C:\Windows\svchost.exe ...I think..

ricosauve · 20-Aug-2012, 12:44 PM #1

I've been having some trouble for about a week now, and have had very little luck in fixing the problem. It originally seemed as though a trojan horse known as "Trojan horse Dropper.Genereic_c.MMI" was my main issue as that was what AVG Anti-Virus 2012 had found. Their support page suggested using what seemed like a simple fix via typing the command "sfc /scanfile=c:\windows\system32\services.exe" and then a quick restart after to fix the problem. As far as I can tell that solved that issue but at the same time I believe I picked up another virus. I think I've narrowed down the problem to "C:\Windows\svchost.exe" which Malwarebytes Anit-Malware labels as a Trojan.Agent. Their support page recommended that I use a feature of their software called FileASSASSIN to delete the file. FileASSASSIN says it "can help delete locked files," but when I try to delete the "C:\Windows\svchost.exe" with it, it prompts me to restart my computer and when I do it is still there after the restart. Whether this is what is causing me trouble and if the the two stated problems are related, I'm not entirely sure. Now I ran a full computer scan with both AVG Anti-Virus 2012 and Ad-Aware Antivirus. Both programs found problems that were neither of what I just stated above. Assuming that they managed what they found on their own I won't post all of it. I've been using a program that I think came with Windows 7 Ultimate called Resource Monitor. I initially realized I had a problem when I was experiencing a lot of lag while playing some games and trying to browse the internet. It also caused other computers on my network to have the same issue. Looking under the Network tab of Resource Monitor, I saw that svchost.exe was using a large amount of bandwidth. I figured I could simply right click and End Process. Unfortunately, when I tried to do that it would go away for a minute or two and come right back. Up until late last night, it would come right back every time. Even this morning once I hit End Process it hasn't come back until I restart my computer. I know this isn't fixing the problem and would like some assistance with that. I went ahead and followed the instructions so here are the logs requested. Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:14 AM, on 8/20/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=100486...001c6f653cd2f4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 49.212.77.169:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} (OBXViewer Control) - http://www.pairis.state.pa.us/dcnr/A.../OBXViewer.cab
O16 - DPF: {7608AFAE-F937-4BC9-82C5-8567C3A0EAAF} (OBXRetrieval Control) - http://www.pairis.state.pa.us/dcnr/A...XRetrieval.cab
O16 - DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650} (OBXDocumentSelect Control) - http://www.pairis.state.pa.us/dcnr/A.../OBXSelect.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} (PubPlugin Class) - http://down.hangame.co.jp/jp/purple/.../PubPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15521 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jake at 12:03:49 on 2012-08-20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.5973 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\perfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=c8bb701c0000000000001c6f653cd2f4
uInternet Settings,ProxyServer = 49.212.77.169:3128
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Jake\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dr opbox.lnk - C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXViewer.cab
DPF: {7608AFAE-F937-4BC9-82C5-8567C3A0EAAF} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXRetrieval.cab
DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXSelect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F87E5AC7-F5F3-4713-9035-5021D6FACFD2} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\nvthq0i1.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Jake\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Jake\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2010-11-20 68136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-20 655944]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-11-20 114688]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-11-20 30528]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-11-20 25640]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 113120]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 sj;sj;C:\AeriaGames\EdenEternal\sjcs64.sys [2012-4-28 47224]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-08-20 15:38:26 388096 ----a-r- C:\Users\Jake\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-20 15:38:25 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-20 15:01:16 20480 ----a-w- C:\Windows\svchost.exe
2012-08-20 04:01:22 -------- d-----w- C:\Users\Jake\AppData\Roaming\Malwarebytes
2012-08-20 04:01:12 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-20 04:01:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-20 04:01:10 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-20 04:01:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 18:05:55 -------- d-----w- C:\Users\Jake\AppData\Local\adaware
2012-08-19 18:05:45 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-08-19 18:05:44 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-08-19 18:05:44 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-08-19 18:05:43 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-19 18:01:27 -------- d-----w- C:\Users\Jake\AppData\Roaming\Ad-Aware Antivirus
2012-08-19 16:54:31 -------- d-----w- C:\ProgramData\GFI Software
2012-08-13 22:10:08 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-13 22:09:19 -------- d-----w- C:\Users\Jake\AppData\Local\Downloaded Installations
2012-08-13 19:24:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-13 05:19:26 -------- d-----w- C:\Windows\pss
2012-08-04 04:51:13 -------- d-----w- C:\Users\Jake\AppData\Local\Macromedia
2012-08-03 06:30:15 -------- d--h--w- C:\$AVG
2012-08-03 05:59:46 -------- d-----w- C:\Users\Jake\AppData\Roaming\AVG2012
2012-08-03 05:56:10 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-03 05:55:27 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-03 05:55:26 -------- d-----w- C:\ProgramData\AVG2012
2012-08-03 05:54:09 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-03 05:40:47 -------- d--h--w- C:\ProgramData\Common Files
2012-08-02 05:45:08 -------- d-----w- C:\Users\Jake\AppData\Roaming\UDP Software
2012-08-01 12:50:44 -------- d-----w- C:\Users\Jake\AppData\Roaming\runic games
2012-07-31 14:57:15 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D590D8E4-5EBB-4A7C-A819-60AD4A984FBE}\mpengine.dll
2012-07-31 14:56:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-31 01:25:09 -------- d-----r- C:\Users\Jake\Dropbox
2012-07-31 01:22:07 -------- d-----w- C:\Users\Jake\AppData\Roaming\Dropbox
2012-07-29 06:37:22 -------- d-----w- C:\Users\Jake\AppData\Roaming\MotioninJoy
2012-07-29 06:37:13 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-29 06:37:13 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-29 06:37:13 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-29 06:37:13 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-29 06:37:13 -------- d-----w- C:\Program Files\MotioninJoy
.
==================== Find3M ====================
.
2012-08-20 15:05:02 30528 ----a-w- C:\Windows\GVTDrv64.sys
2012-08-20 15:04:41 25640 ----a-w- C:\Windows\gdrv.sys
2012-08-03 22:38:36 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:14:42 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:04:17.93 ===============

