TechSpot

Backdoor.Multi.ZAccess.gen removal

By nibbz
Apr 2, 2012
  1. im using commodo internet security and multiple infections i cant get rid of,
    ive followed the steps for the various logs in order and here they are, also im pretty sure my system restore points are infected too, hopefully soomeone can look at these logs and assist me further, Thanks for ur time, now the logs
    btw im using win7 x64 build 7601
     
  2. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ....

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    nibbz :: POWER-PC [administrator]

    Protection: Disabled

    4/2/2012 9:06:35 PM
    mbam-log-2012-04-02 (21-06-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 245484
    Time elapsed: 6 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

    Registry Keys Detected: 4
    HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

    (end)
     
  3. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by nibbz at 21:31:30 on 2012-04-02
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4623 [GMT -4:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\SysWOW64\IoctlSvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = http=;ftp=;https=;
    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    mWinlogon: Userinit=userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Logitech Flow Scroll: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{82ED97FB-E948-4901-9DB0-724C42A3D609} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{82ED97FB-E948-4901-9DB0-724C42A3D609} : DhcpNameServer = 192.168.1.1
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Toolbar Registrar - No File
    BHO-X64: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\nibbz\AppData\Roaming\Mozilla\Firefox\Profiles\blsi3ew7.default\
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-4 2348352]
    S2 SPService;SPService;C:\Windows\sysWOW64\svchost.exe -k netsvc --> C:\Windows\sysWOW64\svchost.exe -k netsvc [?]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 SKLService;Run software as Windows service;C:\Program Files (x86)\KAward\aklservice.exe [2012-3-13 90112]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 01:06:12 -------- d-----w- C:\Users\nibbz\AppData\Roaming\Malwarebytes
    2012-04-03 01:05:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-02 00:45:08 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-02 00:45:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-01 23:31:48 -------- d-----w- C:\2nd Story Software
    2012-03-30 23:49:13 -------- d-----w- C:\Users\nibbz\AppData\Roaming\mIRC
    2012-03-30 23:49:13 -------- d-----w- C:\Program Files (x86)\mIRC
    2012-03-30 04:39:07 -------- d-----w- C:\Program Files (x86)\Prolific
    2012-03-30 00:49:18 -------- d-----r- C:\Users\nibbz\Virtual Machines
    2012-03-29 22:56:41 -------- d-----w- C:\Windows\System32\appmgmt
    2012-03-27 00:38:08 -------- d-----w- C:\Program Files (x86)\ffdshow
    2012-03-27 00:38:07 42286 ----a-w- C:\Windows\System32\uninstall.exe
    2012-03-27 00:37:59 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2012-03-27 00:37:54 290816 ----a-w- C:\Windows\SysWow64\stFLVSource.ax
    2012-03-27 00:37:53 70656 ----a-w- C:\Windows\SysWow64\RLAPEDec.ax
    2012-03-27 00:37:53 438272 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax
    2012-03-27 00:37:53 217088 ----a-w- C:\Windows\SysWow64\CoreFLACDecoder.ax
    2012-03-27 00:37:53 1184984 ----a-w- C:\Windows\SysWow64\wvc1dmod.dll
    2012-03-27 00:37:53 -------- d-----w- C:\Program Files (x86)\Sothink Movie DVD Maker
    2012-03-27 00:37:53 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
    2012-03-26 22:09:26 -------- d-----w- C:\Users\nibbz\AppData\Local\LogiShrd
    2012-03-26 22:09:18 53248 ----a-r- C:\Users\nibbz\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-03-26 22:09:08 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-03-26 22:08:16 -------- d-----w- C:\Users\nibbz\AppData\Roaming\Logishrd
    2012-03-25 04:05:30 -------- d-----w- C:\Users\nibbz\AppData\Roaming\HideIPEasy
    2012-03-25 04:05:30 -------- d-----w- C:\ProgramData\HideIPEasy
    2012-03-25 04:04:30 -------- d-----w- C:\Program Files (x86)\HideIPEasy
    2012-03-25 02:19:22 -------- d-----w- C:\Program Files (x86)\BitTorrent
    2012-03-25 02:03:13 -------- d-----w- C:\Users\nibbz\AppData\Roaming\AVSoftware
    2012-03-25 01:55:32 307616 ----a-w- C:\Windows\SysWow64\AVLib.dll
    2012-03-25 01:55:21 -------- d-----w- C:\Program Files (x86)\Hide The IP
    2012-03-25 01:54:52 -------- d-----w- C:\Users\nibbz\AppData\Local\PackageAware
    2012-03-25 01:17:56 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
    2012-03-25 01:16:50 -------- d-----we C:\Windows\system64
    2012-03-24 23:19:15 -------- d-----w- C:\MyAudio
    2012-03-24 23:17:14 86683 ----a-w- C:\Windows\SysWow64\pthreadGC2.dll
    2012-03-24 23:17:13 -------- d-----w- C:\Program Files (x86)\AoA Audio Extractor
    2012-03-24 02:16:15 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-24 02:16:15 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-21 23:32:02 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-03-21 23:31:58 -------- d-----w- C:\Users\nibbz\AppData\Local\PunkBuster
    2012-03-21 02:50:30 -------- d-----w- C:\Users\nibbz\AppData\Roaming\ts3overlay
    2012-03-21 02:49:15 -------- d-----w- C:\Users\nibbz\AppData\Roaming\TS3Client
    2012-03-21 02:48:33 -------- d-----w- C:\Users\nibbz\AppData\Local\TeamSpeak 3 Client
    2012-03-18 17:55:15 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2012-03-17 17:57:21 -------- d-----w- C:\ProgramData\Nero
    2012-03-17 17:57:21 -------- d-----w- C:\Program Files (x86)\Nero
    2012-03-17 17:31:43 -------- d-----w- C:\Users\nibbz\AppData\Local\Ahead
    2012-03-17 16:59:17 -------- d-----w- C:\Program Files (x86)\4Videosoft Studio
    2012-03-17 04:46:54 -------- d-----w- C:\Users\nibbz\AppData\Roaming\DVDVideoSoft
    2012-03-17 04:44:54 -------- d-----w- C:\Program Files (x86)\AC3Filter
    2012-03-17 03:41:42 -------- d-----w- C:\Windows\SysWow64\C2MP
    2012-03-14 01:54:04 -------- d-----w- C:\Program Files (x86)\KAward
    2012-03-14 00:29:23 -------- d-----w- C:\ProgramData\k2logs
    2012-03-14 00:28:02 50688 ----a-w- C:\Windows\SysWow64\wbhelp2.dll
    2012-03-14 00:28:02 258352 ----a-w- C:\Windows\SysWow64\unicows.dll
    2012-03-14 00:28:01 544833 ----a-w- C:\Windows\SysWow64\wbocx.ocx
    2012-03-14 00:28:01 28160 ----a-w- C:\Windows\SysWow64\anim.dll
    2012-03-13 22:55:34 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-13 22:55:34 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-13 22:55:33 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-13 21:22:16 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 21:22:15 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 21:22:15 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 21:21:54 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 21:21:54 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 21:21:54 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 21:21:53 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 21:21:53 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 21:21:53 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 21:21:53 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-03-13 21:21:53 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-13 01:24:05 -------- d-----w- C:\Users\nibbz\AppData\Local\Adobe
    2012-03-11 04:39:36 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-03-11 04:39:20 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-03-08 02:24:00 -------- d-----w- C:\Users\nibbz\AppData\Local\FileTypeAssistant
    2012-03-08 02:14:11 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2012-03-08 02:06:59 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2012-03-08 00:01:47 -------- d-----w- C:\Users\nibbz\AppData\Local\ElevatedDiagnostics
    2012-03-07 23:36:47 -------- d-----w- C:\Users\nibbz\AppData\Local\Diagnostics
    2012-03-07 03:40:36 -------- d-----w- C:\Windows\System32\SPReview
    2012-03-07 02:20:53 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2012-03-07 02:20:52 -------- d-----w- C:\Program Files (x86)\Steam
    2012-03-06 04:52:35 -------- d-----w- C:\Windows\System32\EventProviders
    2012-03-06 04:50:59 81920 ----a-w- C:\Windows\SysWow64\userenv.dll
    2012-03-06 04:49:12 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2012-03-06 04:49:12 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2012-03-06 04:49:10 244736 ----a-w- C:\Windows\System32\sqmapi.dll
    2012-03-06 04:25:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-06 04:25:41 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-06 04:25:41 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-03-06 01:19:22 -------- d--h--w- C:\VritualRoot
    2012-03-05 03:15:33 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2012-03-05 03:14:54 -------- d-----w- C:\NVIDIA
    2012-03-04 22:00:39 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-04 21:55:08 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-03-04 21:55:08 -------- d-----w- C:\Windows\System32\Wat
    2012-03-04 21:26:20 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-03-04 21:26:14 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-03-04 21:26:14 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-03-04 21:26:14 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-03-04 21:26:14 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-03-04 21:26:14 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-03-04 21:26:14 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-03-04 21:25:50 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-03-04 21:25:43 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-03-04 19:56:15 -------- d-----w- C:\Users\nibbz\AppData\Local\Comodo
    2012-03-04 18:39:53 -------- d-----w- C:\ProgramData\CPA_VA
    2012-03-04 18:20:01 -------- d-sh--w- C:\Windows\Installer
    2012-03-04 18:20:01 -------- d-----w- C:\ProgramData\Comodo
    2012-03-04 18:20:00 -------- d-----w- C:\Program Files\COMODO
    2012-03-04 18:19:58 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-03-04 18:19:58 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-03-04 18:19:58 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2012-03-04 18:19:58 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-03-04 17:54:58 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2012-03-04 17:53:58 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2012-03-04 17:47:51 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-03-04 17:47:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-03-04 08:41:48 -------- d-sh--w- C:\Boot
    2012-03-04 06:44:53 -------- d-----w- C:\Program Files\CheckPoint
    2012-03-04 06:37:04 -------- d-----w- C:\Windows\SysWow64\RTCOM
    2012-03-04 06:37:04 -------- d-----w- C:\Program Files\Realtek
    2012-03-04 06:37:00 611360 ----a-w- C:\Windows\System32\RTSnMg64.cpl
    2012-03-04 06:37:00 513536 ----a-w- C:\Windows\System32\SRSTSX64.dll
    2012-03-04 06:37:00 332320 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
    2012-03-04 06:37:00 211376 ----a-w- C:\Windows\System32\SRSTSH64.dll
    2012-03-04 06:37:00 193536 ----a-w- C:\Windows\System32\SRSHP64.dll
    2012-03-04 06:37:00 1762080 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
    2012-03-04 06:37:00 150528 ----a-w- C:\Windows\System32\SRSWOW64.dll
    2012-03-04 06:37:00 149536 ----a-w- C:\Windows\System32\RtkCfg64.dll
    2012-03-04 06:37:00 1277984 ----a-w- C:\Windows\System32\RtPgEx64.dll
    2012-03-04 05:52:36 -------- d-sh--we C:\Documents and Settings
    2012-03-04 05:52:36 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-03-28 15:09:23 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-03-26 22:19:11 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-03-21 23:39:01 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-03-21 23:30:45 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
    2012-03-11 21:13:41 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-11 21:13:40 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-11 21:13:38 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-11 21:13:20 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-11 21:13:18 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-11 21:13:17 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-07 03:42:34 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-03-07 03:42:34 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-02-28 00:43:56 4207616 ----a-w- C:\Windows\System32\ffdshow.ax
    2012-02-28 00:43:02 3350528 ----a-w- C:\Windows\SysWow64\ffdshow.ax
    2012-02-28 00:41:52 4492800 ----a-w- C:\Windows\System32\ffmpeg.dll
    2012-02-28 00:39:54 4414976 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
    2012-02-26 16:52:52 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
    2012-02-26 16:52:36 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
    2012-02-26 16:52:30 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
    2012-02-26 16:52:04 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
    2012-02-26 16:51:32 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
    2012-02-26 16:51:30 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
    2012-02-26 16:51:30 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
    2012-02-26 16:51:28 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
    2012-02-26 16:51:28 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
    2012-02-26 16:51:28 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
    2012-02-26 16:51:26 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
    2012-02-26 16:46:18 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
    2012-02-26 16:46:00 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
    2012-02-26 16:46:00 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
    2012-02-26 16:45:58 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
    2012-02-26 16:45:58 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
    2012-02-26 16:45:56 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
    2012-02-26 16:45:56 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
    2012-02-26 16:45:54 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
    2012-02-26 16:45:54 137728 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
    2012-02-24 14:53:50 553984 ----a-w- C:\Windows\System32\LAVSplitter.ax
    2012-02-24 14:53:48 733184 ----a-w- C:\Windows\System32\LAVVideo.ax
    2012-02-24 14:53:44 246272 ----a-w- C:\Windows\System32\LAVAudio.ax
    2012-02-24 14:53:40 202240 ----a-w- C:\Windows\System32\libbluray.dll
    2012-02-24 14:53:34 6622418 ----a-w- C:\Windows\System32\avcodec-lav-54.dll
    2012-02-24 14:53:34 393392 ----a-w- C:\Windows\System32\swscale-lav-2.dll
    2012-02-24 14:53:34 214235 ----a-w- C:\Windows\System32\avutil-lav-51.dll
    2012-02-24 14:53:34 130825 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
    2012-02-24 14:53:34 1013645 ----a-w- C:\Windows\System32\avformat-lav-54.dll
    2012-02-24 14:51:16 461824 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
    2012-02-24 14:51:12 575488 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
    2012-02-24 14:51:08 215040 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
    2012-02-24 14:51:06 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
    2012-02-24 14:51:00 6426793 ----a-w- C:\Windows\SysWow64\avcodec-lav-54.dll
    2012-02-24 14:51:00 369109 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
    2012-02-24 14:51:00 208659 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
    2012-02-24 14:51:00 142647 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
    2012-02-24 14:51:00 1136653 ----a-w- C:\Windows\SysWow64\avformat-lav-54.dll
    2012-02-20 19:41:36 181248 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
    2012-02-20 19:41:16 147968 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
    2012-02-15 12:09:40 1576448 ----a-w- C:\Windows\System32\VSFilter.dll
    2012-02-15 12:08:52 1288192 ----a-w- C:\Windows\SysWow64\VSFilter.dll
    2012-02-10 01:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-01-30 22:30:22 424960 ----a-w- C:\Windows\System32\cdxareader.ax
    2012-01-30 22:30:08 500224 ----a-w- C:\Windows\System32\FLVSplitter.ax
    2012-01-30 22:29:24 381440 ----a-w- C:\Windows\SysWow64\cdxareader.ax
    2012-01-30 22:29:08 445440 ----a-w- C:\Windows\SysWow64\FLVSplitter.ax
    2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    .
    ============= FINISH: 21:31:54.03 ===============
     
