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    22:16:15.0417 2608 iirsp - ok
    22:16:15.0448 2608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:16:15.0448 2608 IKEEXT - ok
    22:16:15.0589 2608 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    22:16:15.0604 2608 IntcAzAudAddService - ok
    22:16:15.0635 2608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:16:15.0635 2608 intelide - ok
    22:16:15.0667 2608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    22:16:15.0667 2608 intelppm - ok
    22:16:15.0698 2608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:16:15.0698 2608 IPBusEnum - ok
    22:16:15.0713 2608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:16:15.0713 2608 IpFilterDriver - ok
    22:16:15.0760 2608 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    22:16:15.0760 2608 iphlpsvc - ok
    22:16:15.0776 2608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:16:15.0776 2608 IPMIDRV - ok
    22:16:15.0791 2608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:16:15.0791 2608 IPNAT - ok
    22:16:15.0823 2608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:16:15.0823 2608 IRENUM - ok
    22:16:15.0838 2608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:16:15.0838 2608 isapnp - ok
    22:16:15.0869 2608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:16:15.0885 2608 iScsiPrt - ok
    22:16:15.0901 2608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:16:15.0901 2608 kbdclass - ok
    22:16:15.0916 2608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:16:15.0916 2608 kbdhid - ok
    22:16:15.0932 2608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:16:15.0932 2608 KeyIso - ok
    22:16:15.0979 2608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:16:15.0979 2608 KSecDD - ok
    22:16:16.0025 2608 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:16:16.0025 2608 KSecPkg - ok
    22:16:16.0025 2608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:16:16.0025 2608 ksthunk - ok
    22:16:16.0072 2608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:16:16.0072 2608 KtmRm - ok
    22:16:16.0103 2608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:16:16.0119 2608 LanmanServer - ok
    22:16:16.0150 2608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:16:16.0166 2608 LanmanWorkstation - ok
    22:16:16.0181 2608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:16:16.0197 2608 lltdio - ok
    22:16:16.0244 2608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:16:16.0259 2608 lltdsvc - ok
    22:16:16.0275 2608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:16:16.0275 2608 lmhosts - ok
    22:16:16.0322 2608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    22:16:16.0322 2608 LSI_FC - ok
    22:16:16.0322 2608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    22:16:16.0337 2608 LSI_SAS - ok
    22:16:16.0337 2608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    22:16:16.0337 2608 LSI_SAS2 - ok
    22:16:16.0353 2608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    22:16:16.0353 2608 LSI_SCSI - ok
    22:16:16.0369 2608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:16:16.0384 2608 luafv - ok
    22:16:16.0400 2608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:16:16.0400 2608 Mcx2Svc - ok
    22:16:16.0415 2608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    22:16:16.0415 2608 megasas - ok
    22:16:16.0431 2608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    22:16:16.0447 2608 MegaSR - ok
    22:16:16.0462 2608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:16:16.0462 2608 MMCSS - ok
    22:16:16.0478 2608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:16:16.0478 2608 Modem - ok
    22:16:16.0509 2608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:16:16.0509 2608 monitor - ok
    22:16:16.0509 2608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:16:16.0509 2608 mouclass - ok
    22:16:16.0525 2608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:16:16.0525 2608 mouhid - ok
    22:16:16.0540 2608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:16:16.0540 2608 mountmgr - ok
    22:16:16.0556 2608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:16:16.0556 2608 mpio - ok
    22:16:16.0571 2608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:16:16.0571 2608 mpsdrv - ok
    22:16:16.0618 2608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:16:16.0634 2608 MpsSvc - ok
    22:16:16.0665 2608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:16:16.0665 2608 MRxDAV - ok
    22:16:16.0681 2608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:16:16.0681 2608 mrxsmb - ok
    22:16:16.0727 2608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:16:16.0727 2608 mrxsmb10 - ok
    22:16:16.0743 2608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:16:16.0743 2608 mrxsmb20 - ok
    22:16:16.0759 2608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:16:16.0759 2608 msahci - ok
    22:16:16.0774 2608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:16:16.0774 2608 msdsm - ok
    22:16:16.0790 2608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:16:16.0790 2608 MSDTC - ok
    22:16:16.0821 2608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:16:16.0821 2608 Msfs - ok
    22:16:16.0821 2608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:16:16.0821 2608 mshidkmdf - ok
    22:16:16.0837 2608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:16:16.0837 2608 msisadrv - ok
    22:16:16.0883 2608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:16:16.0883 2608 MSiSCSI - ok
    22:16:16.0883 2608 msiserver - ok
    22:16:16.0915 2608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:16:16.0915 2608 MSKSSRV - ok
    22:16:16.0915 2608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    22:16:16.0915 2608 MSPCLOCK - ok
    22:16:16.0930 2608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:16:16.0930 2608 MSPQM - ok
    22:16:16.0946 2608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:16:16.0961 2608 MsRPC - ok
    22:16:16.0977 2608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    22:16:16.0977 2608 mssmbios - ok
    22:16:16.0977 2608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:16:16.0977 2608 MSTEE - ok
    22:16:16.0993 2608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    22:16:16.0993 2608 MTConfig - ok
    22:16:17.0008 2608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:16:17.0008 2608 Mup - ok
    22:16:17.0039 2608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:16:17.0055 2608 napagent - ok
    22:16:17.0086 2608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:16:17.0102 2608 NativeWifiP - ok
    22:16:17.0164 2608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:16:17.0180 2608 NDIS - ok
    22:16:17.0195 2608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:16:17.0195 2608 NdisCap - ok
    22:16:17.0211 2608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:16:17.0211 2608 NdisTapi - ok
    22:16:17.0242 2608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:16:17.0242 2608 Ndisuio - ok
    22:16:17.0258 2608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:16:17.0258 2608 NdisWan - ok
    22:16:17.0273 2608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:16:17.0273 2608 NDProxy - ok
     