ricosauve · 22-Aug-2012, 12:57 PM #2

bump

ricosauve · 23-Aug-2012, 12:35 PM #3

bump

ricosauve · 24-Aug-2012, 12:35 PM #4

bump

ricosauve · 26-Aug-2012, 09:33 AM #5

bumo

CatByte · 26-Aug-2012, 11:43 AM #6

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
now press the search button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)

ricosauve · 27-Aug-2012, 03:55 AM #7

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 26-08-2012 01
Ran by SYSTEM at 27-08-2012 03:37:42
Running from E:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10135584 2010-03-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [375000 2009-10-15] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [1996200 2012-06-27] (LogMeIn Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Jake\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2005-02-17] (InstallShield Software Corporation)
HKU\Jake\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" [399736 2011-04-29] (BitTorrent, Inc.)
HKU\Jake\...\Run: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-01] (Google Inc.)
HKU\Jake\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-04] (Valve Corporation)
HKU\Jake\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-01] (DT Soft Ltd)
HKU\Jake\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-20] (Google Inc.)
HKU\Jake\...\Run: [Akamai NetSession Interface] "C:\Users\Jake\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Jake\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKLM-x32\...\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [20480 2007-07-26] ()
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [26112 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Startup: C:\Users\Jake\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 1394hub; C:\Windows\System32\svchost.exe -k netsvcs [27136 2009-07-13] (Microsoft Corporation)
3 1394hub; C:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1239952 2012-07-12] (Lavasoft Limited)
3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 DES2 Service; "C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe" [68136 2009-06-17] ()
2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-09] ()
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe" [3289032 2011-12-19] (GFI Software)
2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.)

==================== Drivers (Whitelisted) ===================

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21544 2010-04-27] ()
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [270912 2011-10-05] (DT Soft Ltd)
3 etdrv; \??\C:\Windows\etdrv.sys [25640 2011-01-01] (Windows (R) Server 2003 DDK provider)
3 gdrv; \??\C:\Windows\gdrv.sys [25640 2012-08-26] (Windows (R) Server 2003 DDK provider)
3 GVTDrv64; \??\C:\Windows\GVTDrv64.sys [30528 2012-08-26] ()
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [57976 2011-10-26] (GFI Software)
3 sj; \??\C:\AeriaGames\EdenEternal\sjcs64.sys [47224 2012-04-28] ()
3 dump_wmimmc; \??\C:\HanPurple\TERA\GameGuard\dump_wmimmc.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
3 X6va005; \??\C:\Users\Jake\AppData\Local\Temp\00512B6.tmp [x]