  4. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/4/2012 12:54:03 AM
    System Uptime: 4/2/2012 9:16:31 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P6T SE
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 875.477 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Microsoft Teredo Tunneling Adapter
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP29: 3/29/2012 9:15:01 AM - Scheduled Checkpoint
    RP30: 3/29/2012 6:56:06 PM - Removed WinZip 16.0
    RP31: 3/29/2012 8:43:43 PM - Windows Update
    RP32: 3/29/2012 10:39:55 PM - Installed XECUTER CK3 PRO - USB
    RP33: 3/29/2012 10:40:18 PM - Device Driver Package Install: XECUTER Ports (COM & LPT)
    RP34: 3/29/2012 10:47:58 PM - Installed XECUTER CK3 PRO - USB
    RP35: 3/29/2012 10:54:10 PM - Installed PL-2303 USB-to-Serial
    RP36: 3/29/2012 11:13:07 PM - Removed PL-2303 USB-to-Serial
    RP37: 3/29/2012 11:14:33 PM - Installed PL-2303 USB-to-Serial
    RP38: 3/29/2012 11:21:30 PM - Removed XECUTER CK3 PRO - USB
    RP39: 3/30/2012 12:12:13 AM - Removed PL-2303 USB-to-Serial
    RP40: 3/30/2012 12:18:42 AM - Installed PL-2303 USB-to-Serial
    RP41: 3/30/2012 12:26:00 AM - Removed PL-2303 USB-to-Serial
    RP42: 3/30/2012 12:39:00 AM - Installed PL-2303 Vista Driver Installer
    RP43: 4/1/2012 10:01:57 PM - Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.
    RP44: 4/1/2012 11:35:06 PM - 4-01-2012
    RP45: 4/2/2012 1:20:57 PM - Removed WinZip 16.0
    RP46: 4/2/2012 2:43:17 PM - 4-2-2012
    .
    ==== Installed Programs ======================
    .
    4Videosoft YouTube Video Converter
    AC3Filter (remove only)
    Adobe Reader 9.5.0
    AoA Audio Extractor
    AviSynth 2.5
    Award Keylogger 1.41
    Battlefield: Bad Company 2
    Comodo Dragon
    COMODO GeekBuddy
    Counter-Strike: Source
    eReg
    ffdshow [rev 2583] [2009-01-05]
    Haali Media Splitter
    Hide IP Easy
    Malwarebytes Anti-Malware version 1.60.1.1000
    Media Player Codec Pack 4.1.8
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Ultra Edition
    neroxml
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PunkBuster Services
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Sothink Movie DVD Maker
    Steam
    TeamSpeak 3 Client
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WinRAR 4.11 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/2/2012 9:18:51 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: account logon time restriction violation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    4/2/2012 9:18:51 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    4/2/2012 9:16:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tcoifh
    4/2/2012 9:16:51 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
    4/2/2012 9:16:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    4/2/2012 9:16:50 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    4/2/2012 9:16:50 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    4/2/2012 12:57:01 PM, Error: NetBT [4300] - The driver could not be created.
    4/2/2012 1:27:17 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    4/2/2012 1:16:41 PM, Error: Service Control Manager [7030] - The SKLService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    4/1/2012 9:54:20 PM, Error: Service Control Manager [7034] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 3 time(s).
    4/1/2012 9:44:14 PM, Error: Service Control Manager [7031] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    4/1/2012 9:37:08 PM, Error: Service Control Manager [7031] - The Block Level Backup Engine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    4/1/2012 8:26:47 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    4/1/2012 7:55:51 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    4/1/2012 11:12:12 PM, Error: Schannel [36887] - The following fatal alert was received: 47.
    3/31/2012 4:49:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user power-pc\Guest SID (S-1-5-21-2229031567-2039182235-2669899420-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/30/2012 8:55:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    3/29/2012 7:43:58 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/29/2012 11:22:59 PM, Error: Service Control Manager [7000] - The PORTIO64 service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    .
    ==== End Of File ===========================
     
  5. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    GMER produced no log...
     
  6. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ..