  6. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Part 2:
    22:16:17.0289 2608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:16:17.0289 2608 NetBIOS - ok
    22:16:17.0305 2608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:16:17.0305 2608 NetBT - ok
    22:16:17.0320 2608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:16:17.0320 2608 Netlogon - ok
    22:16:17.0351 2608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:16:17.0351 2608 Netman - ok
    22:16:17.0383 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:16:17.0398 2608 NetMsmqActivator - ok
    22:16:17.0398 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:16:17.0414 2608 NetPipeActivator - ok
    22:16:17.0445 2608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:16:17.0445 2608 netprofm - ok
    22:16:17.0445 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:16:17.0461 2608 NetTcpActivator - ok
    22:16:17.0461 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:16:17.0461 2608 NetTcpPortSharing - ok
    22:16:17.0476 2608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    22:16:17.0476 2608 nfrd960 - ok
    22:16:17.0539 2608 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:16:17.0539 2608 NlaSvc - ok
    22:16:17.0601 2608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:16:17.0601 2608 Npfs - ok
    22:16:17.0663 2608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:16:17.0663 2608 nsi - ok
    22:16:17.0741 2608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:16:17.0741 2608 nsiproxy - ok
    22:16:17.0851 2608 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:16:17.0882 2608 Ntfs - ok
    22:16:17.0897 2608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:16:17.0897 2608 Null - ok
    22:16:18.0287 2608 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:16:18.0334 2608 nvlddmkm - ok
    22:16:18.0381 2608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:16:18.0381 2608 nvraid - ok
    22:16:18.0397 2608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:16:18.0412 2608 nvstor - ok
    22:16:18.0475 2608 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
    22:16:18.0490 2608 nvsvc - ok
    22:16:18.0615 2608 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:16:18.0631 2608 nvUpdatusService - ok
    22:16:18.0662 2608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:16:18.0662 2608 nv_agp - ok
    22:16:18.0677 2608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:16:18.0677 2608 ohci1394 - ok
    22:16:18.0709 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:16:18.0709 2608 p2pimsvc - ok
    22:16:18.0724 2608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:16:18.0740 2608 p2psvc - ok
    22:16:18.0755 2608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    22:16:18.0755 2608 Parport - ok
    22:16:18.0802 2608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:16:18.0802 2608 partmgr - ok
    22:16:18.0818 2608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:16:18.0833 2608 PcaSvc - ok
    22:16:18.0865 2608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:16:18.0865 2608 pci - ok
    22:16:18.0865 2608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:16:18.0880 2608 pciide - ok
    22:16:18.0896 2608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    22:16:18.0896 2608 pcmcia - ok
    22:16:18.0911 2608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:16:18.0911 2608 pcw - ok
    22:16:18.0927 2608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:16:18.0943 2608 PEAUTH - ok
    22:16:19.0021 2608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:16:19.0021 2608 PerfHost - ok
    22:16:19.0083 2608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:16:19.0099 2608 pla - ok
    22:16:19.0145 2608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:16:19.0161 2608 PlugPlay - ok
    22:16:19.0192 2608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:16:19.0192 2608 PNRPAutoReg - ok
    22:16:19.0208 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:16:19.0223 2608 PNRPsvc - ok
    22:16:19.0270 2608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:16:19.0286 2608 PolicyAgent - ok
    22:16:19.0301 2608 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:16:19.0317 2608 Power - ok
    22:16:19.0348 2608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:16:19.0348 2608 PptpMiniport - ok
    22:16:19.0364 2608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    22:16:19.0364 2608 Processor - ok
    22:16:19.0426 2608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:16:19.0426 2608 ProfSvc - ok
    22:16:19.0442 2608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:16:19.0442 2608 ProtectedStorage - ok
    22:16:19.0473 2608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:16:19.0473 2608 Psched - ok
    22:16:19.0520 2608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    22:16:19.0520 2608 ql2300 - ok
    22:16:19.0535 2608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    22:16:19.0535 2608 ql40xx - ok
    22:16:19.0567 2608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:16:19.0567 2608 QWAVE - ok
    22:16:19.0582 2608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:16:19.0582 2608 QWAVEdrv - ok
    22:16:19.0598 2608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:16:19.0598 2608 RasAcd - ok
    22:16:19.0613 2608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:16:19.0613 2608 RasAgileVpn - ok
    22:16:19.0629 2608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:16:19.0629 2608 RasAuto - ok
    22:16:19.0645 2608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:16:19.0645 2608 Rasl2tp - ok
    22:16:19.0676 2608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:16:19.0676 2608 RasMan - ok
    22:16:19.0691 2608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:16:19.0691 2608 RasPppoe - ok
    22:16:19.0691 2608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:16:19.0691 2608 RasSstp - ok
    22:16:19.0723 2608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:16:19.0723 2608 rdbss - ok
    22:16:19.0723 2608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    22:16:19.0723 2608 rdpbus - ok
    22:16:19.0754 2608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:16:19.0754 2608 RDPCDD - ok
    22:16:19.0769 2608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:16:19.0769 2608 RDPENCDD - ok
    22:16:19.0801 2608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:16:19.0801 2608 RDPREFMP - ok
    22:16:19.0863 2608 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    22:16:19.0863 2608 RdpVideoMiniport - ok
    22:16:19.0925 2608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:16:19.0925 2608 RDPWD - ok
    22:16:19.0972 2608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:16:19.0972 2608 rdyboost - ok
    22:16:20.0035 2608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:16:20.0035 2608 RemoteAccess - ok
    22:16:20.0081 2608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:16:20.0081 2608 RemoteRegistry - ok
    22:16:20.0113 2608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:16:20.0128 2608 RpcEptMapper - ok
    22:16:20.0159 2608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:16:20.0159 2608 RpcLocator - ok
    22:16:20.0191 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:16:20.0206 2608 RpcSs - ok
    22:16:20.0222 2608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:16:20.0222 2608 rspndr - ok
    22:16:20.0237 2608 RT2500 - ok
    22:16:20.0269 2608 [ EC7F0030D58886B0FCD3EEFB1C51F8E2 ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys
    22:16:20.0269 2608 rt61x64 - ok
    22:16:20.0315 2608 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:16:20.0331 2608 RTL8167 - ok
    22:16:20.0347 2608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:16:20.0347 2608 SamSs - ok
    22:16:20.0378 2608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:16:20.0378 2608 sbp2port - ok