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

2012-08-27 03:36 - 2012-08-27 03:37 - 00000000 ____D C:\FRST
2012-08-26 23:25 - 2012-08-26 23:25 - 01447937 ____A (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2012-08-21 06:04 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-20 11:53 - 2012-08-23 13:11 - 00000000 ____D C:\Users\Jake\Desktop\World of Warcraft
2012-08-20 08:05 - 2012-08-20 08:05 - 00026990 ____A C:\Users\Jake\Desktop\DDS.txt
2012-08-20 08:05 - 2012-08-20 08:05 - 00016043 ____A C:\Users\Jake\Desktop\Attach.txt
2012-08-20 07:51 - 2012-08-20 07:51 - 00607260 ____R (Swearware) C:\Users\Jake\Downloads\dds.com
2012-08-20 07:38 - 2012-08-20 07:38 - 00002971 ____A C:\Users\Jake\Desktop\HiJackThis.lnk
2012-08-20 07:38 - 2012-08-20 07:38 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-08-20 07:35 - 2012-08-20 07:36 - 01402880 ____A C:\Users\Jake\Downloads\HiJackThis.msi
2012-08-20 07:26 - 2012-08-20 07:26 - 00509440 ____A (Tech Support Guy System) C:\Users\Jake\Downloads\SysInfo.exe
2012-08-19 20:01 - 2012-08-21 06:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-19 20:01 - 2012-08-20 07:10 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-19 20:01 - 2012-08-19 20:01 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 20:01 - 2012-08-19 20:01 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Malwarebytes
2012-08-19 20:01 - 2012-08-19 20:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-19 20:01 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-19 19:58 - 2012-08-19 19:59 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-19 11:02 - 2012-08-19 11:02 - 00000942 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-08-19 10:05 - 2012-08-26 05:29 - 00001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-08-19 10:05 - 2012-08-19 11:01 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-19 10:05 - 2012-08-19 10:12 - 00000000 ____D C:\Users\Jake\AppData\Local\adaware
2012-08-19 10:05 - 2012-08-19 10:05 - 00000000 ____D C:\Users\All Users\Lavasoft
2012-08-19 10:05 - 2011-12-19 09:21 - 00045936 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2012-08-19 10:05 - 2011-12-19 08:44 - 00060536 ____A (GFI Software) C:\Windows\System32\Drivers\sbhips.sys
2012-08-19 10:05 - 2011-10-26 10:23 - 00057976 ____A (GFI Software) C:\Windows\System32\Drivers\sbredrv.sys
2012-08-19 10:01 - 2012-08-19 15:26 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Ad-Aware Antivirus
2012-08-19 08:54 - 2012-08-19 08:54 - 00000000 ____D C:\Users\All Users\GFI Software
2012-08-13 14:10 - 2012-08-26 05:29 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-08-13 14:09 - 2012-08-13 14:09 - 00000000 ____D C:\Users\Jake\AppData\Local\Downloaded Installations
2012-08-13 14:03 - 2012-08-13 14:04 - 04587128 ____A (Lavasoft Limited) C:\Users\Jake\Downloads\Adaware_Installer.exe
2012-08-13 13:52 - 2012-08-26 23:28 - 00007621 ____A C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
2012-08-13 13:23 - 2012-08-13 13:24 - 00000000 ____A C:\IP_LAN_port_to_IP_WAN_port.txt
2012-08-13 11:24 - 2012-08-13 11:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-13 11:17 - 2012-08-13 11:17 - 00000000 ____D C:\Windows\Sun
2012-08-13 11:15 - 2012-08-13 14:02 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-08-12 21:19 - 2012-08-12 21:19 - 00000000 ____D C:\Windows\pss
2012-08-03 20:51 - 2012-08-03 20:51 - 00000000 ____D C:\Users\Jake\AppData\Local\Macromedia
2012-08-03 14:42 - 2012-08-03 14:42 - 00000221 ____A C:\Users\Jake\Desktop\Torchlight.url
2012-08-02 22:30 - 2012-08-02 22:30 - 00000000 ___HD C:\$AVG
2012-08-02 21:59 - 2012-08-02 21:59 - 00000000 ____D C:\Users\Jake\AppData\Roaming\AVG2012
2012-08-02 21:56 - 2012-08-02 21:56 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-02 21:56 - 2012-08-02 21:56 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-02 21:55 - 2012-08-26 16:41 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-02 21:55 - 2012-08-02 22:10 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-02 21:54 - 2012-08-02 21:54 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-02 21:38 - 2012-08-02 21:38 - 00001126 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-02 21:38 - 2012-08-02 21:38 - 00000000 ____D C:\Users\Jake\AppData\Local\Mozilla
2012-08-02 21:38 - 2012-08-02 21:38 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-02 21:38 - 2012-08-02 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-02 21:38 - 2012-08-02 21:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-08-02 21:25 - 2012-08-02 21:25 - 00000000 ____D C:\Users\Jake\Downloads\EnableDisableFlip3D
2012-08-02 21:24 - 2012-08-02 21:24 - 00000572 ____A C:\Users\Jake\Downloads\EnableDisableFlip3D.zip
2012-08-01 21:45 - 2012-08-01 21:45 - 00000000 ____D C:\Users\Jake\AppData\Roaming\UDP Software
2012-08-01 20:42 - 2012-08-01 20:42 - 00000000 ____D C:\Users\Jake\Downloads\Era
2012-08-01 07:38 - 2012-08-01 07:38 - 00850383 ____A C:\Users\Jake\Downloads\x360ce.App-2.0.2.158.zip
2012-08-01 04:50 - 2012-08-01 04:50 - 00000000 ____D C:\Users\Jake\AppData\Roaming\runic games
2012-07-31 21:46 - 2012-07-31 21:46 - 00000222 ____A C:\Users\Jake\Desktop\Ys The Oath in Felghana.url
2012-07-31 21:45 - 2012-07-31 21:45 - 00000221 ____A C:\Users\Jake\Desktop\Audiosurf.url
2012-07-31 06:56 - 2012-08-21 06:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-30 17:25 - 2012-08-25 19:32 - 00000000 ___RD C:\Users\Jake\Dropbox
2012-07-30 17:25 - 2012-07-30 17:25 - 00001037 ____A C:\Users\Jake\Desktop\Dropbox.lnk
2012-07-30 17:22 - 2012-08-26 05:29 - 00000000 ____D C:\Users\Jake\AppData\Roaming\Dropbox
2012-07-30 17:18 - 2012-07-30 17:21 - 17798272 ____A (Dropbox, Inc.) C:\Users\Jake\Downloads\Dropbox 1.4.12.exe
2012-07-29 22:34 - 2012-07-29 22:34 - 00000222 ____A C:\Users\Jake\Desktop\Wanderlust Rebirth.url
2012-07-28 23:16 - 2012-07-28 23:16 - 00274488 ____A C:\Windows\Minidump\072912-17612-01.dmp
2012-07-28 22:51 - 2012-07-28 22:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-28 22:51 - 2012-07-28 22:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-28 22:37 - 2012-07-28 22:37 - 00000000 ____D C:\Users\Jake\AppData\Roaming\MotioninJoy
2012-07-28 22:37 - 2012-07-28 22:37 - 00000000 ____D C:\Program Files\MotioninJoy
2012-07-28 22:37 - 2012-05-12 08:31 - 00121416 ____A (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys
2012-07-28 22:37 - 2011-12-07 15:42 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-28 22:37 - 2011-12-07 15:42 - 00328712 ____A (Logitech Inc.) C:\Windows\System32\MijFrc.dll
2012-07-28 22:37 - 2011-12-07 15:42 - 00074960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys
2012-07-28 22:34 - 2012-07-28 22:35 - 04117346 ____A C:\Users\Jake\Downloads\MotioninJoy_071001_signed.zip