    ran TDSSkiller..heres the log....still infected


    22:01:49.0749 1532 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
    22:01:49.0999 1532 ============================================================
    22:01:49.0999 1532 Current date / time: 2012/04/02 22:01:49.0999
    22:01:49.0999 1532 SystemInfo:
    22:01:49.0999 1532
    22:01:49.0999 1532 OS Version: 6.1.7601 ServicePack: 1.0
    22:01:49.0999 1532 Product type: Workstation
    22:01:49.0999 1532 ComputerName: POWER-PC
    22:01:50.0015 1532 UserName: nibbz
    22:01:50.0015 1532 Windows directory: C:\Windows
    22:01:50.0015 1532 System windows directory: C:\Windows
    22:01:50.0015 1532 Running under WOW64
    22:01:50.0015 1532 Processor architecture: Intel x64
    22:01:50.0015 1532 Number of processors: 8
    22:01:50.0015 1532 Page size: 0x1000
    22:01:50.0015 1532 Boot type: Normal boot
    22:01:50.0015 1532 ============================================================
    22:01:50.0904 1532 Drive \Device\Harddisk1\DR1 - Size: 0x393FDE000 (14.31 Gb), SectorSize: 0x200, Cylinders: 0x74C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:01:50.0919 1532 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:01:50.0935 1532 \Device\Harddisk1\DR1:
    22:01:50.0935 1532 MBR used
    22:01:50.0935 1532 \Device\Harddisk0\DR0:
    22:01:50.0935 1532 MBR used
    22:01:50.0935 1532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705C5F
    22:01:50.0935 1532 Initialize success
    22:01:50.0935 1532 ============================================================
    22:01:53.0727 2504 ============================================================
    22:01:53.0727 2504 Scan started
    22:01:53.0727 2504 Mode: Manual;
    22:01:53.0727 2504 ============================================================
    22:01:54.0679 2504 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:01:54.0679 2504 1394ohci - ok
    22:01:54.0695 2504 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:01:54.0695 2504 ACPI - ok
    22:01:54.0710 2504 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:01:54.0710 2504 AcpiPmi - ok
    22:01:54.0741 2504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    22:01:54.0741 2504 adp94xx - ok
    22:01:54.0819 2504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    22:01:54.0819 2504 adpahci - ok
    22:01:54.0851 2504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    22:01:54.0851 2504 adpu320 - ok
    22:01:54.0882 2504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:01:54.0882 2504 AeLookupSvc - ok
    22:01:54.0913 2504 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    22:01:54.0929 2504 AFD - ok
    22:01:55.0007 2504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:01:55.0007 2504 agp440 - ok
    22:01:55.0022 2504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:01:55.0022 2504 ALG - ok
    22:01:55.0053 2504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:01:55.0053 2504 aliide - ok
    22:01:55.0053 2504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:01:55.0053 2504 amdide - ok
    22:01:55.0100 2504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    22:01:55.0100 2504 AmdK8 - ok
    22:01:55.0100 2504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    22:01:55.0100 2504 AmdPPM - ok
    22:01:55.0131 2504 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:01:55.0131 2504 amdsata - ok
    22:01:55.0194 2504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    22:01:55.0194 2504 amdsbs - ok
    22:01:55.0209 2504 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:01:55.0209 2504 amdxata - ok
    22:01:55.0256 2504 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:01:55.0256 2504 AppID - ok
    22:01:55.0287 2504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:01:55.0287 2504 AppIDSvc - ok
    22:01:55.0319 2504 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    22:01:55.0319 2504 Appinfo - ok
    22:01:55.0381 2504 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    22:01:55.0381 2504 AppMgmt - ok
    22:01:55.0428 2504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    22:01:55.0428 2504 arc - ok
    22:01:55.0443 2504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    22:01:55.0443 2504 arcsas - ok
    22:01:55.0475 2504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:01:55.0475 2504 AsyncMac - ok
    22:01:55.0490 2504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:01:55.0490 2504 atapi - ok
    22:01:55.0584 2504 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:01:55.0584 2504 AudioEndpointBuilder - ok
    22:01:55.0599 2504 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:01:55.0599 2504 AudioSrv - ok
    22:01:55.0631 2504 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    22:01:55.0631 2504 AxInstSV - ok
    22:01:55.0740 2504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    22:01:55.0740 2504 b06bdrv - ok
    22:01:55.0787 2504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:01:55.0787 2504 b57nd60a - ok
    22:01:55.0802 2504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:01:55.0802 2504 BDESVC - ok
    22:01:55.0880 2504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:01:55.0880 2504 Beep - ok
    22:01:55.0911 2504 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    22:01:55.0911 2504 BITS - ok
    22:01:55.0958 2504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    22:01:55.0958 2504 blbdrive - ok
    22:01:56.0005 2504 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    22:01:56.0005 2504 bowser - ok
    22:01:56.0052 2504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:01:56.0052 2504 BrFiltLo - ok
    22:01:56.0067 2504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:01:56.0067 2504 BrFiltUp - ok
    22:01:56.0083 2504 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    22:01:56.0083 2504 Browser - ok
    22:01:56.0114 2504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:01:56.0114 2504 Brserid - ok
    22:01:56.0114 2504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:01:56.0114 2504 BrSerWdm - ok
    22:01:56.0114 2504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:01:56.0114 2504 BrUsbMdm - ok
    22:01:56.0130 2504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:01:56.0130 2504 BrUsbSer - ok
    22:01:56.0130 2504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    22:01:56.0130 2504 BTHMODEM - ok
    22:01:56.0145 2504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:01:56.0145 2504 bthserv - ok
    22:01:56.0177 2504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:01:56.0177 2504 cdfs - ok
    22:01:56.0223 2504 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    22:01:56.0223 2504 cdrom - ok
    22:01:56.0286 2504 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:01:56.0286 2504 CertPropSvc - ok
    22:01:56.0333 2504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    22:01:56.0333 2504 circlass - ok
    22:01:56.0364 2504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:01:56.0364 2504 CLFS - ok
    22:01:56.0442 2504 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    22:01:56.0442 2504 CLPSLS - ok
    22:01:56.0489 2504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:01:56.0489 2504 clr_optimization_v2.0.50727_32 - ok
    22:01:56.0520 2504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:01:56.0520 2504 clr_optimization_v2.0.50727_64 - ok
    22:01:56.0582 2504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:01:56.0582 2504 clr_optimization_v4.0.30319_32 - ok
    22:01:56.0598 2504 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:01:56.0598 2504 clr_optimization_v4.0.30319_64 - ok
    22:01:56.0660 2504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:01:56.0660 2504 CmBatt - ok
    22:01:56.0754 2504 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    22:01:56.0769 2504 cmdAgent - ok
    22:01:56.0847 2504 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
    22:01:56.0847 2504 cmderd - ok
    22:01:56.0863 2504 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
    22:01:56.0863 2504 cmdGuard - ok
    22:01:56.0894 2504 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
    22:01:56.0894 2504 cmdHlp - ok
    22:01:56.0925 2504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:01:56.0941 2504 cmdide - ok
    22:01:57.0035 2504 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:01:57.0035 2504 CNG - ok
    22:01:57.0128 2504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    22:01:57.0128 2504 Compbatt - ok
    22:01:57.0175 2504 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    22:01:57.0175 2504 CompositeBus - ok
    22:01:57.0206 2504 COMSysApp - ok
    22:01:57.0222 2504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    22:01:57.0222 2504 crcdisk - ok
    22:01:57.0315 2504 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    22:01:57.0315 2504 CryptSvc - ok
    22:01:57.0347 2504 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    22:01:57.0362 2504 CSC - ok
    22:01:57.0378 2504 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
    22:01:57.0378 2504 CscService - ok
    22:01:57.0425 2504 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:01:57.0440 2504 DcomLaunch - ok
    22:01:57.0471 2504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:01:57.0471 2504 defragsvc - ok
    22:01:57.0518 2504 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:01:57.0518 2504 DfsC - ok
    22:01:57.0565 2504 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    22:01:57.0565 2504 Dhcp - ok
    22:01:57.0596 2504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:01:57.0596 2504 discache - ok
    22:01:57.0643 2504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    22:01:57.0643 2504 Disk - ok
    22:01:57.0690 2504 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    22:01:57.0705 2504 Dnscache - ok
    22:01:57.0737 2504 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    22:01:57.0737 2504 dot3svc - ok
    22:01:57.0768 2504 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    22:01:57.0768 2504 DPS - ok
    22:01:57.0846 2504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:01:57.0846 2504 drmkaud - ok
    22:01:57.0893 2504 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:01:57.0893 2504 DXGKrnl - ok
    22:01:57.0939 2504 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    22:01:57.0939 2504 E1G60 - ok
    22:01:57.0955 2504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:01:57.0955 2504 EapHost - ok
    22:01:58.0033 2504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    22:01:58.0064 2504 ebdrv - ok
    22:01:58.0080 2504 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    22:01:58.0080 2504 EFS - ok
    22:01:58.0127 2504 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    22:01:58.0127 2504 ehRecvr - ok
    22:01:58.0158 2504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:01:58.0158 2504 ehSched - ok
    22:01:58.0205 2504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    22:01:58.0220 2504 elxstor - ok
    22:01:58.0236 2504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:01:58.0236 2504 ErrDev - ok
    22:01:58.0267 2504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:01:58.0267 2504 EventSystem - ok
    22:01:58.0298 2504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:01:58.0298 2504 exfat - ok
    22:01:58.0345 2504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:01:58.0345 2504 fastfat - ok
    22:01:58.0407 2504 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    22:01:58.0407 2504 Fax - ok
    22:01:58.0423 2504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    22:01:58.0423 2504 fdc - ok
    22:01:58.0439 2504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:01:58.0439 2504 fdPHost - ok
    22:01:58.0454 2504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:01:58.0454 2504 FDResPub - ok
    22:01:58.0485 2504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:01:58.0485 2504 FileInfo - ok
    22:01:58.0501 2504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:01:58.0501 2504 Filetrace - ok
    22:01:58.0532 2504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:01:58.0532 2504 flpydisk - ok
    22:01:58.0548 2504 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:01:58.0548 2504 FltMgr - ok
    22:01:58.0579 2504 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    22:01:58.0595 2504 FontCache - ok
    22:01:58.0641 2504 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:01:58.0641 2504 FontCache3.0.0.0 - ok
    22:01:58.0688 2504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:01:58.0688 2504 FsDepends - ok
    22:01:58.0704 2504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    22:01:58.0704 2504 Fs_Rec - ok
    22:01:58.0751 2504 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:01:58.0751 2504 fvevol - ok
    22:01:58.0782 2504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:01:58.0782 2504 gagp30kx - ok
    22:01:58.0813 2504 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    22:01:58.0829 2504 gpsvc - ok
    22:01:58.0860 2504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:01:58.0860 2504 hcw85cir - ok
    22:01:58.0922 2504 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    22:01:58.0922 2504 HdAudAddService - ok
    22:01:58.0985 2504 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    22:01:58.0985 2504 HDAudBus - ok
    22:01:59.0031 2504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    22:01:59.0031 2504 HidBatt - ok
    22:01:59.0031 2504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    22:01:59.0031 2504 HidBth - ok
    22:01:59.0031 2504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    22:01:59.0031 2504 HidIr - ok
    22:01:59.0063 2504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    22:01:59.0063 2504 hidserv - ok
    22:01:59.0125 2504 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    22:01:59.0125 2504 HidUsb - ok
    22:01:59.0172 2504 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    22:01:59.0172 2504 hkmsvc - ok
    22:01:59.0203 2504 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    22:01:59.0203 2504 HomeGroupListener - ok
    22:01:59.0234 2504 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    22:01:59.0234 2504 HomeGroupProvider - ok
    22:01:59.0281 2504 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:01:59.0281 2504 HpSAMD - ok
    22:01:59.0375 2504 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:01:59.0375 2504 HTTP - ok
    22:01:59.0390 2504 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:01:59.0390 2504 hwpolicy - ok
    22:01:59.0437 2504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    22:01:59.0437 2504 i8042prt - ok
    22:01:59.0484 2504 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:01:59.0484 2504 iaStorV - ok
    22:01:59.0531 2504 icsak - ok
    22:01:59.0593 2504 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:01:59.0609 2504 idsvc - ok
    22:01:59.0655 2504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    22:01:59.0655 2504 iirsp - ok
    22:01:59.0702 2504 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    22:01:59.0718 2504 IKEEXT - ok
    22:01:59.0780 2504 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
    22:01:59.0780 2504 inspect - ok
    22:01:59.0858 2504 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
    22:01:59.0874 2504 IntcAzAudAddService - ok
    22:01:59.0905 2504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:01:59.0905 2504 intelide - ok
    22:01:59.0967 2504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:01:59.0967 2504 intelppm - ok
    22:01:59.0999 2504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:01:59.0999 2504 IPBusEnum - ok
    22:02:00.0030 2504 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:02:00.0030 2504 IpFilterDriver - ok
    22:02:00.0045 2504 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:02:00.0045 2504 IPMIDRV - ok
    22:02:00.0092 2504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:02:00.0092 2504 IPNAT - ok
    22:02:00.0170 2504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:02:00.0170 2504 IRENUM - ok
    22:02:00.0186 2504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:02:00.0186 2504 isapnp - ok
    22:02:00.0201 2504 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:02:00.0217 2504 iScsiPrt - ok
    22:02:00.0233 2504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:02:00.0233 2504 kbdclass - ok
    22:02:00.0264 2504 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:02:00.0264 2504 kbdhid - ok
    22:02:00.0279 2504 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:02:00.0279 2504 KeyIso - ok
    22:02:00.0326 2504 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:02:00.0326 2504 KSecDD - ok
    22:02:00.0342 2504 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:02:00.0342 2504 KSecPkg - ok
    22:02:00.0389 2504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:02:00.0389 2504 ksthunk - ok
    22:02:00.0435 2504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:02:00.0451 2504 KtmRm - ok
    22:02:00.0529 2504 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    22:02:00.0529 2504 LanmanServer - ok
    22:02:00.0545 2504 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    22:02:00.0560 2504 LanmanWorkstation - ok
    22:02:00.0654 2504 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    22:02:00.0654 2504 LBTServ - ok
    22:02:00.0747 2504 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    22:02:00.0747 2504 LHidFilt - ok
    22:02:00.0794 2504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:02:00.0794 2504 lltdio - ok
    22:02:00.0825 2504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:02:00.0841 2504 lltdsvc - ok
    22:02:00.0841 2504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:02:00.0857 2504 lmhosts - ok
    22:02:00.0935 2504 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    22:02:00.0935 2504 LMouFilt - ok
    22:02:00.0981 2504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:02:00.0981 2504 LSI_FC - ok
    22:02:00.0981 2504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:02:00.0981 2504 LSI_SAS - ok
    22:02:00.0997 2504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:02:00.0997 2504 LSI_SAS2 - ok
    22:02:01.0044 2504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:02:01.0044 2504 LSI_SCSI - ok
    22:02:01.0122 2504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:02:01.0122 2504 luafv - ok
    22:02:01.0153 2504 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    22:02:01.0153 2504 MBAMProtector - ok
    22:02:01.0215 2504 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:02:01.0215 2504 MBAMService - ok
    22:02:01.0278 2504 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    22:02:01.0278 2504 Mcx2Svc - ok
    22:02:01.0309 2504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    22:02:01.0309 2504 megasas - ok
    22:02:01.0325 2504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    22:02:01.0325 2504 MegaSR - ok
    22:02:01.0371 2504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:02:01.0371 2504 MMCSS - ok
    22:02:01.0418 2504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:02:01.0418 2504 Modem - ok
    22:02:01.0496 2504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:02:01.0496 2504 monitor - ok
    22:02:01.0543 2504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:02:01.0543 2504 mouclass - ok
    22:02:01.0574 2504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:02:01.0574 2504 mouhid - ok
    22:02:01.0605 2504 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:02:01.0605 2504 mountmgr - ok
    22:02:01.0668 2504 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:02:01.0668 2504 mpio - ok
    22:02:01.0683 2504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:02:01.0683 2504 mpsdrv - ok
    22:02:01.0715 2504 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:02:01.0715 2504 MRxDAV - ok
    22:02:01.0730 2504 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:02:01.0730 2504 mrxsmb - ok
    22:02:01.0746 2504 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:02:01.0746 2504 mrxsmb10 - ok
    22:02:01.0793 2504 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:02:01.0793 2504 mrxsmb20 - ok
    22:02:01.0824 2504 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:02:01.0824 2504 msahci - ok
    22:02:01.0839 2504 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:02:01.0839 2504 msdsm - ok
    22:02:01.0871 2504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:02:01.0871 2504 MSDTC - ok
    22:02:01.0886 2504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:02:01.0886 2504 Msfs - ok
    22:02:01.0933 2504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:02:01.0933 2504 mshidkmdf - ok
    22:02:01.0949 2504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:02:01.0949 2504 msisadrv - ok
    22:02:01.0995 2504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:02:01.0995 2504 MSiSCSI - ok
    22:02:01.0995 2504 msiserver - ok
    22:02:02.0027 2504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:02:02.0042 2504 MSKSSRV - ok
    22:02:02.0042 2504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:02:02.0042 2504 MSPCLOCK - ok
    22:02:02.0058 2504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:02:02.0058 2504 MSPQM - ok
    22:02:02.0089 2504 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:02:02.0089 2504 MsRPC - ok
    22:02:02.0151 2504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    22:02:02.0151 2504 mssmbios - ok
    22:02:02.0167 2504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:02:02.0167 2504 MSTEE - ok
    22:02:02.0167 2504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    22:02:02.0167 2504 MTConfig - ok
    22:02:02.0214 2504 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    22:02:02.0214 2504 MTsensor - ok
    22:02:02.0245 2504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:02:02.0245 2504 Mup - ok
    22:02:02.0276 2504 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    22:02:02.0292 2504 napagent - ok
    22:02:02.0354 2504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:02:02.0354 2504 NativeWifiP - ok
    22:02:02.0448 2504 NBService (3bae2bfcb6d69e19c8373f635dd544dc) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    22:02:02.0448 2504 NBService - ok
    22:02:02.0541 2504 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    22:02:02.0557 2504 NDIS - ok
    22:02:02.0604 2504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:02:02.0604 2504 NdisCap - ok
    22:02:02.0635 2504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:02:02.0635 2504 NdisTapi - ok
    22:02:02.0697 2504 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:02:02.0697 2504 Ndisuio - ok
    22:02:02.0729 2504 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:02:02.0729 2504 NdisWan - ok
    22:02:02.0744 2504 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:02:02.0760 2504 NDProxy - ok
    22:02:02.0791 2504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:02:02.0791 2504 NetBIOS - ok
    22:02:02.0853 2504 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:02:02.0853 2504 NetBT - ok
    22:02:02.0869 2504 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:02:02.0869 2504 Netlogon - ok
    22:02:02.0916 2504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:02:02.0916 2504 Netman - ok
    22:02:02.0931 2504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:02:02.0931 2504 netprofm - ok
    22:02:02.0978 2504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:02:02.0978 2504 NetTcpPortSharing - ok
    22:02:03.0025 2504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    22:02:03.0025 2504 nfrd960 - ok
    22:02:03.0072 2504 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    22:02:03.0072 2504 NlaSvc - ok
    22:02:03.0181 2504 NMIndexingService (193fa51dddd0bffded1c340f0434999a) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    22:02:03.0181 2504 NMIndexingService - ok
    22:02:03.0243 2504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:02:03.0243 2504 Npfs - ok
    22:02:03.0290 2504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:02:03.0290 2504 nsi - ok
    22:02:03.0290 2504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:02:03.0290 2504 nsiproxy - ok
    22:02:03.0337 2504 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:02:03.0353 2504 Ntfs - ok
    22:02:03.0415 2504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:02:03.0415 2504 Null - ok
    22:02:03.0633 2504 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:02:03.0680 2504 nvlddmkm - ok
    22:02:03.0774 2504 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:02:03.0774 2504 nvraid - ok
    22:02:03.0805 2504 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:02:03.0805 2504 nvstor - ok
    22:02:03.0852 2504 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
    22:02:03.0852 2504 nvsvc - ok
    22:02:03.0945 2504 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    22:02:03.0961 2504 nvUpdatusService - ok
    22:02:04.0039 2504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:02:04.0039 2504 nv_agp - ok
    22:02:04.0055 2504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:02:04.0055 2504 ohci1394 - ok
    22:02:04.0086 2504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:02:04.0086 2504 p2pimsvc - ok
    22:02:04.0117 2504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:02:04.0117 2504 p2psvc - ok
    22:02:04.0164 2504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    22:02:04.0164 2504 Parport - ok
    22:02:04.0195 2504 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    22:02:04.0195 2504 partmgr - ok
    22:02:04.0211 2504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:02:04.0226 2504 PcaSvc - ok
    22:02:04.0273 2504 pcctlcom (5f22132c9153639762708909f156b33d) C:\Windows\system32\intelroam.dll
    22:02:04.0273 2504 pcctlcom ( Backdoor.Multi.ZAccess.gen ) - infected
    22:02:04.0273 2504 pcctlcom - detected Backdoor.Multi.ZAccess.gen (0)
    22:02:04.0335 2504 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:02:04.0335 2504 pci - ok
    22:02:04.0351 2504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:02:04.0351 2504 pciide - ok
    22:02:04.0382 2504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    22:02:04.0382 2504 pcmcia - ok
    22:02:04.0398 2504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:02:04.0398 2504 pcw - ok
    22:02:04.0429 2504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:02:04.0429 2504 PEAUTH - ok
    22:02:04.0491 2504 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    22:02:04.0507 2504 PeerDistSvc - ok
    22:02:04.0538 2504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:02:04.0538 2504 PerfHost - ok
    22:02:04.0585 2504 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    22:02:04.0601 2504 pla - ok
    22:02:04.0632 2504 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\SysWOW64\IoctlSvc.exe
    22:02:04.0632 2504 PLFlash DeviceIoControl Service - ok
    22:02:04.0694 2504 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    22:02:04.0694 2504 PlugPlay - ok
    22:02:04.0741 2504 PnkBstrA - ok
    22:02:04.0741 2504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:02:04.0741 2504 PNRPAutoReg - ok
    22:02:04.0757 2504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:02:04.0772 2504 PNRPsvc - ok
    22:02:04.0803 2504 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    22:02:04.0803 2504 PolicyAgent - ok
    22:02:04.0850 2504 Power (6ba9d927dded70bd1a9caded45f8b184)
     