    22:16:20.0409 2608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:16:20.0425 2608 SCardSvr - ok
    22:16:20.0440 2608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:16:20.0440 2608 scfilter - ok
    22:16:20.0471 2608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:16:20.0487 2608 Schedule - ok
    22:16:20.0503 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:16:20.0503 2608 SCPolicySvc - ok
    22:16:20.0518 2608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:16:20.0518 2608 SDRSVC - ok
    22:16:20.0549 2608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:16:20.0549 2608 secdrv - ok
    22:16:20.0565 2608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:16:20.0565 2608 seclogon - ok
    22:16:20.0596 2608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:16:20.0596 2608 SENS - ok
    22:16:20.0612 2608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:16:20.0627 2608 SensrSvc - ok
    22:16:20.0659 2608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:16:20.0659 2608 Serenum - ok
    22:16:20.0659 2608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:16:20.0659 2608 Serial - ok
    22:16:20.0674 2608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    22:16:20.0674 2608 sermouse - ok
    22:16:20.0690 2608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:16:20.0705 2608 SessionEnv - ok
    22:16:20.0705 2608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:16:20.0721 2608 sffdisk - ok
    22:16:20.0721 2608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:16:20.0721 2608 sffp_mmc - ok
    22:16:20.0737 2608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:16:20.0737 2608 sffp_sd - ok
    22:16:20.0752 2608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    22:16:20.0752 2608 sfloppy - ok
    22:16:20.0799 2608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:16:20.0799 2608 SharedAccess - ok
    22:16:20.0830 2608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:16:20.0830 2608 ShellHWDetection - ok
    22:16:20.0846 2608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    22:16:20.0846 2608 SiSRaid2 - ok
    22:16:20.0861 2608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    22:16:20.0877 2608 SiSRaid4 - ok
    22:16:20.0893 2608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:16:20.0893 2608 Smb - ok
    22:16:20.0908 2608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:16:20.0924 2608 SNMPTRAP - ok
    22:16:20.0924 2608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:16:20.0924 2608 spldr - ok
    22:16:20.0986 2608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    22:16:21.0002 2608 Spooler - ok
    22:16:21.0127 2608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:16:21.0142 2608 sppsvc - ok
    22:16:21.0158 2608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:16:21.0173 2608 sppuinotify - ok
    22:16:21.0189 2608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:16:21.0189 2608 srv - ok
    22:16:21.0205 2608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:16:21.0220 2608 srv2 - ok
    22:16:21.0220 2608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:16:21.0220 2608 srvnet - ok
    22:16:21.0251 2608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:16:21.0251 2608 SSDPSRV - ok
    22:16:21.0267 2608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:16:21.0267 2608 SstpSvc - ok
    22:16:21.0345 2608 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:16:21.0345 2608 Stereo Service - ok
    22:16:21.0361 2608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    22:16:21.0361 2608 stexstor - ok
    22:16:21.0407 2608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:16:21.0423 2608 stisvc - ok
    22:16:21.0454 2608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    22:16:21.0454 2608 swenum - ok
    22:16:21.0470 2608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:16:21.0485 2608 swprv - ok
    22:16:21.0532 2608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:16:21.0548 2608 SysMain - ok
    22:16:21.0563 2608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:16:21.0563 2608 TabletInputService - ok
    22:16:21.0610 2608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:16:21.0626 2608 TapiSrv - ok
    22:16:21.0641 2608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:16:21.0641 2608 TBS - ok
    22:16:21.0751 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:16:21.0751 2608 Tcpip - ok
    22:16:21.0844 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:16:21.0875 2608 TCPIP6 - ok
    22:16:21.0922 2608 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:16:21.0922 2608 tcpipreg - ok
    22:16:21.0938 2608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:16:21.0938 2608 TDPIPE - ok
    22:16:21.0969 2608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:16:21.0969 2608 TDTCP - ok
    22:16:22.0000 2608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:16:22.0016 2608 tdx - ok
    22:16:22.0031 2608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    22:16:22.0031 2608 TermDD - ok
    22:16:22.0063 2608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:16:22.0063 2608 TermService - ok
    22:16:22.0109 2608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:16:22.0109 2608 Themes - ok
    22:16:22.0125 2608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:16:22.0125 2608 THREADORDER - ok
    22:16:22.0141 2608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:16:22.0141 2608 TrkWks - ok
    22:16:22.0203 2608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:16:22.0219 2608 TrustedInstaller - ok
    22:16:22.0234 2608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:16:22.0234 2608 tssecsrv - ok
    22:16:22.0297 2608 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:16:22.0297 2608 TsUsbFlt - ok
    22:16:22.0343 2608 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    22:16:22.0359 2608 TsUsbGD - ok
    22:16:22.0390 2608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:16:22.0390 2608 tunnel - ok
    22:16:22.0406 2608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    22:16:22.0406 2608 uagp35 - ok
    22:16:22.0437 2608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:16:22.0437 2608 udfs - ok
    22:16:22.0453 2608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:16:22.0453 2608 UI0Detect - ok
    22:16:22.0484 2608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:16:22.0484 2608 uliagpkx - ok
    22:16:22.0515 2608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    22:16:22.0515 2608 umbus - ok
    22:16:22.0531 2608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    22:16:22.0531 2608 UmPass - ok
    22:16:22.0562 2608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:16:22.0562 2608 upnphost - ok
    22:16:22.0609 2608 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
    22:16:22.0609 2608 usbccgp - ok
    22:16:22.0640 2608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:16:22.0640 2608 usbcir - ok
    22:16:22.0687 2608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:16:22.0687 2608 usbehci - ok
    22:16:22.0702 2608 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    22:16:22.0718 2608 usbfilter - ok
    22:16:22.0733 2608 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:16:22.0749 2608 usbhub - ok
    22:16:22.0749 2608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    22:16:22.0765 2608 usbohci - ok
    22:16:22.0765 2608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    22:16:22.0765 2608 usbprint - ok
    22:16:22.0811 2608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:16:22.0811 2608 USBSTOR - ok
    22:16:22.0827 2608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:16:22.0843 2608 usbuhci - ok
    22:16:22.0858 2608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:16:22.0874 2608 UxSms - ok