==================== 3 Months Modified Files ================================

2012-08-26 23:30 - 2010-11-20 09:45 - 00025640 ____A (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2012-08-26 23:30 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-26 23:30 - 2009-07-13 20:51 - 00082740 ____A C:\Windows\setupact.log
2012-08-26 23:28 - 2012-08-13 13:52 - 00007621 ____A C:\Users\Jake\AppData\Local\Resmon.ResmonCfg
2012-08-26 23:26 - 2012-01-26 11:57 - 00415730 ____A C:\Windows\System32\perfh011.dat
2012-08-26 23:26 - 2012-01-26 11:57 - 00121224 ____A C:\Windows\System32\perfc011.dat
2012-08-26 23:26 - 2009-07-13 21:13 - 01307692 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-26 23:25 - 2012-08-26 23:25 - 01447937 ____A (Farbar) C:\Users\Jake\Downloads\FRST64.exe
2012-08-26 23:04 - 2011-07-07 06:26 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000UA.job
2012-08-26 22:30 - 2010-11-20 10:30 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-26 18:30 - 2010-11-20 10:30 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-26 10:04 - 2011-07-07 06:26 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000Core.job
2012-08-26 05:32 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-26 05:32 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-26 05:29 - 2012-08-19 10:05 - 00001868 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-08-26 05:29 - 2011-01-03 10:03 - 00000004 ____A C:\Windows\SysWOW64\GVTunner.ref
2012-08-26 05:29 - 2010-11-20 09:45 - 00030528 ____A C:\Windows\GVTDrv64.sys
2012-08-26 05:28 - 2011-01-28 09:53 - 00000400 ____A C:\Windows\Tasks\Free File Viewer Update Checker.job
2012-08-22 08:52 - 2010-11-20 10:36 - 00047114 ____A C:\Windows\PFRO.log
2012-08-21 06:13 - 2012-07-31 06:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-21 06:13 - 2011-05-17 15:32 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-20 18:11 - 2010-11-20 12:16 - 01801613 ____A C:\Windows\WindowsUpdate.log
2012-08-20 08:05 - 2012-08-20 08:05 - 00026990 ____A C:\Users\Jake\Desktop\DDS.txt
2012-08-20 08:05 - 2012-08-20 08:05 - 00016043 ____A C:\Users\Jake\Desktop\Attach.txt
2012-08-20 07:51 - 2012-08-20 07:51 - 00607260 ____R (Swearware) C:\Users\Jake\Downloads\dds.com
2012-08-20 07:38 - 2012-08-20 07:38 - 00002971 ____A C:\Users\Jake\Desktop\HiJackThis.lnk
2012-08-20 07:36 - 2012-08-20 07:35 - 01402880 ____A C:\Users\Jake\Downloads\HiJackThis.msi
2012-08-20 07:26 - 2012-08-20 07:26 - 00509440 ____A (Tech Support Guy System) C:\Users\Jake\Downloads\SysInfo.exe
2012-08-19 20:01 - 2012-08-19 20:01 - 00001105 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-19 19:59 - 2012-08-19 19:58 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Jake\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-19 11:02 - 2012-08-19 11:02 - 00000942 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-08-13 14:04 - 2012-08-13 14:03 - 04587128 ____A (Lavasoft Limited) C:\Users\Jake\Downloads\Adaware_Installer.exe
2012-08-13 14:02 - 2012-08-13 11:15 - 00000408 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2012-08-13 13:24 - 2012-08-13 13:23 - 00000000 ____A C:\IP_LAN_port_to_IP_WAN_port.txt
2012-08-12 07:56 - 2011-05-03 11:26 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-08-12 07:56 - 2011-05-03 11:26 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-08-03 14:42 - 2012-08-03 14:42 - 00000221 ____A C:\Users\Jake\Desktop\Torchlight.url
2012-08-02 21:56 - 2012-08-02 21:56 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-02 21:38 - 2012-08-02 21:38 - 00001126 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-02 21:24 - 2012-08-02 21:24 - 00000572 ____A C:\Users\Jake\Downloads\EnableDisableFlip3D.zip
2012-08-01 07:38 - 2012-08-01 07:38 - 00850383 ____A C:\Users\Jake\Downloads\x360ce.App-2.0.2.158.zip
2012-08-01 04:49 - 2011-02-11 19:54 - 00356858 ____A C:\Windows\DirectX.log
2012-07-31 21:46 - 2012-07-31 21:46 - 00000222 ____A C:\Users\Jake\Desktop\Ys The Oath in Felghana.url
2012-07-31 21:45 - 2012-07-31 21:45 - 00000221 ____A C:\Users\Jake\Desktop\Audiosurf.url
2012-07-30 17:25 - 2012-07-30 17:25 - 00001037 ____A C:\Users\Jake\Desktop\Dropbox.lnk
2012-07-30 17:21 - 2012-07-30 17:18 - 17798272 ____A (Dropbox, Inc.) C:\Users\Jake\Downloads\Dropbox 1.4.12.exe
2012-07-29 22:34 - 2012-07-29 22:34 - 00000222 ____A C:\Users\Jake\Desktop\Wanderlust Rebirth.url
2012-07-28 23:16 - 2012-07-28 23:16 - 00274488 ____A C:\Windows\Minidump\072912-17612-01.dmp
2012-07-28 23:16 - 2012-01-18 12:19 - 512498619 ____A C:\Windows\MEMORY.DMP
2012-07-28 22:51 - 2012-07-28 22:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2012-07-28 22:51 - 2012-07-28 22:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2012-07-28 22:35 - 2012-07-28 22:34 - 04117346 ____A C:\Users\Jake\Downloads\MotioninJoy_071001_signed.zip
2012-07-26 05:10 - 2012-07-26 05:10 - 00141072 ____A C:\Users\Jake\Downloads\kotor_2_vista_fix.7z
2012-07-26 05:04 - 2012-07-26 04:54 - 00002549 ____A C:\Users\Jake\Documents\swkotor2.ini
2012-07-20 15:08 - 2012-07-20 15:08 - 00000221 ____A C:\Users\Jake\Desktop\Dungeon Defenders.url
2012-07-19 19:30 - 2009-07-13 21:08 - 00032616 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-18 10:26 - 2012-07-18 10:26 - 00086593 ____A C:\Users\Jake\Downloads\Minilands.zip
2012-07-14 23:02 - 2012-07-13 12:03 - 01303320 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-13 11:55 - 2012-07-13 11:55 - 00000222 ____A C:\Users\Jake\Desktop\Terraria.url
2012-07-12 04:54 - 2009-07-13 20:45 - 00425640 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 20:13 - 2010-12-25 19:36 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 14:14 - 2011-08-22 10:59 - 00043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-07-11 14:03 - 2012-07-11 14:03 - 00001456 ____A C:\Users\Jake\Desktop\Empire Earth II.lnk
2012-07-08 00:37 - 2012-07-08 00:37 - 00292184 ____A (Microsoft Corporation) C:\Users\Jake\Downloads\dxwebsetup.exe
2012-07-07 23:50 - 2012-07-07 23:48 - 15298504 ____A (Firefly Studios ) C:\Users\Jake\Downloads\StrongholdKingdoms-Setup.exe
2012-07-03 09:46 - 2012-08-19 20:01 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 13:48 - 2012-06-30 13:47 - 09070475 ____A C:\Users\Jake\Downloads\RapidQuestPack_v1.2.zip
2012-06-25 23:22 - 2012-06-25 23:22 - 00000221 ____A C:\Users\Jake\Desktop\Magicka.url
2012-06-14 11:25 - 2011-07-05 05:14 - 00002413 ____A C:\Windows\SysWOW64\lgAxconfig.ini
2012-06-11 19:02 - 2012-07-11 20:17 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-11 11:06 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 11:06 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 13:38 - 2012-06-07 13:38 - 00011691 ____A C:\Users\Jake\Documents\TimeSheet 2nd week with SRGC.xlsx
2012-06-07 13:15 - 2012-06-07 13:15 - 00011500 ____A C:\Users\Jake\Downloads\TimeSheet for Contractors.xlsx
2012-06-05 21:50 - 2012-07-11 11:06 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 11:06 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 11:06 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 11:06 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-23 07:40 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 07:40 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 07:40 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 07:40 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 07:40 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 07:40 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 07:40 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 07:40 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-23 07:40 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 20:12 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 20:12 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 20:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 20:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 20:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 20:12 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 20:12 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 20:12 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 20:12 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 20:12 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 20:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 20:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 20:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 20:12 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 20:12 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 20:12 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 20:12 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 20:12 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 20:12 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 20:12 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 20:12 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 20:12 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 20:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 20:12 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 20:12 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 20:12 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 20:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 20:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 11:06 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 11:06 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 11:06 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 11:06 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 11:06 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 11:06 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 11:06 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 11:06 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 11:06 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-11-20 09:36 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