  7. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    22:02:04.0913 2504 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:02:04.0913 2504 PptpMiniport - ok
    22:02:04.0944 2504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    22:02:04.0944 2504 Processor - ok
    22:02:04.0959 2504 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    22:02:04.0975 2504 ProfSvc - ok
    22:02:05.0006 2504 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:02:05.0006 2504 ProtectedStorage - ok
    22:02:05.0069 2504 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:02:05.0069 2504 Psched - ok
    22:02:05.0115 2504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    22:02:05.0131 2504 ql2300 - ok
    22:02:05.0162 2504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    22:02:05.0162 2504 ql40xx - ok
    22:02:05.0209 2504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:02:05.0209 2504 QWAVE - ok
    22:02:05.0240 2504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:02:05.0240 2504 QWAVEdrv - ok
    22:02:05.0240 2504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:02:05.0240 2504 RasAcd - ok
    22:02:05.0303 2504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:02:05.0303 2504 RasAgileVpn - ok
    22:02:05.0318 2504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:02:05.0318 2504 RasAuto - ok
    22:02:05.0349 2504 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:02:05.0349 2504 Rasl2tp - ok
    22:02:05.0381 2504 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    22:02:05.0381 2504 RasMan - ok
    22:02:05.0443 2504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:02:05.0443 2504 RasPppoe - ok
    22:02:05.0474 2504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:02:05.0474 2504 RasSstp - ok
    22:02:05.0505 2504 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:02:05.0505 2504 rdbss - ok
    22:02:05.0521 2504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    22:02:05.0521 2504 rdpbus - ok
    22:02:05.0537 2504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:02:05.0537 2504 RDPCDD - ok
    22:02:05.0583 2504 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    22:02:05.0583 2504 RDPDR - ok
    22:02:05.0630 2504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:02:05.0630 2504 RDPENCDD - ok
    22:02:05.0661 2504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:02:05.0661 2504 RDPREFMP - ok
    22:02:05.0739 2504 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    22:02:05.0739 2504 RdpVideoMiniport - ok
    22:02:05.0755 2504 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    22:02:05.0755 2504 RDPWD - ok
    22:02:05.0786 2504 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:02:05.0786 2504 rdyboost - ok
    22:02:05.0849 2504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:02:05.0849 2504 RemoteAccess - ok
    22:02:05.0880 2504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:02:05.0880 2504 RemoteRegistry - ok
    22:02:05.0942 2504 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
    22:02:05.0942 2504 RMCAST - ok
    22:02:05.0942 2504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:02:05.0942 2504 RpcEptMapper - ok
    22:02:05.0958 2504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:02:05.0973 2504 RpcLocator - ok
    22:02:05.0989 2504 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:02:06.0005 2504 RpcSs - ok
    22:02:06.0051 2504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:02:06.0051 2504 rspndr - ok
    22:02:06.0114 2504 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:02:06.0129 2504 RTL8167 - ok
    22:02:06.0161 2504 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    22:02:06.0161 2504 s3cap - ok
    22:02:06.0176 2504 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:02:06.0176 2504 SamSs - ok
    22:02:06.0207 2504 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:02:06.0207 2504 sbp2port - ok
    22:02:06.0223 2504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:02:06.0239 2504 SCardSvr - ok
    22:02:06.0270 2504 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:02:06.0270 2504 scfilter - ok
    22:02:06.0301 2504 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    22:02:06.0317 2504 Schedule - ok
    22:02:06.0348 2504 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:02:06.0363 2504 SCPolicySvc - ok
    22:02:06.0379 2504 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    22:02:06.0379 2504 SDRSVC - ok
    22:02:06.0426 2504 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:02:06.0426 2504 secdrv - ok
    22:02:06.0457 2504 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    22:02:06.0457 2504 seclogon - ok
    22:02:06.0473 2504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    22:02:06.0473 2504 SENS - ok
    22:02:06.0519 2504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:02:06.0519 2504 SensrSvc - ok
    22:02:06.0535 2504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    22:02:06.0535 2504 Serenum - ok
    22:02:06.0551 2504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    22:02:06.0551 2504 Serial - ok
    22:02:06.0582 2504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    22:02:06.0582 2504 sermouse - ok
    22:02:06.0613 2504 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    22:02:06.0613 2504 SessionEnv - ok
    22:02:06.0629 2504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:02:06.0629 2504 sffdisk - ok
    22:02:06.0675 2504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:02:06.0675 2504 sffp_mmc - ok
    22:02:06.0691 2504 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:02:06.0691 2504 sffp_sd - ok
    22:02:06.0707 2504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    22:02:06.0707 2504 sfloppy - ok
    22:02:06.0753 2504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:02:06.0769 2504 SharedAccess - ok
    22:02:06.0785 2504 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    22:02:06.0800 2504 ShellHWDetection - ok
    22:02:06.0831 2504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:02:06.0831 2504 SiSRaid2 - ok
    22:02:06.0863 2504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    22:02:06.0863 2504 SiSRaid4 - ok
    22:02:06.0941 2504 SKLService (e27438c0d47f3689b3e8d456a911738d) C:\Program Files (x86)\KAward\aklservice.exe
    22:02:06.0941 2504 SKLService - ok
    22:02:07.0003 2504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:02:07.0003 2504 Smb - ok
    22:02:07.0050 2504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:02:07.0050 2504 SNMPTRAP - ok
    22:02:07.0097 2504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:02:07.0097 2504 spldr - ok
    22:02:07.0128 2504 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    22:02:07.0128 2504 Spooler - ok
    22:02:07.0237 2504 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    22:02:07.0253 2504 sppsvc - ok
    22:02:07.0284 2504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:02:07.0284 2504 sppuinotify - ok
    22:02:07.0377 2504 SPService - ok
    22:02:07.0440 2504 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:02:07.0440 2504 srv - ok
    22:02:07.0455 2504 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:02:07.0455 2504 srv2 - ok
    22:02:07.0471 2504 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:02:07.0471 2504 srvnet - ok
    22:02:07.0518 2504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:02:07.0533 2504 SSDPSRV - ok
    22:02:07.0565 2504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:02:07.0565 2504 SstpSvc - ok
    22:02:07.0611 2504 Steam Client Service - ok
    22:02:07.0689 2504 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:02:07.0689 2504 Stereo Service - ok
    22:02:07.0752 2504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    22:02:07.0752 2504 stexstor - ok
    22:02:07.0799 2504 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    22:02:07.0799 2504 stisvc - ok
    22:02:07.0830 2504 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    22:02:07.0830 2504 storflt - ok
    22:02:07.0845 2504 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    22:02:07.0845 2504 storvsc - ok
    22:02:07.0861 2504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    22:02:07.0861 2504 swenum - ok
    22:02:07.0923 2504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:02:07.0923 2504 swprv - ok
    22:02:07.0970 2504 Synth3dVsc - ok
    22:02:08.0017 2504 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    22:02:08.0033 2504 SysMain - ok
    22:02:08.0095 2504 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    22:02:08.0095 2504 TabletInputService - ok
    22:02:08.0111 2504 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    22:02:08.0111 2504 TapiSrv - ok
    22:02:08.0126 2504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:02:08.0126 2504 TBS - ok
    22:02:08.0173 2504 tcoifh - ok
    22:02:08.0220 2504 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    22:02:08.0235 2504 Tcpip - ok
    22:02:08.0313 2504 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    22:02:08.0329 2504 TCPIP6 - ok
    22:02:08.0345 2504 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:02:08.0345 2504 tcpipreg - ok
    22:02:08.0376 2504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:02:08.0376 2504 TDPIPE - ok
    22:02:08.0407 2504 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    22:02:08.0407 2504 TDTCP - ok
    22:02:08.0438 2504 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:02:08.0438 2504 tdx - ok
    22:02:08.0454 2504 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    22:02:08.0454 2504 TermDD - ok
    22:02:08.0501 2504 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    22:02:08.0516 2504 TermService - ok
    22:02:08.0532 2504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:02:08.0532 2504 Themes - ok
    22:02:08.0547 2504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:02:08.0547 2504 THREADORDER - ok
    22:02:08.0563 2504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:02:08.0563 2504 TrkWks - ok
    22:02:08.0594 2504 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    22:02:08.0594 2504 TrustedInstaller - ok
    22:02:08.0641 2504 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:02:08.0641 2504 tssecsrv - ok
    22:02:08.0672 2504 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:02:08.0672 2504 TsUsbFlt - ok
    22:02:08.0672 2504 tsusbhub - ok
    22:02:08.0735 2504 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:02:08.0735 2504 tunnel - ok
    22:02:08.0766 2504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    22:02:08.0766 2504 uagp35 - ok
    22:02:08.0828 2504 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:02:08.0828 2504 udfs - ok
    22:02:08.0859 2504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:02:08.0859 2504 UI0Detect - ok
    22:02:08.0891 2504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:02:08.0891 2504 uliagpkx - ok
    22:02:08.0937 2504 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    22:02:08.0937 2504 umbus - ok
    22:02:09.0000 2504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    22:02:09.0000 2504 UmPass - ok
    22:02:09.0031 2504 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
    22:02:09.0031 2504 UmRdpService - ok
    22:02:09.0062 2504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:02:09.0062 2504 upnphost - ok
    22:02:09.0156 2504 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    22:02:09.0156 2504 usbaudio - ok
    22:02:09.0187 2504 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:02:09.0187 2504 usbccgp - ok
    22:02:09.0218 2504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:02:09.0218 2504 usbcir - ok
    22:02:09.0234 2504 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:02:09.0234 2504 usbehci - ok
    22:02:09.0312 2504 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:02:09.0312 2504 usbhub - ok
    22:02:09.0327 2504 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    22:02:09.0327 2504 usbohci - ok
    22:02:09.0343 2504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    22:02:09.0359 2504 usbprint - ok
    22:02:09.0374 2504 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:02:09.0374 2504 USBSTOR - ok
    22:02:09.0405 2504 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:02:09.0405 2504 usbuhci - ok
    22:02:09.0452 2504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:02:09.0452 2504 UxSms - ok
    22:02:09.0468 2504 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:02:09.0468 2504 VaultSvc - ok
    22:02:09.0515 2504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:02:09.0515 2504 vdrvroot - ok
    22:02:09.0546 2504 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    22:02:09.0546 2504 vds - ok
    22:02:09.0624 2504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:02:09.0624 2504 vga - ok
    22:02:09.0639 2504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:02:09.0639 2504 VgaSave - ok
    22:02:09.0686 2504 VGPU - ok
    22:02:09.0717 2504 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:02:09.0717 2504 vhdmp - ok
    22:02:09.0733 2504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:02:09.0733 2504 viaide - ok
    22:02:09.0795 2504 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    22:02:09.0795 2504 vmbus - ok
    22:02:09.0827 2504 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    22:02:09.0827 2504 VMBusHID - ok
    22:02:09.0858 2504 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:02:09.0858 2504 volmgr - ok
    22:02:09.0889 2504 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:02:09.0889 2504 volmgrx - ok
    22:02:09.0936 2504 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:02:09.0951 2504 volsnap - ok
    22:02:09.0967 2504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    22:02:09.0967 2504 vsmraid - ok
    22:02:10.0014 2504 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    22:02:10.0014 2504 VSS - ok
    22:02:10.0061 2504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    22:02:10.0061 2504 vwifibus - ok
    22:02:10.0092 2504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:02:10.0107 2504 W32Time - ok
    22:02:10.0123 2504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    22:02:10.0123 2504 WacomPen - ok
    22:02:10.0170 2504 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:02:10.0170 2504 WANARP - ok
    22:02:10.0170 2504 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:02:10.0170 2504 Wanarpv6 - ok
    22:02:10.0279 2504 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:02:10.0279 2504 WatAdminSvc - ok
    22:02:10.0326 2504 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    22:02:10.0326 2504 wbengine - ok
    22:02:10.0373 2504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    22:02:10.0388 2504 WbioSrvc - ok
    22:02:10.0419 2504 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    22:02:10.0419 2504 wcncsvc - ok
    22:02:10.0435 2504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    22:02:10.0435 2504 WcsPlugInService - ok
    22:02:10.0451 2504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    22:02:10.0451 2504 Wd - ok
    22:02:10.0482 2504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:02:10.0482 2504 Wdf01000 - ok
    22:02:10.0544 2504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:02:10.0544 2504 WdiServiceHost - ok
    22:02:10.0544 2504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:02:10.0544 2504 WdiSystemHost - ok
    22:02:10.0575 2504 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    22:02:10.0591 2504 WebClient - ok
    22:02:10.0607 2504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    22:02:10.0607 2504 Wecsvc - ok
    22:02:10.0622 2504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    22:02:10.0622 2504 wercplsupport - ok
    22:02:10.0700 2504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    22:02:10.0700 2504 WerSvc - ok
    22:02:10.0731 2504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:02:10.0731 2504 WfpLwf - ok
    22:02:10.0747 2504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:02:10.0747 2504 WIMMount - ok
    22:02:10.0747 2504 WinHttpAutoProxySvc - ok
    22:02:10.0794 2504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    22:02:10.0794 2504 Winmgmt - ok
    22:02:10.0872 2504 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    22:02:10.0887 2504 WinRM - ok
    22:02:10.0950 2504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    22:02:10.0965 2504 Wlansvc - ok
    22:02:11.0012 2504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    22:02:11.0012 2504 WmiAcpi - ok
    22:02:11.0059 2504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    22:02:11.0059 2504 wmiApSrv - ok
    22:02:11.0090 2504 WMPNetworkSvc - ok
    22:02:11.0106 2504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    22:02:11.0106 2504 WPCSvc - ok
    22:02:11.0153 2504 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    22:02:11.0153 2504 WPDBusEnum - ok
    22:02:11.0199 2504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:02:11.0199 2504 ws2ifsl - ok
    22:02:11.0215 2504 WSearch - ok
    22:02:11.0246 2504 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    22:02:11.0277 2504 wuauserv - ok
    22:02:11.0293 2504 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:02:11.0293 2504 WudfPf - ok
    22:02:11.0371 2504 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:02:11.0371 2504 WUDFRd - ok
    22:02:11.0402 2504 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    22:02:11.0402 2504 wudfsvc - ok
    22:02:11.0433 2504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    22:02:11.0433 2504 WwanSvc - ok
    22:02:11.0449 2504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    22:02:11.0449 2504 \Device\Harddisk1\DR1 - ok
    22:02:11.0465 2504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:02:11.0511 2504 \Device\Harddisk0\DR0 - ok
    22:02:11.0511 2504 Boot (0x1200) (00f89304c42b1a9423912bb00b5bdff9) \Device\Harddisk0\DR0\Partition0
    22:02:11.0511 2504 \Device\Harddisk0\DR0\Partition0 - ok
    22:02:11.0511 2504 ============================================================
    22:02:11.0511 2504 Scan finished
    22:02:11.0511 2504 ============================================================
    22:02:11.0511 2692 Detected object count: 1
    22:02:11.0511 2692 Actual detected object count: 1
    22:02:38.0577 2692 C:\Windows\system32\intelroam.dll - copied to quarantine
    22:02:38.0577 2692 HKLM\SYSTEM\ControlSet001\services\pcctlcom - will be deleted on reboot
    22:02:38.0609 2692 HKLM\SYSTEM\ControlSet002\services\pcctlcom - will be deleted on reboot
    22:02:38.0733 2692 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
    22:02:38.0780 2692 C:\Windows\system32\intelroam.dll - will be deleted on reboot
    22:02:38.0780 2692 pcctlcom ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are runing both ZoneAlarm adn Comodo Security. You should have 1 AV, 1FW and 2 or more antimalware programs Please decide which you want and uninstall the other:
    Reboot whe finisged.
    ==================================
    Please run only the scan we instruct you to do.
    ================================================
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.
    =========================================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.launched in a new Window
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
    ========================================
    Please leave the 2 logs in your next reply.
     