    22:16:22.0874 2608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:16:22.0874 2608 VaultSvc - ok
    22:16:22.0936 2608 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
    22:16:22.0936 2608 VClone - ok
    22:16:22.0967 2608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:16:22.0967 2608 vdrvroot - ok
    22:16:23.0014 2608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:16:23.0030 2608 vds - ok
    22:16:23.0045 2608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:16:23.0045 2608 vga - ok
    22:16:23.0061 2608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:16:23.0061 2608 VgaSave - ok
    22:16:23.0077 2608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:16:23.0077 2608 vhdmp - ok
    22:16:23.0092 2608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:16:23.0092 2608 viaide - ok
    22:16:23.0092 2608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:16:23.0092 2608 volmgr - ok
    22:16:23.0123 2608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:16:23.0123 2608 volmgrx - ok
    22:16:23.0139 2608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:16:23.0139 2608 volsnap - ok
    22:16:23.0155 2608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    22:16:23.0155 2608 vsmraid - ok
    22:16:23.0217 2608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:16:23.0233 2608 VSS - ok
    22:16:23.0248 2608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:16:23.0248 2608 vwifibus - ok
    22:16:23.0279 2608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:16:23.0279 2608 vwififlt - ok
    22:16:23.0311 2608 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    22:16:23.0311 2608 vwifimp - ok
    22:16:23.0342 2608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    22:16:23.0357 2608 W32Time - ok
    22:16:23.0373 2608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    22:16:23.0373 2608 WacomPen - ok
    22:16:23.0404 2608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:16:23.0420 2608 WANARP - ok
    22:16:23.0435 2608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:16:23.0435 2608 Wanarpv6 - ok
    22:16:23.0513 2608 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:16:23.0529 2608 WatAdminSvc - ok
    22:16:23.0607 2608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:16:23.0623 2608 wbengine - ok
    22:16:23.0638 2608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:16:23.0654 2608 WbioSrvc - ok
    22:16:23.0669 2608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:16:23.0669 2608 wcncsvc - ok
    22:16:23.0685 2608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:16:23.0685 2608 WcsPlugInService - ok
    22:16:23.0701 2608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    22:16:23.0701 2608 Wd - ok
    22:16:23.0779 2608 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:16:23.0794 2608 Wdf01000 - ok
    22:16:23.0794 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:16:23.0810 2608 WdiServiceHost - ok
    22:16:23.0810 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:16:23.0810 2608 WdiSystemHost - ok
    22:16:23.0825 2608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:16:23.0841 2608 WebClient - ok
    22:16:23.0841 2608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:16:23.0857 2608 Wecsvc - ok
    22:16:23.0872 2608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:16:23.0872 2608 wercplsupport - ok
    22:16:23.0888 2608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:16:23.0903 2608 WerSvc - ok
    22:16:23.0903 2608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:16:23.0903 2608 WfpLwf - ok
    22:16:23.0919 2608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:16:23.0919 2608 WIMMount - ok
    22:16:23.0919 2608 WinDefend - ok
    22:16:23.0935 2608 WinHttpAutoProxySvc - ok
    22:16:23.0950 2608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:16:23.0950 2608 Winmgmt - ok
    22:16:24.0044 2608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:16:24.0059 2608 WinRM - ok
    22:16:24.0106 2608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:16:24.0122 2608 Wlansvc - ok
    22:16:24.0137 2608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:16:24.0137 2608 WmiAcpi - ok
    22:16:24.0153 2608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:16:24.0153 2608 wmiApSrv - ok
    22:16:24.0184 2608 WMPNetworkSvc - ok
    22:16:24.0200 2608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:16:24.0215 2608 WPCSvc - ok
    22:16:24.0215 2608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:16:24.0231 2608 WPDBusEnum - ok
    22:16:24.0247 2608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:16:24.0247 2608 ws2ifsl - ok
    22:16:24.0262 2608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    22:16:24.0262 2608 wscsvc - ok
    22:16:24.0262 2608 WSearch - ok
    22:16:24.0387 2608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:16:24.0418 2608 wuauserv - ok
    22:16:24.0449 2608 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:16:24.0465 2608 WudfPf - ok
    22:16:24.0496 2608 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:16:24.0496 2608 WUDFRd - ok
    22:16:24.0543 2608 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:16:24.0559 2608 wudfsvc - ok
    22:16:24.0590 2608 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:16:24.0605 2608 WwanSvc - ok
    22:16:24.0668 2608 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    22:16:24.0668 2608 xusb21 - ok
    22:16:24.0683 2608 ================ Scan global ===============================
    22:16:24.0715 2608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:16:24.0761 2608 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    22:16:24.0777 2608 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
    22:16:24.0808 2608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:16:24.0839 2608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:16:24.0839 2608 [Global] - ok
    22:16:24.0839 2608 ================ Scan MBR ==================================
    22:16:24.0839 2608 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:16:24.0839 2608 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    22:16:24.0902 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    22:16:24.0902 2608 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    22:16:24.0917 2608 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
    22:16:25.0307 2608 \Device\Harddisk1\DR1 - ok
    22:16:25.0307 2608 ================ Scan VBR ==================================
    22:16:25.0307 2608 [ 0171049F9FCFD63183C4F24E9642AF83 ] \Device\Harddisk0\DR0\Partition1
    22:16:25.0323 2608 \Device\Harddisk0\DR0\Partition1 - ok
    22:16:25.0323 2608 [ CFD0E3A00BBF0113E1DB08337CA07BD5 ] \Device\Harddisk1\DR1\Partition1
    22:16:25.0323 2608 \Device\Harddisk1\DR1\Partition1 - ok
    22:16:25.0323 2608 ============================================================
    22:16:25.0323 2608 Scan finished
    22:16:25.0323 2608 ============================================================
    22:16:25.0323 4628 Detected object count: 1
    22:16:25.0323 4628 Actual detected object count: 1
    22:16:28.0583 4628 \Device\Harddisk0\DR0\# - copied to quarantine
    22:16:28.0583 4628 \Device\Harddisk0\DR0 - copied to quarantine
    22:16:28.0677 4628 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    22:16:28.0677 4628 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    22:16:28.0708 4628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    22:16:28.0708 4628 \Device\Harddisk0\DR0 - ok
    22:16:28.0724 4628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    22:16:34.0901 0504 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ========================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  8. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    You rock; thank you so much! My son is in bed now (the computer is in his room) so I will get to these tomorrow night.
     