ZeroAccess:
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}\@
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}\L
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}\U
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}\L\00000004.@
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}\L\201d3dde

Type 00 partition infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-23 08:30:00
Restore point made on: 2012-08-23 22:00:21
Restore point made on: 2012-08-24 22:00:26
Restore point made on: 2012-08-25 08:07:22
Restore point made on: 2012-08-25 20:02:20
Restore point made on: 2012-08-26 05:55:59
Restore point made on: 2012-08-26 22:00:08

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8183.43 MB
Available physical RAM: 7416.67 MB
Total Pagefile: 8181.58 MB
Available Pagefile: 7406.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:931.5 GB) (Free:532.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (OCZ RALLY2) (Removable) (Total:7.51 GB) (Free:2.45 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 8 MB
Disk 1 Online 7701 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

=========================================================================== =======

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 931 GB Healthy

=========================================================================== =======

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7701 MB 0 B

=========================================================================== =======

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================================== =======

Last Boot: 2012-08-19 09:51

==================== End Of Log =============================

Search.txt

Farbar Recovery Scan Tool Version: 26-08-2012 01
Ran by SYSTEM at 2012-08-27 03:39:43
Running from E:\

================== Search: "services.exe" ===================

C:\Windows.old\Windows\system32\services.exe
[2004-08-04 04:00] - [2004-08-04 04:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

C:\Windows.old\Windows\system32\dllcache\services.exe
[2004-08-04 04:00] - [2004-08-04 04:00] - 0108032 ___AC (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

CatByte · 27-Aug-2012, 11:10 AM #8

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:

start
2012-08-21 06:04 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88}
cmd: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- If Malicious objects are found then ensure Cure is selected
- If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

NEXT

Refer to the ComboFix User's Guide

Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

ricosauve · 29-Aug-2012, 07:51 AM #9

Sorry it has taken me so long to get back to you, I just started class again and have been getting back into the swing of things. I actually fell asleep lastnight while I was waiting for combofix to finish up. I'm a little worried cause after combofix rebooted my computer it said not to run any programs and I have a several programs that start to run at the start of windows, like Hamachi and Skype, I closed Skype cause the window popped up, but I just left the other ones. I also uninstalled AVG and Ad-Aware from my computer before running combofix, because even though I followed the steps on how to turn them off, combofix told me they still were interfering. I hope this didn't mess anything up. There we're also two logs created by TDSSKiller, I think one before the reboot and one after, I'll post both.

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 26-08-2012 01
Ran by SYSTEM at 2012-08-28 17:16:14 Run:1
Running from E:\

==============================================

C:\Windows\svchost.exe moved successfully.
C:\Windows\Installer\{f9c68fab-a731-4155-b593-cd6d1b641e88} moved successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========