  9. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    ok will proceed, however zonealarm was uninstalled already, its not in add/remove programs or nowhere else i can find
     
  10. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ....

    ComboFix 12-04-01.03 - nibbz 04/03/2012 0:27.4.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4569 [GMT -4:00]
    Running from: c:\users\nibbz\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-03 04:30 . 2012-04-03 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-03 02:52 . 2012-04-03 02:52 -------- d-----w- c:\program files (x86)\ESET
    2012-04-03 02:02 . 2012-04-03 02:02 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-03 01:05 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 00:45 . 2012-04-02 00:45 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 00:45 . 2012-04-03 01:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-01 23:31 . 2012-04-01 23:31 -------- d-----w- C:\2nd Story Software
    2012-03-30 23:49 . 2012-04-02 05:29 -------- d-----w- c:\program files (x86)\mIRC
    2012-03-30 04:39 . 2012-03-30 04:39 -------- d-----w- c:\program files (x86)\Prolific
    2012-03-29 23:05 . 2012-04-02 20:53 -------- d-----w- c:\program files (x86)\7-Zip
    2012-03-29 22:56 . 2012-04-02 02:07 -------- d-----w- c:\windows\system32\appmgmt
    2012-03-27 00:38 . 2012-03-27 00:38 -------- d-----w- c:\program files (x86)\ffdshow
    2012-03-27 00:37 . 2012-03-27 00:38 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2012-03-27 00:37 . 2010-07-15 15:30 290816 ----a-w- c:\windows\SysWow64\stFLVSource.ax
    2012-03-27 00:37 . 2012-03-27 00:37 -------- d-----w- c:\program files (x86)\Sothink Movie DVD Maker
    2012-03-27 00:37 . 2012-03-27 00:37 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
    2012-03-27 00:37 . 2009-08-17 13:54 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
    2012-03-27 00:37 . 2009-08-17 13:54 438272 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
    2012-03-27 00:37 . 2009-08-17 13:54 217088 ----a-w- c:\windows\SysWow64\CoreFLACDecoder.ax
    2012-03-27 00:37 . 2009-03-17 21:38 70656 ----a-w- c:\windows\SysWow64\RLAPEDec.ax
    2012-03-26 22:10 . 2012-04-02 01:33 -------- d-----w- c:\programdata\Logitech
    2012-03-26 22:09 . 2012-03-26 22:09 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
    2012-03-26 22:09 . 2012-03-26 22:09 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-03-26 22:08 . 2012-03-26 22:10 -------- d-----w- c:\programdata\Logishrd
    2012-03-26 22:08 . 2012-04-02 21:06 -------- d-----w- c:\program files\Logitech
    2012-03-26 22:08 . 2012-04-02 21:06 -------- d-----w- c:\program files\Common Files\LogiShrd
    2012-03-25 04:05 . 2012-03-25 04:05 -------- d-----w- c:\programdata\HideIPEasy
    2012-03-25 04:04 . 2012-03-25 04:05 -------- d-----w- c:\program files (x86)\HideIPEasy
    2012-03-25 02:19 . 2012-03-25 02:19 -------- d-----w- c:\program files (x86)\BitTorrent
    2012-03-25 01:55 . 2011-07-01 09:05 307616 ----a-w- c:\windows\SysWow64\AVLib.dll
    2012-03-25 01:55 . 2012-03-25 04:31 -------- d-----w- c:\program files (x86)\Hide The IP
    2012-03-24 23:19 . 2012-03-24 23:19 -------- d-----w- C:\MyAudio
    2012-03-24 23:17 . 2007-05-13 16:24 86683 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
    2012-03-24 23:17 . 2012-03-24 23:17 -------- d-----w- c:\program files (x86)\AoA Audio Extractor
    2012-03-21 23:32 . 2012-03-28 15:09 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-18 17:55 . 2012-03-18 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-03-17 17:57 . 2012-04-02 21:06 -------- d-----w- c:\programdata\Nero
    2012-03-17 17:57 . 2012-04-02 21:06 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-03-17 17:57 . 2012-04-02 21:04 -------- d-----w- c:\program files (x86)\Nero
    2012-03-17 17:29 . 2012-03-17 17:29 -------- d-----w- c:\programdata\Ahead
    2012-03-17 16:59 . 2012-03-17 17:05 -------- d-----w- c:\program files (x86)\4Videosoft Studio
    2012-03-17 04:44 . 2012-03-17 04:44 -------- d-----w- c:\program files (x86)\AC3Filter
    2012-03-17 03:41 . 2012-03-17 03:44 -------- d-----w- c:\windows\SysWow64\C2MP
    2012-03-14 01:54 . 2012-04-02 21:06 -------- d-----w- c:\program files (x86)\KAward
    2012-03-14 00:29 . 2012-04-03 02:34 -------- d-----w- c:\programdata\k2logs
    2012-03-14 00:28 . 2009-05-13 23:35 50688 ----a-w- c:\windows\SysWow64\wbhelp2.dll
    2012-03-14 00:28 . 2009-05-13 23:35 258352 ----a-w- c:\windows\SysWow64\unicows.dll
    2012-03-14 00:28 . 2009-05-13 23:35 544833 ----a-w- c:\windows\SysWow64\wbocx.ocx
    2012-03-14 00:28 . 2009-05-13 23:35 28160 ----a-w- c:\windows\SysWow64\anim.dll
    2012-03-13 22:55 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-13 22:55 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-13 22:55 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-13 21:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 21:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 21:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 21:21 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 21:21 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-13 21:21 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 21:21 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-03-13 21:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 21:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 21:21 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 21:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 01:23 . 2012-03-13 01:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-03-11 04:39 . 2012-03-11 04:39 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2012-03-11 04:39 . 2012-03-11 04:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-03-11 04:39 . 2012-03-11 04:39 -------- d-----w- c:\program files (x86)\Real
    2012-03-09 01:10 . 2012-04-02 20:18 -------- d-----w- c:\users\Guest
    2012-03-08 02:14 . 2012-03-17 17:59 -------- d-----w- c:\programdata\Yahoo!
    2012-03-08 02:14 . 2012-03-17 17:59 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-03-08 02:06 . 2012-03-08 02:06 -------- d-----w- c:\program files (x86)\Common Files\Spigot
    2012-03-07 03:40 . 2012-03-07 03:40 -------- d-----w- c:\windows\system32\SPReview
    2012-03-07 02:20 . 2012-03-28 15:09 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-03-07 02:20 . 2012-03-28 15:09 -------- d-----w- c:\program files (x86)\Steam
    2012-03-06 04:52 . 2012-03-06 04:52 -------- d-----w- c:\windows\system32\EventProviders
    2012-03-06 04:50 . 2010-11-20 13:27 695808 ----a-w- c:\windows\system32\wuapi.dll
    2012-03-06 04:49 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-03-06 04:49 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-03-06 04:49 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-03-06 04:25 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2012-03-06 04:25 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-06 04:25 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-06 01:19 . 2012-03-06 01:19 -------- d-----w- C:\VritualRoot
    2012-03-05 03:16 . 2012-04-02 21:07 -------- d-----w- c:\users\UpdatusUser
    2012-03-05 03:14 . 2012-03-05 03:14 -------- d-----w- C:\NVIDIA
    2012-03-04 22:33 . 2012-03-04 22:33 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2012-03-04 22:00 . 2012-03-11 04:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-04 22:00 . 2012-03-04 22:00 -------- d-----w- c:\windows\SysWow64\Macromed
    2012-03-04 22:00 . 2012-03-04 22:00 -------- d-----w- c:\windows\system32\Macromed
    2012-03-04 21:55 . 2012-03-04 21:55 -------- d-----w- c:\windows\SysWow64\Wat
    2012-03-04 21:55 . 2012-03-04 21:55 -------- d-----w- c:\windows\system32\Wat
    2012-03-04 21:26 . 2012-03-05 03:16 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-03-04 21:26 . 2012-04-03 04:17 -------- d-----w- c:\programdata\NVIDIA
    2012-03-04 21:26 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
    2012-03-04 21:26 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-03-04 21:26 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-03-04 21:26 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-03-04 21:26 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-03-04 21:26 . 2011-05-21 11:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
    2012-03-04 21:25 . 2012-03-04 21:25 -------- d-----w- c:\programdata\NVIDIA Corporation
    2012-03-04 21:25 . 2012-03-05 03:16 -------- d-----w- c:\program files\NVIDIA Corporation
    2012-03-04 18:20 . 2012-04-02 21:06 -------- d-----w- c:\programdata\Comodo
    2012-03-04 18:20 . 2012-04-02 17:21 -------- d-sh--w- c:\windows\Installer
    2012-03-04 18:20 . 2012-03-04 18:20 -------- d-----w- c:\program files\COMODO
    2012-03-04 18:19 . 2012-03-04 18:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-03-04 18:19 . 2012-03-04 18:19 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-03-04 18:19 . 2012-03-04 18:19 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2012-03-04 18:19 . 2012-03-04 18:19 -------- d-----w- c:\program files (x86)\Comodo
    2012-03-04 17:54 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2012-03-04 17:53 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2012-03-04 17:47 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-03-04 17:47 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-03-04 08:41 . 2012-03-07 03:50 -------- d-----w- C:\Boot
    2012-03-04 06:37 . 2012-03-04 06:37 -------- d-----w- c:\windows\SysWow64\RTCOM
    2012-03-04 06:37 . 2012-03-04 06:37 -------- d-----w- c:\program files\Realtek
    2012-03-04 06:37 . 2009-05-23 07:04 1762080 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2012-03-04 06:37 . 2009-05-23 05:21 611360 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2012-03-04 06:37 . 2009-05-23 05:21 1277984 ----a-w- c:\windows\system32\RtPgEx64.dll
    2012-03-04 06:37 . 2009-05-23 05:21 332320 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2012-03-04 06:37 . 2009-05-23 05:21 149536 ----a-w- c:\windows\system32\RtkCfg64.dll
    2012-03-04 06:37 . 2008-04-30 13:48 193536 ----a-w- c:\windows\system32\SRSHP64.dll
    2012-03-04 06:37 . 2007-07-25 14:34 150528 ----a-w- c:\windows\system32\SRSWOW64.dll
    2012-03-04 06:37 . 2007-05-17 16:26 211376 ----a-w- c:\windows\system32\SRSTSH64.dll
    2012-03-04 06:36 . 2009-04-16 22:23 540672 ----a-w- c:\windows\RtlExUpd.dll
    2012-03-04 06:36 . 2012-03-04 06:36 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-11 21:13 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-03-11 21:13 . 2012-01-18 02:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-03-11 21:13 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-03-11 21:13 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-03-11 21:13 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-03-11 21:13 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
    2012-03-07 03:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-03-07 03:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-02-28 00:43 . 2012-02-28 00:43 4207616 ----a-w- c:\windows\system32\ffdshow.ax
    2012-02-28 00:43 . 2012-02-28 00:43 3350528 ----a-w- c:\windows\SysWow64\ffdshow.ax
    2012-02-28 00:41 . 2012-02-28 00:41 4492800 ----a-w- c:\windows\system32\ffmpeg.dll
    2012-02-28 00:39 . 2012-02-28 00:39 4414976 ----a-w- c:\windows\SysWow64\ffmpeg.dll
    2012-02-26 16:52 . 2012-02-26 16:52 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2012-02-26 16:52 . 2012-02-26 16:52 92160 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-02-26 16:52 . 2012-02-26 16:52 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
    2012-02-26 16:52 . 2012-02-26 16:52 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2012-02-26 16:51 . 2012-02-26 16:51 156672 ----a-w- c:\windows\system32\ff_libmad.dll
    2012-02-26 16:51 . 2012-02-26 16:51 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
    2012-02-26 16:51 . 2012-02-26 16:51 183808 ----a-w- c:\windows\system32\ff_unrar.dll
    2012-02-26 16:51 . 2012-02-26 16:51 222720 ----a-w- c:\windows\system32\ff_libdts.dll
    2012-02-26 16:51 . 2012-02-26 16:51 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
    2012-02-26 16:51 . 2012-02-26 16:51 116224 ----a-w- c:\windows\system32\ff_liba52.dll
    2012-02-26 16:51 . 2012-02-26 16:51 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
    2012-02-26 16:46 . 2012-02-26 16:46 260608 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
    2012-02-26 16:46 . 2012-02-26 16:46 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
    2012-02-26 16:46 . 2012-02-26 16:46 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
    2012-02-26 16:45 . 2012-02-26 16:45 1525248 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
    2012-02-26 16:45 . 2012-02-26 16:45 146944 ----a-w- c:\windows\SysWow64\ff_libmad.dll
    2012-02-26 16:45 . 2012-02-26 16:45 212480 ----a-w- c:\windows\SysWow64\ff_libdts.dll
    2012-02-26 16:45 . 2012-02-26 16:45 115200 ----a-w- c:\windows\SysWow64\ff_liba52.dll
    2012-02-26 16:45 . 2012-02-26 16:45 328704 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
    2012-02-26 16:45 . 2012-02-26 16:45 137728 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
    2012-02-24 14:53 . 2012-02-24 14:53 553984 ----a-w- c:\windows\system32\LAVSplitter.ax
    2012-02-24 14:53 . 2012-02-24 14:53 733184 ----a-w- c:\windows\system32\LAVVideo.ax
    2012-02-24 14:53 . 2012-02-24 14:53 246272 ----a-w- c:\windows\system32\LAVAudio.ax
    2012-02-24 14:53 . 2012-02-24 14:53 202240 ----a-w- c:\windows\system32\libbluray.dll
    2012-02-24 14:53 . 2012-02-24 14:53 6622418 ----a-w- c:\windows\system32\avcodec-lav-54.dll
    2012-02-24 14:53 . 2012-02-24 14:53 393392 ----a-w- c:\windows\system32\swscale-lav-2.dll
    2012-02-24 14:53 . 2012-02-24 14:53 214235 ----a-w- c:\windows\system32\avutil-lav-51.dll
    2012-02-24 14:53 . 2012-02-24 14:53 130825 ----a-w- c:\windows\system32\avfilter-lav-2.dll
    2012-02-24 14:53 . 2012-02-24 14:53 1013645 ----a-w- c:\windows\system32\avformat-lav-54.dll
    2012-02-24 14:51 . 2012-02-24 14:51 461824 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
    2012-02-24 14:51 . 2012-02-24 14:51 575488 ----a-w- c:\windows\SysWow64\LAVVideo.ax
    2012-02-24 14:51 . 2012-02-24 14:51 215040 ----a-w- c:\windows\SysWow64\LAVAudio.ax
    2012-02-24 14:51 . 2012-02-24 14:51 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
    2012-02-24 14:51 . 2012-02-24 14:51 6426793 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll
    2012-02-24 14:51 . 2012-02-24 14:51 369109 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
    2012-02-24 14:51 . 2012-02-24 14:51 208659 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
    2012-02-24 14:51 . 2012-02-24 14:51 142647 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
    2012-02-24 14:51 . 2012-02-24 14:51 1136653 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll
    2012-02-20 19:41 . 2012-02-20 19:41 181248 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
    2012-02-20 19:41 . 2012-02-20 19:41 147968 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
    2012-02-15 12:09 . 2012-02-15 12:09 1576448 ----a-w- c:\windows\system32\VSFilter.dll
    2012-02-15 12:08 . 2012-02-15 12:08 1288192 ----a-w- c:\windows\SysWow64\VSFilter.dll
    2012-02-10 04:13 . 2011-05-21 11:01 2660160 ----a-w- c:\windows\system32\nvapi64.dll
    2012-02-10 04:13 . 2009-07-13 21:59 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-02-10 01:05 . 2012-02-10 01:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-01-30 22:30 . 2012-01-30 22:30 424960 ----a-w- c:\windows\system32\cdxareader.ax
    2012-01-30 22:30 . 2012-01-30 22:30 500224 ----a-w- c:\windows\system32\FLVSplitter.ax
    2012-01-30 22:29 . 2012-01-30 22:29 381440 ----a-w- c:\windows\SysWow64\cdxareader.ax
    2012-01-30 22:29 . 2012-01-30 22:29 445440 ----a-w- c:\windows\SysWow64\FLVSplitter.ax
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E11DB59D-5008-42ff-9069-535843BC0BE1}]
    2012-02-08 19:11 367384 ----a-w- c:\program files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-11 296056]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R0 tcoifh;tcoifh; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
    R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SKLService;Run software as Windows service;c:\program files (x86)\KAward\aklservice.exe [2011-02-11 90112]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E11DB59D-5008-42ff-9069-535843BC0BE1}]
    2012-02-08 19:11 435992 ----a-w- c:\program files\Logitech\FlowScroll\LogiSmooth.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    npkcmsvc
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{82ED97FB-E948-4901-9DB0-724C42A3D609}: NameServer = 8.26.56.26,156.154.70.22
    FF - ProfilePath - c:\users\nibbz\AppData\Roaming\Mozilla\Firefox\Profiles\blsi3ew7.default\
    FF - prefs.js: network.proxy.gopher -
    FF - prefs.js: network.proxy.gopher_port - 0
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-HaaliMkx - c:\windows\system32\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-04-03 00:31:43
    ComboFix-quarantined-files.txt 2012-04-03 04:31
    .
    Pre-Run: 948,093,120,512 bytes free
    Post-Run: 948,045,041,664 bytes free
    .
    - - End Of File - - 2C6F10A4E5487B080AD9ED2DFC28B3EC
     
  11. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ....

    ESET online scanner found 0 threats 0cleaned files....

    off to bed now il check back tomorrow....Thanks so much for ur help,
    i appereciate it a lot!
     
  12. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    maybe its clean now? anyone?
     
  13. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    gueess i have to reformat everything and reinstall....2nd time in a month, combofix keeps detecting this even after it deletes it c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I guess you missed this:
    How about giving me some background on this problem-a description of what is happening on the system, how long you've had the problem. And since you mention this is the "second time", if you're doing hit and misses with any instructions for others, chances are 1. you didn't get rid of it the first time-and/or 2. your security needs to be improved.

    I don't know what 'logs' you followed because the TDSSKiller is only run when instructed.And you also didn't read the sticky "Don't follow instructions given to others."[/b]

    One of the file deleted on reboot in TDSSKiller was:
    intelroam.dll O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation .

    Another- showing the ZeroAccess was:
    pcctlcom: it shows a Service, not an executable, but I find that a module with that name
    PcCtlCom , is related to Trend Micro PC-cillin Internet Security..
    -----------------------------------------------
    Things that don't make sense- particularly from a security point of view:
    1. You're running Hide IP Easy enables you to hide your real IP with a fake one, surf anonymously, prevent hackers from monitoring your activity, and provide full encryption of .........
    2. You're also running Hide The IP- all download site show caution in WOT.
    3. You are currently running this: uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    My Site Advisor (WOT) warns that this site has a poor reputation and will not even allow it to load unless I bypass the warning- which I don't.
    4. Then you are running Bit Torrent to share files and all the malware that comes with them!!!
    5. The system is full of (TrojanProxy.Agent)>
    Technical Details
    This Trojan launches a proxy server on the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file.
    Payload
    The Trojan launches an HTTP proxy server on TCP port 3380 and a SOCKS proxy server on TCP port 3382.
    It then sends the version of the operating system, the IP address of the victim machine, and the numbers of open ports to the remote malicious user's site.

    The DLL file dropped by the Trojan masks the presence of files on the hard disk and registry keys which contain the substring "sr64" in their names.
    ====================================
    There's more and I'll work with you. But only if you share what happened, what you've done and what symptoms you have now other than seeing the words in TDSSKiller.

    Edit: By the way, there are 9 processes running for ZoneAlarm.
     
  15. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    TDSSkiller i ran before i came acroos these forums, also commodo tech guys supossedly cured my infection befoe i came here too, they sais i was virus free
    my pc was like geting redirected when i searched or clicked on a link, after running a scan with commodo is when i detected a problem, after commodo techs got thru with my pc i couldnt even reboot, startup repair nothing worked, so i was forced to restore which was appently infected as well, i tried zonealarm but uninstalled it,
    shortly after formatting hdd and reinstalling everything, bittorrent was bad idea i know, but was uninstalled, all that was left was bittrrent.exe, its gone now, also uninstalled nero but when doing the syatem restore it put a lot of stuff back that i cant get rid of, i do have award keylogger installed for monitoring what my kid does
    on here. i use hide ipeasy but the other hideip you refer too i uninstalled way back,
    hence the system restore i had to do to get back in windows,

    my pc is doing fine now it seems, as a last ditch effort i disabled commodo, firewall,
    MBAM, and unplugged pc from modem and ran Kaspersky virus removal tool,
    it removed the 1 threat w32 backdoor zacces , i rebooted and ran the scan a second time and thankfully it wasnt there,

    pc cillin ive never had on here at all, nor do i know why ZA has 9 procesesses running wow 9? can we start over maybe? and see if im clean now?
    i will do whatever you ask too a tee,
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As you can see in the Combofix log, the 2 entries you were concerned about were both deleted.