  9. Broni

    Broni Malware Annihilator Posts: 48,004   +271

  10. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    RogueKiller V8.4.2 _x64_ [Jan 6 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : jake [Admin rights]
    Mode : Remove -- Date : 01/10/2013 20:59:38
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500JS-60NCB1 ATA Device +++++
    --- User ---
    [MBR] 278d335bdf95059ec57630cc0e5eea1a
    [BSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] 24a57655445401ac34048f5cf6c187f0
    [BSP] 1f9e74af6e4afc63ac8b7b9e690327f4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 7624 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_01102013_02d2059.txt >>
    RKreport[1]_S_01102013_02d2059.txt ; RKreport[2]_D_01102013_02d2059.txt
     
  11. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.11.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jake :: JAKE-PC [administrator]
    1/10/2013 9:36:29 PM
    mbar-log-2013-01-10 (21-36-29).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28529
    Time elapsed: 6 minute(s), 52 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\$Recycle.Bin\S-1-5-21-2042701295-3963762134-3223861041-1000\$RSFCS19.exe (Malware.Packer.Gen) -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    (end)

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.11.02
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    jake :: JAKE-PC [administrator]
    1/10/2013 10:12:49 PM
    mbar-log-2013-01-10 (22-12-49).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28479
    Time elapsed: 6 minute(s), 30 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_27
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.293000 GHz
    Memory total: 4294238208, free: 3452522496
    ------------ Kernel report ------------
    01/10/2013 21:00:36
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\athurx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007158790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000071\
    Lower Device Object: 0xfffffa800623d060
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004897790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa8004898060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.11.02
    Downloaded database version: v2013.01.04.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004897790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80048972c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004897790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004896520, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004898060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a001e0fa10, 0xfffffa8004897790, 0xfffffa80058c1790
    Lower DeviceData: 0xfffff8a01012d8e0, 0xfffffa8004898060, 0xfffffa8006603930
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CAB10BEE
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 488392704
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007158790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006bb7580, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007158790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003ffdc00, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa800623d060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a00c3466e0, 0xfffffa8007158790, 0xfffffa8004929090
    Lower DeviceData: 0xfffff8a009f3c590, 0xfffffa800623d060, 0xfffffa80071694d0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3AE63AE5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064 Numsec = 15614080
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 7998537728 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Infected: C:\$Recycle.Bin\S-1-5-21-2042701295-3963762134-3223861041-1000\$RSFCS19.exe --> [Malware.Packer.Gen]
    Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
    Done!
    Scan finished
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Non-administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_27
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.293000 GHz
    Memory total: 4294238208, free: 3315331072
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_27
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 3.293000 GHz
    Memory total: 4294238208, free: 3234471936
    ------------ Kernel report ------------
    01/10/2013 22:06:04
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\Drivers\aswrdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\athurx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8006240060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006f\
    Lower Device Object: 0xfffffa800623d060
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80048ab060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xfffffa8004895680
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    DriverEntry returned 0x0
    Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80048ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80048aba50, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80048ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800486c770, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8004895680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a009ab6a40, 0xfffffa80048ab060, 0xfffffa8003e8c090
    Lower DeviceData: 0xfffff8a00865b140, 0xfffffa8004895680, 0xfffffa8003e6b540
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CAB10BEE
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 488392704
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8006240060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006241040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006240060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800623e040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
    DevicePointer: 0xfffffa800623d060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xfffff8a008aa1750, 0xfffffa8006240060, 0xfffffa8003e6b790
    Lower DeviceData: 0xfffff8a008b0fba0, 0xfffffa800623d060, 0xfffffa80070f3e40
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3AE63AE5
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8064 Numsec = 15614080
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 7998537728 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    ComboFix 13-01-12.01 - jake 01/12/2013 8:58.1.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2969 [GMT -6:00]
    Running from: c:\users\jake\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-12 15:02 . 2013-01-12 15:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-01-12 15:02 . 2013-01-12 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-12 14:52 . 2013-01-12 14:52 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{431F5E9F-7A7B-4488-8EF2-CD1D093631C6}\offreg.dll
    2013-01-11 23:36 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{431F5E9F-7A7B-4488-8EF2-CD1D093631C6}\mpengine.dll
    2013-01-10 04:15 . 2013-01-10 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-09 23:25 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 23:25 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 23:25 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 23:25 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 23:25 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 23:25 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 23:25 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 23:25 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 23:25 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 23:25 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 23:23 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 23:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 23:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 02:42 . 2013-01-09 14:53 -------- d-----w- c:\program files\CCleaner