==== End of Fixlog ====

TDSSKiller before reboot

00:16:48.0490 4648 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:16:50.0492 4648 ============================================================
00:16:50.0492 4648 Current date / time: 2012/08/29 00:16:50.0492
00:16:50.0492 4648 SystemInfo:
00:16:50.0492 4648
00:16:50.0492 4648 OS Version: 6.1.7600 ServicePack: 0.0
00:16:50.0492 4648 Product type: Workstation
00:16:50.0492 4648 ComputerName: JAKE-PC
00:16:50.0492 4648 UserName: Jake
00:16:50.0492 4648 Windows directory: C:\Windows
00:16:50.0492 4648 System windows directory: C:\Windows
00:16:50.0492 4648 Running under WOW64
00:16:50.0492 4648 Processor architecture: Intel x64
00:16:50.0492 4648 Number of processors: 4
00:16:50.0492 4648 Page size: 0x1000
00:16:50.0492 4648 Boot type: Normal boot
00:16:50.0492 4648 ============================================================
00:16:51.0630 4648 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:16:51.0638 4648 Drive \Device\Harddisk1\DR1 - Size: 0x1E1509000 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:16:51.0640 4648 ============================================================
00:16:51.0640 4648 \Device\Harddisk0\DR0:
00:16:51.0644 4648 MBR partitions:
00:16:51.0644 4648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
00:16:51.0644 4648 \Device\Harddisk1\DR1:
00:16:51.0645 4648 MBR partitions:
00:16:51.0645 4648 ============================================================
00:16:51.0663 4648 C: <-> \Device\Harddisk0\DR0\Partition1
00:16:51.0663 4648 ============================================================
00:16:51.0663 4648 Initialize success
00:16:51.0663 4648 ============================================================
00:17:21.0039 5680 ============================================================
00:17:21.0039 5680 Scan started
00:17:21.0039 5680 Mode: Manual; TDLFS;
00:17:21.0039 5680 ============================================================
00:17:24.0305 5680 ================ Scan system memory ========================
00:17:24.0305 5680 System memory - ok
00:17:24.0306 5680 ================ Scan services =============================
00:17:24.0784 5680 1394hub - ok
00:17:24.0828 5680 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:17:24.0831 5680 1394ohci - ok
00:17:24.0852 5680 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
00:17:24.0855 5680 ACPI - ok
00:17:24.0875 5680 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
00:17:24.0877 5680 AcpiPmi - ok
00:17:24.0981 5680 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
00:17:24.0997 5680 Ad-Aware Service - ok
00:17:25.0026 5680 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:17:25.0030 5680 adp94xx - ok
00:17:25.0054 5680 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:17:25.0058 5680 adpahci - ok
00:17:25.0088 5680 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:17:25.0090 5680 adpu320 - ok
00:17:25.0109 5680 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:17:25.0111 5680 AeLookupSvc - ok
00:17:25.0147 5680 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
00:17:25.0152 5680 AFD - ok
00:17:25.0180 5680 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
00:17:25.0182 5680 agp440 - ok
00:17:25.0198 5680 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:17:25.0200 5680 ALG - ok
00:17:25.0217 5680 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
00:17:25.0218 5680 aliide - ok
00:17:25.0254 5680 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:17:25.0258 5680 AMD External Events Utility - ok
00:17:25.0274 5680 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
00:17:25.0275 5680 amdide - ok
00:17:25.0280 5680 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:17:25.0282 5680 AmdK8 - ok
00:17:25.0441 5680 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:17:25.0552 5680 amdkmdag - ok
00:17:25.0578 5680 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:17:25.0580 5680 amdkmdap - ok
00:17:25.0600 5680 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:17:25.0601 5680 AmdPPM - ok
00:17:25.0675 5680 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:17:25.0677 5680 amdsata - ok
00:17:25.0725 5680 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:17:25.0728 5680 amdsbs - ok
00:17:25.0746 5680 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:17:25.0747 5680 amdxata - ok
00:17:25.0811 5680 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
00:17:25.0813 5680 AppID - ok
00:17:25.0833 5680 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:17:25.0835 5680 AppIDSvc - ok
00:17:25.0850 5680 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
00:17:25.0852 5680 Appinfo - ok
00:17:25.0876 5680 [ 301AA64F9643BC453D90A66C4C0E7204 ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
00:17:25.0878 5680 AppleCharger - ok
00:17:25.0888 5680 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
00:17:25.0890 5680 AppleChargerSrv - ok
00:17:25.0951 5680 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:17:25.0960 5680 AppMgmt - ok
00:17:25.0977 5680 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:17:25.0979 5680 arc - ok
00:17:25.0988 5680 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:17:25.0990 5680 arcsas - ok
00:17:26.0073 5680 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:17:26.0092 5680 aspnet_state - ok
00:17:26.0113 5680 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:17:26.0114 5680 AsyncMac - ok
00:17:26.0126 5680 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
00:17:26.0126 5680 atapi - ok
00:17:26.0164 5680 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:17:26.0166 5680 AtiHdmiService - ok
00:17:26.0198 5680 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:17:26.0207 5680 AudioEndpointBuilder - ok
00:17:26.0219 5680 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:17:26.0223 5680 AudioSrv - ok
00:17:26.0334 5680 [ 6D440FF3F44CA72EDFD6176C6D6A89C0 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:17:26.0355 5680 AVGIDSAgent - ok
00:17:26.0376 5680 [ E29EA1A0EC7AB9FA2DC7E75A03F12A4F ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
00:17:26.0377 5680 AVGIDSDriver - ok
00:17:26.0389 5680 [ F823D184B8E8FFB8DA3EAD45DBF5BD6A ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
00:17:26.0390 5680 AVGIDSEH - ok
00:17:26.0396 5680 [ ED2B25BD7FE35D1944211968842D30DA ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
00:17:26.0397 5680 AVGIDSFilter - ok
00:17:26.0413 5680 [ 979CF8912449A10B987218BFF80A1FA3 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
00:17:26.0415 5680 Avgldx64 - ok
00:17:26.0426 5680 [ 36B1A5843695766EAC714DAFFC5B84D1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
00:17:26.0427 5680 Avgmfx64 - ok
00:17:26.0441 5680 [ 1102239FB724527F1FEBBBBCCF6BF313 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
00:17:26.0442 5680 Avgrkx64 - ok
00:17:26.0455 5680 [ 11F36D3EA82D9DB9AA05A476A210551B ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
00:17:26.0457 5680 Avgtdia - ok