    The following is based on the information I see in your original logs.Perhaps I wasn't clear: you should not be running other scans and/or deleting entries unless I instruct you to do so. Every time you do that. it changes the information on the logs I have to work with.
    ====================================
    Your first logs here is dated> mbam-log-2012-04-02 (21-06-35).txt
    Before starting here, you had gone a round with the Comodo tech. In spite of having continued rootkit problems, you still added new program from 3/14 through 4/1.
    Please do not download, install, run or remove anything else while I'm helping you unless I instruct you to do so.
    I did not ask you to run Kaspersky.
    =======================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files\CheckPoint\ZAForceField\AK\icsak.sys
    C:\Program Files (x86)\Hide The IP
    c:\windows\system32\drivers\Diskdump.sys
    Folder::
    C:\Program Files (x86)\BitTorrent
    c:\users\Default\AppData\Local\temp
    C:\TDSSKiller_Quarantine
    c:\users\Guest
    DDS::
    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
    BHO: Logitech Flow Scroll: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
    BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
    BHO-X64: ZoneAlarm Toolbar Registrar - No File
    BHO-X64: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.d ll
    C:\Program Files\CheckPoint
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    
    Clearjavacache::
    
    Driver::
    icsak
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    To properly uninstall a program:
    1. If program has it's own uninstaller, use that- this is first choice.
    2. If program does not have an uninstaller, you use Add/Remove Programs
    3. If program does not have an uninstaller or does not appear in Add/Remove, a program such as the Windows Installer Cleanup Utility can be used:

    For any program that you uninstall, you must use Windows Explorer to access Computer> Local Drive(C)> Programs> Find the folder for the program and do a right click> Delete.

    You are referring "uninstalled way back" But this was ony recently installed:
    2012-03-25 01:55:21 -------- d-----w- C:\Program Files (x86)\Hide The IP
    ======================
    What you don't know and should know about virus scanners:
    1. If a virus scanner 'removes' an entry in the Qoobox, the entry has already been removed and is not longer active in the system. The Qoobox is where Combofix sends the quarantined files.

    2. If a virus scanner 'removes' an entry in the System Volume, the entry has already been removed and is not longer active in the system. The System Volume is where the restore points are held. This will not infect the machine again unless you do System Restore and choose that restore point. All old restore points are removed at the end of cleaning and a new, clean restore point is set.

    3. A virus scanner does not read "locations" such as above and isn't 'removing anything.

    Bottom line: If you ran Combofix and it quarantined files, then ran Eset or Kaspersky as you did, it will show the entry in the Qoobox and the scan won't be removing anything.

    Do you understand?
     
  17. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ....