    2013-01-06 06:46 . 2013-01-06 06:46 -------- d-----w- c:\program files (x86)\GUM646D.tmp
    2013-01-06 06:46 . 2013-01-06 06:46 4096000 ----a-w- c:\program files (x86)\GUT646E.tmp
    2013-01-06 06:45 . 2013-01-06 06:45 -------- d-----w- c:\program files\Google
    2013-01-06 06:40 . 2013-01-06 22:08 -------- d-----w- c:\users\jake\AppData\Local\Google
    2013-01-06 06:40 . 2013-01-06 06:45 -------- d-----w- c:\program files (x86)\Google
    2013-01-06 06:40 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-01-06 06:40 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-01-06 06:40 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-01-06 06:40 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-01-06 06:40 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-01-06 06:40 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-01-06 06:40 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2013-01-06 06:39 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
    2013-01-06 06:39 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2013-01-06 06:39 . 2013-01-06 06:39 -------- d-----w- c:\programdata\AVAST Software
    2013-01-06 06:39 . 2013-01-06 06:39 -------- d-----w- c:\program files\AVAST Software
    2013-01-06 04:52 . 2013-01-06 04:52 -------- d-----w- c:\users\jake\AppData\Local\Programs
    2013-01-05 21:09 . 2013-01-06 22:02 -------- d-----w- c:\windows\Microsoft Antimalware
    2013-01-01 06:54 . 2013-01-01 06:54 -------- d-----w- c:\users\jake\AppData\Local\Stronghold_LLC
    2013-01-01 06:53 . 2013-01-06 04:47 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2013-01-01 06:52 . 2013-01-06 04:45 -------- d-----w- c:\program files\Babylon
    2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\program files (x86)\Babylon
    2013-01-01 06:52 . 2013-01-01 06:55 -------- d-----w- c:\users\jake\AppData\Roaming\Strongvault
    2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\program files (x86)\Yontoo
    2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\programdata\Tarma Installer
    2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-21 01:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-12-21 01:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-12-21 01:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-21 01:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-10 04:56 . 2012-06-09 21:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 04:56 . 2012-03-31 23:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 01:58 . 2012-03-31 23:20 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-14 22:49 . 2012-10-28 16:47 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:45 . 2013-01-09 23:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll
    2012-10-30 02:52 . 2012-10-30 02:53 65432 ----a-w- c:\windows\system32\tepeqapo64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 198896 ----a-w- c:\windows\system32\SRSHP64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
    2012-10-30 02:52 . 2012-10-30 02:53 81248 ----a-w- c:\windows\system32\SFCOM64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 78176 ----a-w- c:\windows\system32\SFAPO64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
    2012-10-30 02:52 . 2012-10-30 02:53 220512 ----a-w- c:\windows\system32\SFNHK64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2012-10-30 02:52 . 2012-10-30 02:53 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 3053160 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2012-10-30 02:52 . 2012-10-30 02:53 2504296 ----a-w- c:\windows\system32\RtPgEx64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 3198056 ----a-w- c:\windows\system32\RtkAPO64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1827944 ----a-w- c:\windows\system32\RtkApi64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 93288 ----a-w- c:\windows\system32\RCoInst64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 204120 ----a-w- c:\windows\system32\RTEED64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1492480 ----a-w- c:\windows\system32\RCoRes64.dat
    2012-10-30 02:52 . 2012-10-30 02:53 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 74072 ----a-w- c:\windows\system32\R4EEG64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 426328 ----a-w- c:\windows\system32\R4EED64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 3308376 ----a-w- c:\windows\system32\R4EEP64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 136024 ----a-w- c:\windows\system32\R4EEL64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 118104 ----a-w- c:\windows\system32\R4EEA64A.dll
    2012-10-30 02:52 . 2012-10-30 02:53 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
    2012-10-30 02:52 . 2012-10-30 02:53 3768152 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2012-10-30 02:52 . 2012-10-30 02:53 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
    2012-10-30 02:52 . 2012-10-30 02:53 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 341336 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
    2012-10-30 02:52 . 2012-10-30 02:53 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
    2012-10-30 02:52 . 2012-10-30 02:53 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 527872 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 515584 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 200800 ----a-w- c:\windows\system32\AERTAC64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 108960 ----a-w- c:\windows\system32\AERTAR64.dll
    2012-10-30 02:52 . 2012-10-30 02:53 1698408 ----a-w- c:\windows\RtlExUpd.dll
    2012-10-16 08:38 . 2012-12-02 19:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-12-02 19:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-12-02 19:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-03 3492504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-05-05 124256]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
    S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - AODDRIVER
    *Deregistered* - AODDriver
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 04:56]
    .
    2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06 06:40]
    .
    2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06 06:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-30 12666984]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    TCP: DhcpNameServer = 192.168.0.1 76.7.255.188
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-52223635.sys
    SafeBoot-81202784.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:47,d6,76,e9,9f,5d,d1,7d,28,eb,d6,e1,e2,9e,6f,15,31,b9,d5,c7,c2,07,94,
    a0,8d,c8,e5,3d,ff,2b,81,7b,b7,29,8c,ab,77,99,ff,57,9d,4c,25,bf,48,22,9d,3a,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:5d,99,de,6a,de,de,76,3e,11,56,4e,ee,93,80,7a,22,60,8f,97,96,9f,
    99,b4,67,48,6b,83,03,39,83,a6,0e,80,5a,3c,4c,4b,4a,3f,81,09,e4,2e,95,70,35,\
    "rkeysecu"=hex:3b,90,08,aa,56,8a,73,9c,26,68,2f,a5,96,b7,a6,55
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-12 09:03:55
    ComboFix-quarantined-files.txt 2013-01-12 15:03
    .
    Pre-Run: 158,064,476,160 bytes free
    Post-Run: 158,079,119,360 bytes free
    .
    - - End Of File - - 42ABE3163CFE80676D28E63AD27246F8
     
  14. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Looks good.

    How is computer doing?

    ===================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    =======================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Doing better - no BSODs since I ran Combofix a few days ago! We havent used the machine much, it was sleeping most of the time.