00:17:26.0490 5680 [ 6699ECE24FE4B3F752A66C66A602EE86 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:17:26.0493 5680 avgwd - ok
00:17:26.0519 5680 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:17:26.0522 5680 AxInstSV - ok
00:17:26.0566 5680 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:17:26.0571 5680 b06bdrv - ok
00:17:26.0600 5680 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:17:26.0605 5680 b57nd60a - ok
00:17:26.0689 5680 [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
00:17:26.0693 5680 BCUService - ok
00:17:26.0711 5680 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:17:26.0714 5680 BDESVC - ok
00:17:26.0724 5680 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:17:26.0725 5680 Beep - ok
00:17:26.0756 5680 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
00:17:26.0777 5680 BFE - ok
00:17:26.0814 5680 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:17:26.0826 5680 blbdrive - ok
00:17:26.0853 5680 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:17:26.0866 5680 bowser - ok
00:17:26.0891 5680 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:17:26.0892 5680 BrFiltLo - ok
00:17:26.0916 5680 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:17:26.0917 5680 BrFiltUp - ok
00:17:26.0964 5680 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
00:17:26.0970 5680 Browser - ok
00:17:27.0027 5680 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:17:27.0031 5680 Brserid - ok
00:17:27.0039 5680 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:17:27.0041 5680 BrSerWdm - ok
00:17:27.0056 5680 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:17:27.0058 5680 BrUsbMdm - ok
00:17:27.0067 5680 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:17:27.0067 5680 BrUsbSer - ok
00:17:27.0090 5680 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:17:27.0091 5680 BTHMODEM - ok
00:17:27.0163 5680 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:17:27.0177 5680 bthserv - ok
00:17:27.0213 5680 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:17:27.0216 5680 cdfs - ok
00:17:27.0299 5680 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:17:27.0315 5680 cdrom - ok
00:17:27.0372 5680 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
00:17:27.0382 5680 CertPropSvc - ok
00:17:27.0407 5680 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:17:27.0408 5680 circlass - ok
00:17:27.0432 5680 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:17:27.0435 5680 CLFS - ok
00:17:27.0487 5680 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:17:27.0489 5680 clr_optimization_v2.0.50727_32 - ok
00:17:27.0512 5680 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:17:27.0514 5680 clr_optimization_v2.0.50727_64 - ok
00:17:27.0554 5680 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:17:27.0606 5680 clr_optimization_v4.0.30319_32 - ok
00:17:27.0644 5680 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:17:27.0671 5680 clr_optimization_v4.0.30319_64 - ok
00:17:27.0740 5680 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:27.0741 5680 CmBatt - ok
00:17:27.0760 5680 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
00:17:27.0761 5680 cmdide - ok
00:17:27.0784 5680 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
00:17:27.0787 5680 CNG - ok
00:17:27.0801 5680 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:17:27.0802 5680 Compbatt - ok
00:17:27.0825 5680 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
00:17:27.0827 5680 CompositeBus - ok
00:17:27.0838 5680 COMSysApp - ok
00:17:27.0843 5680 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:27.0844 5680 crcdisk - ok
00:17:27.0876 5680 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:17:27.0879 5680 CryptSvc - ok
00:17:27.0898 5680 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
00:17:27.0905 5680 CSC - ok
00:17:27.0925 5680 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
00:17:27.0933 5680 CscService - ok
00:17:27.0953 5680 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:17:27.0965 5680 DcomLaunch - ok
00:17:28.0000 5680 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:17:28.0004 5680 defragsvc - ok
00:17:28.0049 5680 [ FDC0C5ADDE1CDE6EDB0BEF78F0699AF3 ] DES2 Service C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
00:17:28.0050 5680 DES2 Service - ok
00:17:28.0071 5680 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:17:28.0074 5680 DfsC - ok
00:17:28.0097 5680 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
00:17:28.0103 5680 Dhcp - ok
00:17:28.0118 5680 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:17:28.0119 5680 discache - ok
00:17:28.0148 5680 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:17:28.0149 5680 Disk - ok
00:17:28.0165 5680 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:17:28.0169 5680 Dnscache - ok
00:17:28.0198 5680 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
00:17:28.0201 5680 dot3svc - ok
00:17:28.0219 5680 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
00:17:28.0222 5680 DPS - ok
00:17:28.0248 5680 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:17:28.0249 5680 drmkaud - ok
00:17:28.0280 5680 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:17:28.0282 5680 dtsoftbus01 - ok
00:17:28.0305 5680 dump_wmimmc - ok
00:17:28.0333 5680 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:17:28.0339 5680 DXGKrnl - ok
00:17:28.0352 5680 EagleX64 - ok
00:17:28.0370 5680 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:17:28.0373 5680 EapHost - ok
00:17:28.0452 5680 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:17:28.0477 5680 ebdrv - ok
00:17:28.0506 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
00:17:28.0507 5680 EFS - ok
00:17:28.0544 5680 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:17:28.0552 5680 ehRecvr - ok
00:17:28.0569 5680 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:17:28.0572 5680 ehSched - ok
00:17:28.0610 5680 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:17:28.0614 5680 elxstor - ok
00:17:28.0648 5680 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
00:17:28.0649 5680 ErrDev - ok
00:17:28.0680 5680 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys
00:17:28.0681 5680 etdrv - ok
00:17:28.0705 5680 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:17:28.0710 5680 EventSystem - ok
00:17:28.0729 5680 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:17:28.0733 5680 exfat - ok
00:17:28.0756 5680 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:17:28.0759 5680 fastfat - ok
00:17:28.0785 5680 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
00:17:28.0791 5680 Fax - ok
00:17:28.0795 5680 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:17:28.0797 5680 fdc - ok
00:17:28.0807 5680 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:17:28.0808 5680 fdPHost - ok
00:17:28.0824 5680 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:17:28.0825 5680 FDResPub - ok
00:17:28.0843 5680 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:17:28.0845 5680 FileInfo - ok
00:17:28.0863 5680 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:17:28.0865 5680 Filetrace - ok