    ComboFix 12-04-05.08 - nibbz 04/05/2012 19:35:33.9.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4492 [GMT -4:00]
    Running from: c:\users\nibbz\Desktop\ComboFix.exe
    Command switches used :: c:\users\nibbz\Desktop\CFScript.txt.txt
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\Hide The IP"
    "c:\program files\CheckPoint\ZAForceField\AK\icsak.sys"
    "c:\windows\system32\drivers\Diskdump.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
    c:\users\Default\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_ICSAK
    -------\Service_icsak
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 23:38 . 2012-04-05 23:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-05 02:23 . 2012-04-05 02:23 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-04-05 02:23 . 2012-04-05 02:23 660368 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-05 02:23 . 2012-04-05 02:23 -------- d-----w- c:\program files\Java
    2012-04-05 02:20 . 2012-04-05 05:24 460888 ----a-w- c:\windows\system32\drivers\20994939.sys
    2012-04-05 01:09 . 2012-04-05 01:09 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-04-03 02:52 . 2012-04-03 02:52 -------- d-----w- c:\program files (x86)\ESET
    2012-04-03 01:06 . 2012-04-03 01:06 -------- d-----w- c:\users\nibbz\AppData\Roaming\Malwarebytes
    2012-04-03 01:05 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 00:45 . 2012-04-02 00:45 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 00:45 . 2012-04-03 01:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-30 23:49 . 2012-04-02 05:29 -------- d-----w- c:\program files (x86)\mIRC
    2012-03-30 23:49 . 2012-04-02 05:29 -------- d-----w- c:\users\nibbz\AppData\Roaming\mIRC
    2012-03-30 04:39 . 2012-03-30 04:39 -------- d-----w- c:\program files (x86)\Prolific
    2012-03-30 00:49 . 2012-04-02 20:38 -------- d-----r- c:\users\nibbz\Virtual Machines
    2012-03-29 23:05 . 2012-04-02 20:53 -------- d-----w- c:\program files (x86)\7-Zip
    2012-03-29 22:56 . 2012-04-02 02:07 -------- d-----w- c:\windows\system32\appmgmt
    2012-03-27 00:38 . 2012-03-27 00:38 -------- d-----w- c:\program files (x86)\ffdshow
    2012-03-27 00:37 . 2012-03-27 00:38 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2012-03-27 00:37 . 2010-07-15 15:30 290816 ----a-w- c:\windows\SysWow64\stFLVSource.ax
    2012-03-27 00:37 . 2012-03-27 00:37 -------- d-----w- c:\program files (x86)\Sothink Movie DVD Maker
    2012-03-27 00:37 . 2012-03-27 00:37 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
    2012-03-27 00:37 . 2009-08-17 13:54 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
    2012-03-27 00:37 . 2009-08-17 13:54 438272 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
    2012-03-27 00:37 . 2009-08-17 13:54 217088 ----a-w- c:\windows\SysWow64\CoreFLACDecoder.ax
    2012-03-27 00:37 . 2009-03-17 21:38 70656 ----a-w- c:\windows\SysWow64\RLAPEDec.ax
    2012-03-26 22:10 . 2012-04-02 01:33 -------- d-----w- c:\programdata\Logitech
    2012-03-26 22:09 . 2012-03-26 22:09 -------- d-----w- c:\users\nibbz\AppData\Local\LogiShrd
    2012-03-26 22:09 . 2012-03-26 22:09 53248 ----a-r- c:\users\nibbz\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-03-26 22:09 . 2012-03-26 22:09 -------- d-----w- c:\users\nibbz\AppData\Roaming\Leadertech
    2012-03-26 22:09 . 2012-03-26 22:09 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
    2012-03-26 22:09 . 2012-03-26 22:09 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-03-26 22:08 . 2012-03-26 22:10 -------- d-----w- c:\programdata\Logishrd
    2012-03-26 22:08 . 2012-04-02 21:06 -------- d-----w- c:\program files\Logitech
    2012-03-26 22:08 . 2012-04-02 21:06 -------- d-----w- c:\program files\Common Files\LogiShrd
    2012-03-26 22:08 . 2012-03-26 22:10 -------- d-----w- c:\users\nibbz\AppData\Roaming\Logishrd
    2012-03-26 22:08 . 2012-03-26 22:09 -------- d-----w- c:\users\nibbz\AppData\Roaming\Logitech
    2012-03-25 04:05 . 2012-03-25 04:05 -------- d-----w- c:\users\nibbz\AppData\Roaming\HideIPEasy
    2012-03-25 04:05 . 2012-03-25 04:05 -------- d-----w- c:\programdata\HideIPEasy
    2012-03-25 04:04 . 2012-03-25 04:05 -------- d-----w- c:\program files (x86)\HideIPEasy
    2012-03-25 02:03 . 2012-03-25 02:03 -------- d-----w- c:\users\nibbz\AppData\Roaming\AVSoftware
    2012-03-25 01:55 . 2011-07-01 09:05 307616 ----a-w- c:\windows\SysWow64\AVLib.dll
    2012-03-25 01:54 . 2012-03-25 01:54 -------- d-----w- c:\users\nibbz\AppData\Local\PackageAware
    2012-03-24 23:19 . 2012-03-24 23:19 -------- d-----w- C:\MyAudio
    2012-03-24 23:17 . 2007-05-13 16:24 86683 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
    2012-03-24 23:17 . 2012-03-24 23:17 -------- d-----w- c:\program files (x86)\AoA Audio Extractor
    2012-03-21 23:32 . 2012-03-28 15:09 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-21 23:31 . 2012-03-21 23:31 -------- d-----w- c:\users\nibbz\AppData\Local\PunkBuster
    2012-03-21 02:50 . 2012-03-21 02:50 -------- d-----w- c:\users\nibbz\AppData\Roaming\ts3overlay
    2012-03-21 02:49 . 2012-03-21 03:23 -------- d-----w- c:\users\nibbz\AppData\Roaming\TS3Client
    2012-03-21 02:48 . 2012-03-21 02:48 -------- d-----w- c:\users\nibbz\AppData\Local\TeamSpeak 3 Client
    2012-03-18 17:55 . 2012-03-18 17:55 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2012-03-17 17:57 . 2012-04-02 21:06 -------- d-----w- c:\programdata\Nero
    2012-03-17 17:57 . 2012-04-02 21:06 -------- d-----w- c:\program files (x86)\Common Files\Ahead
    2012-03-17 17:57 . 2012-04-02 21:04 -------- d-----w- c:\program files (x86)\Nero
    2012-03-17 17:31 . 2012-03-17 17:32 -------- d-----w- c:\users\nibbz\AppData\Local\Ahead
    2012-03-17 17:29 . 2012-03-17 17:35 -------- d-----w- c:\users\nibbz\AppData\Roaming\Ahead
    2012-03-17 17:29 . 2012-03-17 17:29 -------- d-----w- c:\programdata\Ahead
    2012-03-17 16:59 . 2012-04-04 02:46 -------- d-----w- c:\program files (x86)\4Videosoft Studio
    2012-03-17 04:46 . 2012-03-17 17:58 -------- d-----w- c:\users\nibbz\AppData\Roaming\DVDVideoSoft
    2012-03-17 04:44 . 2012-03-17 04:44 -------- d-----w- c:\program files (x86)\AC3Filter
    2012-03-17 03:41 . 2012-03-17 03:44 -------- d-----w- c:\windows\SysWow64\C2MP
    2012-03-14 01:54 . 2012-04-02 21:06 -------- d-----w- c:\program files (x86)\KAward
    2012-03-14 00:29 . 2012-04-03 02:34 -------- d-----w- c:\programdata\k2logs
    2012-03-14 00:28 . 2009-05-13 23:35 50688 ----a-w- c:\windows\SysWow64\wbhelp2.dll
    2012-03-14 00:28 . 2009-05-13 23:35 258352 ----a-w- c:\windows\SysWow64\unicows.dll
    2012-03-14 00:28 . 2009-05-13 23:35 544833 ----a-w- c:\windows\SysWow64\wbocx.ocx
    2012-03-14 00:28 . 2009-05-13 23:35 28160 ----a-w- c:\windows\SysWow64\anim.dll
    2012-03-13 22:55 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-13 22:55 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-13 22:55 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-13 21:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 21:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 21:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 21:21 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 21:21 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-13 21:21 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 21:21 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-03-13 21:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 21:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 21:21 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 21:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 01:24 . 2012-03-13 01:25 -------- d-----w- c:\users\nibbz\AppData\Local\Adobe
    2012-03-13 01:23 . 2012-03-13 01:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-03-11 04:39 . 2012-03-11 04:39 -------- d-----w- c:\program files (x86)\Common Files\xing shared
    2012-03-11 04:39 . 2012-03-11 04:39 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-03-11 04:39 . 2012-03-11 04:39 -------- d-----w- c:\program files (x86)\Real
    2012-03-11 04:18 . 2012-04-02 21:05 -------- d-----w- c:\users\nibbz\AppData\Local\Mozilla
    2012-03-09 01:10 . 2012-04-05 12:40 -------- d-----w- c:\users\Guest
    2012-03-08 02:24 . 2012-03-08 02:24 -------- d-----w- c:\users\nibbz\AppData\Local\FileTypeAssistant
    2012-03-08 02:14 . 2012-03-17 17:59 -------- d-----w- c:\programdata\Yahoo!
    2012-03-08 02:14 . 2012-03-17 17:59 -------- d-----w- c:\program files (x86)\Yahoo!
    2012-03-08 00:01 . 2012-03-27 00:12 -------- d-----w- c:\users\nibbz\AppData\Local\ElevatedDiagnostics
    2012-03-07 23:36 . 2012-03-14 01:00 -------- d-----w- c:\users\nibbz\AppData\Local\Diagnostics
    2012-03-07 03:40 . 2012-03-07 03:40 -------- d-----w- c:\windows\system32\SPReview
    2012-03-07 02:20 . 2012-03-28 15:09 -------- d-----w- c:\program files (x86)\Common Files\Steam
    2012-03-07 02:20 . 2012-03-28 15:09 -------- d-----w- c:\program files (x86)\Steam
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-11 21:13 . 2011-12-19 23:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-03-11 21:13 . 2012-01-18 02:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-03-11 21:13 . 2011-12-19 23:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-03-11 21:13 . 2011-12-19 23:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-03-11 21:13 . 2011-12-19 23:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-03-11 21:13 . 2011-12-19 23:58 389840 ----a-w- c:\windows\system32\guard64.dll
    2012-03-11 04:29 . 2012-03-04 22:00 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-07 03:42 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-03-07 03:42 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-03-04 21:39 . 2012-03-04 21:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-04 21:39 . 2012-03-04 21:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-04 21:39 . 2012-03-04 21:39 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-03-04 21:39 . 2012-03-04 21:39 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-03-04 21:39 . 2012-03-04 21:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-04 21:39 . 2012-03-04 21:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-04 21:39 . 2012-03-04 21:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-04 21:39 . 2012-03-04 21:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-04 21:39 . 2012-03-04 21:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-04 21:39 . 2012-03-04 21:39 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-04 21:39 . 2012-03-04 21:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-04 21:39 . 2012-03-04 21:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-04 21:39 . 2012-03-04 21:39 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-03-04 21:39 . 2012-03-04 21:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-04 21:39 . 2012-03-04 21:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-04 21:39 . 2012-03-04 21:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-04 21:39 . 2012-03-04 21:39 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-03-04 21:39 . 2012-03-04 21:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-04 21:39 . 2012-03-04 21:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-04 21:39 . 2012-03-04 21:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-04 21:39 . 2012-03-04 21:39 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-04 21:39 . 2012-03-04 21:39 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-04 21:39 . 2012-03-04 21:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-04 21:39 . 2012-03-04 21:39 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-04 21:39 . 2012-03-04 21:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-04 21:39 . 2012-03-04 21:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-03-04 21:39 . 2012-03-04 21:39 2308096 ----a-w- c:\windows\system32\jscript9.dll