    ===============

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by jake on Mon 01/14/2013 at 6:43:02.80
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
    Successfully deleted: [Registry Key] hkey_classes_root\appid\babyloniepi.dll
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

    ~~~ Files

    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Users\jake\AppData\Roaming\strongvault"
    Successfully deleted: [Folder] "C:\Users\jake\appdata\local\stronghold_llc"
    Successfully deleted: [Folder] "C:\Users\jake\appdata\locallow\babylontoolbar"
    Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
    Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

    ~~~ Chrome
    Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/14/2013 at 6:49:31.84
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    OTL logfile created on: 1/14/2013 6:58:29 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jake\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.30% Memory free
    8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.88 Gb Total Space | 146.05 Gb Free Space | 62.71% Space Free | Partition Type: NTFS

    Computer Name: JAKE-PC | User Name: jake | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/14 06:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
    PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/09 22:56:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/05 04:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/01/05 18:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
    DRV:64bit: - [2009/05/04 10:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/04/03 05:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 AD EA 14 D6 F0 CD 01 [binary data]
    IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

    [2013/01/05 22:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Google Drive = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 76.7.255.188
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B6E950-66FA-4FF0-AEB0-0D9CFDEF3DCA}: DhcpNameServer = 192.168.0.1 76.7.255.188
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/14 06:57:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
    [2013/01/14 06:43:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/14 06:41:45 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/14 06:41:31 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\jake\Desktop\JRT.exe
    [2013/01/12 09:07:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/12 09:02:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/12 08:57:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/12 08:57:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/12 08:57:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/12 08:57:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/12 08:57:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/09 22:15:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/01/08 22:41:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/01/08 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/01/06 00:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/01/06 00:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2013/01/06 00:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/06 00:40:24 | 000,000,000 | ---D | C] -- C:\Users\jake\AppData\Local\Google
    [2013/01/06 00:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2013/01/06 00:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/01/06 00:40:21 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/01/06 00:40:21 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/01/06 00:40:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/01/06 00:40:13 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/01/06 00:40:11 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/01/06 00:40:02 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/01/06 00:40:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2013/01/06 00:39:40 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/01/06 00:39:39 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2013/01/06 00:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/01/06 00:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/01/05 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\jake\AppData\Local\Programs
    [2013/01/05 22:41:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/01/05 15:09:21 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
    [2013/01/01 00:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/14 06:59:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/14 06:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
    [2013/01/14 06:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/14 06:44:42 | 000,002,283 | ---- | M] () -- C:\Users\jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/14 06:41:44 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\jake\Desktop\JRT.exe
    [2013/01/14 06:38:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/13 17:48:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/11 17:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/11 17:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/11 17:30:58 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/09 22:38:30 | 364,162,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/09 22:15:36 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/09 22:15:36 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/09 22:15:36 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/09 20:32:18 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 20:06:22 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/01/09 20:01:01 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2013/01/09 17:14:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/01/06 00:28:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/12 08:57:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/12 08:57:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/12 08:57:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/12 08:57:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/12 08:57:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/06 00:43:28 | 000,002,283 | ---- | C] () -- C:\Users\jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/06 00:40:35 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/06 00:40:31 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/06 00:40:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/12/21 03:04:25 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/08/11 07:31:25 | 000,000,043 | ---- | C] () -- C:\Users\jake\jagex_cl_runescape_LIVE.dat
    [2012/08/11 07:31:25 | 000,000,024 | ---- | C] () -- C:\Users\jake\random.dat
    [2012/06/23 12:33:54 | 000,000,257 | ---- | C] () -- C:\Windows\RomeTW Demo.ini
    [2012/03/31 17:39:59 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/31 17:34:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/03/31 17:34:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/03/31 17:34:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2012/03/31 17:34:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/03/31 17:34:31 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2012/03/31 17:27:18 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
    [2012/03/31 17:27:18 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
    [2012/03/31 17:27:18 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
    [2012/03/31 17:27:17 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
    [2012/03/31 17:27:17 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
    [2012/03/31 17:27:17 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
    [2012/03/31 17:27:17 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/11/22 19:37:18 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\BigHugeEngine
    [2012/09/14 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Command & Conquer 3 Kane's Wrath
    [2012/05/08 10:20:46 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2012/12/02 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Origin
    [2012/09/16 13:25:30 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Sierra Entertainment

    ========== Purity Check ==========



    < End of report >
     
  16. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    OTL Extras logfile created on: 1/14/2013 6:58:29 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jake\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.30% Memory free
    8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.88 Gb Total Space | 146.05 Gb Free Space | 62.71% Space Free | Partition Type: NTFS

    Computer Name: JAKE-PC | User Name: jake | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0D3900DD-2B0C-4049-84F9-FBE53D12C75C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1D61A25E-0731-4712-97B4-0A89E70D3840}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1D955CD5-DC6B-4376-9363-10E4B619A383}" = lport=138 | protocol=17 | dir=in | app=system |
    "{26553D74-01E2-44A3-ADF8-A5430324722C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{28CA3B4B-D40C-4675-A2DE-25E67BF0B5F1}" = lport=139 | protocol=6 | dir=in | app=system |
    "{38D37173-38B1-472D-8B8D-47D476021A05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5CD088AB-1F1A-4AC5-9343-0F5B676096EA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{65FEE7FE-EAE7-4C55-8B8D-3649A54B6BEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{81C38D34-AEC2-4E4D-B8F0-F359FB6DB373}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{9096C403-D89A-4E41-949A-5A234421F69A}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9239AB14-3A99-4044-8CC1-8829D2369718}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A4FA0F17-21B2-4902-B41D-4B56D1F2520C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A5C11856-558A-4D9F-8B72-5DDCC4D79D9C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{BCED9BED-F1D1-4304-8208-C8F28F51CCE5}" = rport=445 | protocol=6 | dir=out | app=system |
    "{C4460992-0F81-4293-81DB-262AB311CE40}" = lport=137 | protocol=17 | dir=in | app=system |
    "{CD86DDAF-DE52-4010-830B-EA7E6D967FDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF8A688E-059C-4E32-B673-AEB7C6BD18AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D62859ED-0DB8-45DE-AEC9-58BE291C1C59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D848679B-B210-44D8-95D5-7EAD517BAB63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{E8CF6794-6B6A-4A1B-A12A-339EF73A0A65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F18DF755-CAEC-40D8-920E-040492FEC659}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{FC66A018-135D-4468-9CA3-E00D79648A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05AAA6E3-E0D9-4216-AB85-78811F0F5AAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{096222F1-2061-433A-9188-B6ED4DFF449F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0ACA2269-1C48-4650-B2AC-869B7B441083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{112AF7E1-228B-422C-AC3A-27B8AE362623}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
    "{12C43CE6-BE91-4410-8066-F1F383273B80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{20F3D4E9-04DC-4EB5-BD93-58C17CE00D9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{265BC49D-ED7B-4B03-B4D6-8B9D4771E121}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{31B8F030-AE42-4C36-9599-F1852E05BDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
    "{34FBB8C4-C297-4CF9-A0FF-9C4BF5448970}" = protocol=6 | dir=out | app=system |
    "{3BBDD67E-E98B-4EC8-B4F4-5170CF41AB83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3F3A9995-C260-4661-96B1-87904C20A054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5E91778D-6777-4137-8D8E-89E6176EF6F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5F96478B-DAE1-4B0E-9EE0-A52DC2E20C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\empire earth iii\ee3.exe |
    "{68490B1A-DEBF-45A1-90DB-CF056812F8EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{77EF8319-2A7A-4C3D-8838-ED5A8F79263C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{84D8B20C-A350-4DF7-8F9E-079A26C410B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8D2BE6CC-AFB0-4BE4-BD54-982A98B1D17F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
    "{A0538F3B-3C89-489E-A41A-6F5A2F084C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A4DFEC27-EC2F-4720-8D25-8B7B08C7E9A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AB43D590-DD1C-46D0-AB83-8CDC67738FAE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BAB88037-1F2E-404B-885E-A48A5269C29E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C5D5397E-B3A6-4C19-A35E-A4B2C806E3D8}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\empire earth iii\ee3.exe |
    "{C7B7E9A1-5B5A-4E6F-B3C6-4194605F4B3B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
    "{D2DB8FE8-2E3E-4FBF-A70C-EDC3B2F66867}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DA091A18-4C26-4DFE-A709-E31D91E05273}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
    "{DBBD173C-9F01-4FEA-8C86-0E06A0847E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
    "{EC26EFDC-5209-4416-9B6A-E826F3431CC1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{0194E54C-1A49-4149-8418-7B0DB816504A}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
    "TCP Query User{1B75EEB9-BF04-4FA7-98DD-E260A7B1468D}C:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
    "TCP Query User{D0F80D8C-2863-4DDD-94F8-70F938465458}C:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe |
    "TCP Query User{E701133F-F3FC-451E-B06B-2399EA2C189A}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
    "UDP Query User{19290DA7-DCE3-43E7-8401-3BB3FA1F9DD3}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
    "UDP Query User{7B942D6F-10A4-4D94-BCF0-C64956E93FF8}C:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
    "UDP Query User{A2F81C1B-782B-4147-B600-28FECFEF653B}C:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe |
    "UDP Query User{CEB10DE3-6655-4892-9CE9-DCC5F569B770}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{17155770-D9E5-0AB3-F8CB-EA48CC605A79}" = ATI Catalyst Install Manager
    "{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "16849D8BC55E28DE2C17CAD12590AA83D82B0717" = Windows Driver Package - Realtek (RTL8167) Net (05/22/2009 7.003.0522.2009)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War(TM) Demo
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}" = Wheelman
    "{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
    "{477AB6F3-0907-4E90-ABC2-9525CC6AA356}" = Beowulf TM
    "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
    "{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
    "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
    "{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.128
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
    "{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
    "{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
    "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
    "{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "Diablo II" = Diablo II
    "GameSpy Arcade" = GameSpy Arcade
    "Google Chrome" = Google Chrome
    "InstallShield_{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War(TM) Demo
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Origin" = Origin
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "VirtualCloneDrive" = VirtualCloneDrive
    "Xfire" = Xfire (remove only)

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 1/14/2013 8:52:32 AM | Computer Name = jake-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 1/14/2013 9:01:30 AM | Computer Name = jake-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.


    < End of report >
     
  17. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Dupe...
     
  18. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    I still need AdwCleaner log.
     
  19. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Oops, my bad! Had to run it again, but I think I did it wrong the first time anyway - forgot to use the delete key!
    ==========
    # AdwCleaner v2.105 - Logfile created 01/14/2013 at 16:52:09
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : jake - JAKE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\jake\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [2271 octets] - [14/01/2013 16:51:18]
    AdwCleaner[S1].txt - [2242 octets] - [14/01/2013 16:52:09]

    ########## EOF - C:\AdwCleaner[S1].txt - [2302 octets] ##########
     
  20. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    All looks good.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Thanks! It may be Friday before I am able to get to these scans.
     
  22. Broni

    Broni Malware Annihilator Posts: 48,004   +271

  23. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Results of screen317's Security Check version 0.99.57
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 6 Update 27
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Adobe Reader 10.1.0 Adobe Reader out of Date!
    Google Chrome 23.0.1271.97
    Google Chrome 24.0.1312.52
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  24. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    Farbar Service Scanner Version: 16-01-2013
    Ran by jake (administrator) on 18-01-2013 at 08:41:37
    Running from "C:\Users\jake\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  25. mrtraver

    mrtraver TS Enthusiast Topic Starter Posts: 246   +12

    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzA4E7.tmp a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzAB3F.tmp Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzAB6E.tmp Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzABAE.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.