    2012-03-04 21:39 . 2012-03-04 21:39 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-04 21:39 . 2012-03-04 21:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-04 21:39 . 2012-03-04 21:39 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-03-04 21:39 . 2012-03-04 21:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-04 21:39 . 2012-03-04 21:39 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-04 21:39 . 2012-03-04 21:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-04 21:39 . 2012-03-04 21:39 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-04 21:39 . 2012-03-04 21:39 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-04 21:39 . 2012-03-04 21:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-03-04 21:39 . 2012-03-04 21:39 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-04 21:39 . 2012-03-04 21:39 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-04 21:39 . 2012-03-04 21:39 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-04 21:39 . 2012-03-04 21:39 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-04 21:39 . 2012-03-04 21:39 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-03-04 21:39 . 2012-03-04 21:39 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-03-04 18:19 . 2012-03-04 18:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-03-04 18:19 . 2012-03-04 18:19 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-03-04 18:19 . 2012-03-04 18:19 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2012-02-28 00:43 . 2012-02-28 00:43 4207616 ----a-w- c:\windows\system32\ffdshow.ax
    2012-02-28 00:43 . 2012-02-28 00:43 3350528 ----a-w- c:\windows\SysWow64\ffdshow.ax
    2012-02-28 00:41 . 2012-02-28 00:41 4492800 ----a-w- c:\windows\system32\ffmpeg.dll
    2012-02-28 00:39 . 2012-02-28 00:39 4414976 ----a-w- c:\windows\SysWow64\ffmpeg.dll
    2012-02-26 16:52 . 2012-02-26 16:52 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
    2012-02-26 16:52 . 2012-02-26 16:52 92160 ----a-w- c:\windows\system32\ff_vfw.dll
    2012-02-26 16:52 . 2012-02-26 16:52 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
    2012-02-26 16:52 . 2012-02-26 16:52 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
    2012-02-26 16:51 . 2012-02-26 16:51 156672 ----a-w- c:\windows\system32\ff_libmad.dll
    2012-02-26 16:51 . 2012-02-26 16:51 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
    2012-02-26 16:51 . 2012-02-26 16:51 183808 ----a-w- c:\windows\system32\ff_unrar.dll
    2012-02-26 16:51 . 2012-02-26 16:51 222720 ----a-w- c:\windows\system32\ff_libdts.dll
    2012-02-26 16:51 . 2012-02-26 16:51 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
    2012-02-26 16:51 . 2012-02-26 16:51 116224 ----a-w- c:\windows\system32\ff_liba52.dll
    2012-02-26 16:51 . 2012-02-26 16:51 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
    2012-02-26 16:46 . 2012-02-26 16:46 260608 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
    2012-02-26 16:46 . 2012-02-26 16:46 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
    2012-02-26 16:46 . 2012-02-26 16:46 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
    2012-02-26 16:45 . 2012-02-26 16:45 1525248 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
    2012-02-26 16:45 . 2012-02-26 16:45 146944 ----a-w- c:\windows\SysWow64\ff_libmad.dll
    2012-02-26 16:45 . 2012-02-26 16:45 212480 ----a-w- c:\windows\SysWow64\ff_libdts.dll
    2012-02-26 16:45 . 2012-02-26 16:45 115200 ----a-w- c:\windows\SysWow64\ff_liba52.dll
    2012-02-26 16:45 . 2012-02-26 16:45 328704 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
    2012-02-26 16:45 . 2012-02-26 16:45 137728 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
    2012-02-24 14:53 . 2012-02-24 14:53 553984 ----a-w- c:\windows\system32\LAVSplitter.ax
    2012-02-24 14:53 . 2012-02-24 14:53 733184 ----a-w- c:\windows\system32\LAVVideo.ax
    2012-02-24 14:53 . 2012-02-24 14:53 246272 ----a-w- c:\windows\system32\LAVAudio.ax
    2012-02-24 14:53 . 2012-02-24 14:53 202240 ----a-w- c:\windows\system32\libbluray.dll
    2012-02-24 14:53 . 2012-02-24 14:53 6622418 ----a-w- c:\windows\system32\avcodec-lav-54.dll
    2012-02-24 14:53 . 2012-02-24 14:53 393392 ----a-w- c:\windows\system32\swscale-lav-2.dll
    2012-02-24 14:53 . 2012-02-24 14:53 214235 ----a-w- c:\windows\system32\avutil-lav-51.dll
    2012-02-24 14:53 . 2012-02-24 14:53 130825 ----a-w- c:\windows\system32\avfilter-lav-2.dll
    2012-02-24 14:53 . 2012-02-24 14:53 1013645 ----a-w- c:\windows\system32\avformat-lav-54.dll
    2012-02-24 14:51 . 2012-02-24 14:51 461824 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
    2012-02-24 14:51 . 2012-02-24 14:51 575488 ----a-w- c:\windows\SysWow64\LAVVideo.ax
    2012-02-24 14:51 . 2012-02-24 14:51 215040 ----a-w- c:\windows\SysWow64\LAVAudio.ax
    2012-02-24 14:51 . 2012-02-24 14:51 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
    2012-02-24 14:51 . 2012-02-24 14:51 6426793 ----a-w- c:\windows\SysWow64\avcodec-lav-54.dll
    2012-02-24 14:51 . 2012-02-24 14:51 369109 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
    2012-02-24 14:51 . 2012-02-24 14:51 208659 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
    2012-02-24 14:51 . 2012-02-24 14:51 142647 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
    2012-02-24 14:51 . 2012-02-24 14:51 1136653 ----a-w- c:\windows\SysWow64\avformat-lav-54.dll
    2012-02-20 19:41 . 2012-02-20 19:41 181248 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
    2012-02-20 19:41 . 2012-02-20 19:41 147968 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
    2012-02-15 12:09 . 2012-02-15 12:09 1576448 ----a-w- c:\windows\system32\VSFilter.dll
    2012-02-15 12:08 . 2012-02-15 12:08 1288192 ----a-w- c:\windows\SysWow64\VSFilter.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-05_23.21.35 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-04-05 22:18 . 2012-04-05 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-05 23:39 . 2012-04-05 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-05 22:18 . 2012-04-05 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-05 23:39 . 2012-04-05 23:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 05:01 . 2012-04-05 23:38 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-05 22:17 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-04 22:22 . 2012-04-05 23:38 8076608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2012-03-04 22:22 . 2012-04-05 22:17 8076608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2012-03-04 22:22 . 2012-04-05 05:36 15013388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2229031567-2039182235-2669899420-1000-12288.dat
    + 2012-03-04 22:22 . 2012-04-05 23:38 15013388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2229031567-2039182235-2669899420-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-11 296056]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    .
    c:\users\nibbz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    _uninst_20994939.lnk - c:\users\nibbz\AppData\Local\Temp\_uninst_20994939.bat [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R0 tcoifh;tcoifh; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SKLService;Run software as Windows service;c:\program files (x86)\KAward\aklservice.exe [2011-02-11 90112]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 20994939;20994939;c:\windows\system32\DRIVERS\20994939.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E11DB59D-5008-42ff-9069-535843BC0BE1}]
    2012-02-08 19:11 435992 ----a-w- c:\program files\Logitech\FlowScroll\LogiSmooth.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "combofix"="c:\combofix\CF6528.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    npkcmsvc
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{82ED97FB-E948-4901-9DB0-724C42A3D609}: NameServer = 8.26.56.26,156.154.70.22
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\SysWOW64\IoctlSvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-05 19:42:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-05 23:42
    ComboFix2.txt 2012-04-05 23:22
    .
    Pre-Run: 947,831,103,488 bytes free
    Post-Run: 947,674,103,808 bytes free
    .
    - - End Of File - - CF763DCA6DC064B4B88A6A9C27E3981F
     
  18. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    ...

    ok, what should i do next? pc seems fine now but ur the expert on the logs so, il wait
    for further instructions, i aprreciate ur guys help thanks
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I was celebrating Easter Sunday yesterday and wasn't online.

    1. I had the following in the script for removal in Combofix> but it remains:
    2. The last scan with the script in Combofix showed the following:
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\system32\blank.htm
    uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
    So you have blank pages and a bad search site running.
    ======================================
    Why are you downloading a program like the Internet Relay Chat when you've already got malware on the system??
    2012-04-02 05:29 -------- d-----w-c:\program files (x86)\mIRC
    2012-04-02 05:29 -------- d-----w- c:\users\nibbz\AppData\Roaming\mIRC

    You ran the first log for me on 4/2 and you had already been trying t get the system clean!!! What you can frequently get from this:
    ===========================================
    What you need to know about the Backdoor.bot
    And yes- it makes Registry changes to the firewall, the Security Center. It can do or cause:
    1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks)
    2. Data theft (e.g. retrieving passwords or credit card information)
    3. Installation of software, including third-party malware
    4. Downloading or uploading of files on the user's computer
    5. Modification or deletion of files
    6. Keystroke logging
    7. Watching the user's screen
    8. Wasting the computer's storage space
    9. Crashing the computer

    Be advised that you might want to consider a reformat/reinstall instead of an attempt to clean which may not find or remove all if it's code.
     
  20. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    done, formatted using active killdisk and reinstallled fresh copy of win 7,
    i have a question about comodo internet security though, should i use comodo DNS servers
    or no ? also im not going to install any filesharing software at all, or mirc. if i have any problems i will come here first instaed of using comodo tech support thanks boobby for ur help
    in this matter
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome for the help.
    Stick with this and remove any you have now
    --------------------------
    I would have left the following when we had finished with the cleaning. Since you did a reformat and reinstall, here it is:

    The very basic security> layered:
    1 Antivirus program
    1 Firewall, preferably bidirectional
    2 or more antimlware programs

    My own perreference is stand alone programs rather than suites. I find that the 'suites' tend to bundle other features and it tends to bloat the program.

    Per the other thread you started:

    You may find the following helpful: (Links are Bold Blue)
    Tips for added security and safer browsing:
    1. Browser Security
      [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer][/url]
      [o] Use a Site Advisor..
      Have layered Security:
    2. Antivirus Software(only one):
      [o]Microsoft Security Essentials
      [o]Comodo AV
      [o]Avast! Free Antivirus
      =============================
    3. Firewall (only one)
      [o] Zone Alarm Free
      [o]Comodo Firewall Free
    4. Antispyware/Security: I recommend all of the following:
      [o]Spywareblaster:Protects against bad ActiveX.
      [o]IE/Spyad Restricts bad domains.
      [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Popup Stopper
    5. Stay current on updates:
      [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
      [o] Adobe Reade. Uninstall old.
      [o]Java Uninstall old.
    6. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
      (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    7. Do regular Maintenance
      [o]To include Disc Cleanup, Defrag, Error Check/
    8. Remove Temporary Internet Files regularly:
      [o]TFC
    9. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
      [*] Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

    Please let me know if you find any bad links.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...