00:17:28.0869 5680 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:17:28.0870 5680 flpydisk - ok
00:17:28.0888 5680 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:17:28.0891 5680 FltMgr - ok
00:17:28.0928 5680 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
00:17:28.0941 5680 FontCache - ok
00:17:28.0987 5680 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:17:28.0989 5680 FontCache3.0.0.0 - ok
00:17:29.0007 5680 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:17:29.0009 5680 FsDepends - ok
00:17:29.0035 5680 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:17:29.0036 5680 Fs_Rec - ok
00:17:29.0065 5680 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:17:29.0068 5680 fvevol - ok
00:17:29.0102 5680 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:17:29.0104 5680 gagp30kx - ok
00:17:29.0128 5680 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
00:17:29.0142 5680 gdrv - ok
00:17:29.0176 5680 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
00:17:29.0186 5680 gpsvc - ok
00:17:29.0224 5680 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:29.0227 5680 gupdate - ok
00:17:29.0266 5680 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:29.0267 5680 gupdatem - ok
00:17:29.0292 5680 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:17:29.0296 5680 gusvc - ok
00:17:29.0311 5680 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys
00:17:29.0313 5680 GVTDrv64 - ok
00:17:29.0331 5680 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
00:17:29.0332 5680 hamachi - ok
00:17:29.0398 5680 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:17:29.0428 5680 Hamachi2Svc - ok
00:17:29.0460 5680 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:17:29.0461 5680 hcw85cir - ok
00:17:29.0516 5680 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:17:29.0529 5680 HdAudAddService - ok
00:17:29.0562 5680 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:17:29.0565 5680 HDAudBus - ok
00:17:29.0575 5680 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:17:29.0576 5680 HidBatt - ok
00:17:29.0596 5680 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:17:29.0598 5680 HidBth - ok
00:17:29.0654 5680 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:17:29.0656 5680 HidIr - ok
00:17:29.0700 5680 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:17:29.0715 5680 hidserv - ok
00:17:29.0774 5680 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:17:29.0785 5680 HidUsb - ok
00:17:29.0846 5680 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:17:29.0849 5680 hkmsvc - ok
00:17:29.0872 5680 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:17:29.0877 5680 HomeGroupListener - ok
00:17:29.0900 5680 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:17:29.0905 5680 HomeGroupProvider - ok
00:17:29.0924 5680 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
00:17:29.0925 5680 HpSAMD - ok
00:17:29.0956 5680 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:17:29.0966 5680 HTTP - ok
00:17:30.0003 5680 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:17:30.0004 5680 hwpolicy - ok
00:17:30.0039 5680 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:17:30.0042 5680 i8042prt - ok
00:17:30.0076 5680 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:17:30.0080 5680 iaStorV - ok
00:17:30.0139 5680 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:17:30.0154 5680 IDriverT - ok
00:17:30.0183 5680 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:17:30.0191 5680 idsvc - ok
00:17:30.0203 5680 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:17:30.0205 5680 iirsp - ok
00:17:30.0229 5680 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
00:17:30.0238 5680 IKEEXT - ok
00:17:30.0299 5680 [ 163F94EBF8F8A98616A6B804AF08D736 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:17:30.0331 5680 IntcAzAudAddService - ok
00:17:30.0339 5680 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
00:17:30.0340 5680 intelide - ok
00:17:30.0371 5680 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:17:30.0372 5680 intelppm - ok
00:17:30.0396 5680 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:17:30.0399 5680 IPBusEnum - ok
00:17:30.0412 5680 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:17:30.0414 5680 IpFilterDriver - ok
00:17:30.0427 5680 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:17:30.0428 5680 IPMIDRV - ok
00:17:30.0433 5680 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:17:30.0435 5680 IPNAT - ok
00:17:30.0467 5680 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:17:30.0469 5680 IRENUM - ok
00:17:30.0488 5680 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
00:17:30.0489 5680 isapnp - ok
00:17:30.0514 5680 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:17:30.0516 5680 iScsiPrt - ok
00:17:30.0541 5680 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:17:30.0542 5680 kbdclass - ok
00:17:30.0557 5680 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:17:30.0559 5680 kbdhid - ok
00:17:30.0571 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
00:17:30.0573 5680 KeyIso - ok
00:17:30.0588 5680 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:17:30.0589 5680 KSecDD - ok
00:17:30.0603 5680 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:17:30.0605 5680 KSecPkg - ok
00:17:30.0615 5680 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:17:30.0616 5680 ksthunk - ok
00:17:30.0641 5680 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:17:30.0647 5680 KtmRm - ok
00:17:30.0667 5680 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:17:30.0671 5680 LanmanServer - ok
00:17:30.0693 5680 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:17:30.0696 5680 LanmanWorkstation - ok
00:17:30.0706 5680 Lbd - ok
00:17:30.0732 5680 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:17:30.0733 5680 lltdio - ok
00:17:30.0749 5680 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:17:30.0753 5680 lltdsvc - ok
00:17:30.0775 5680 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:17:30.0776 5680 lmhosts - ok
00:17:30.0806 5680 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:17:30.0807 5680 LSI_FC - ok
00:17:30.0824 5680 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:17:30.0825 5680 LSI_SAS - ok
00:17:30.0841 5680 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:17:30.0842 5680 LSI_SAS2 - ok
00:17:30.0854 5680 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:17:30.0855 5680 LSI_SCSI - ok
00:17:30.0869 5680 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:17:30.0870 5680 luafv - ok
00:17:30.0890 5680 [ E5ECF40E5FD459141E5F6685FFD51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
00:17:30.0892 5680 Lycosa - ok
00:17:30.0935 5680 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:17:30.0937 5680 MBAMProtector - ok
00:17:30.0965 5680 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:17:30.0974 5680 MBAMService - ok
00:17:31.0027 5680 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:17:31.0031 5680 Mcx2Svc - ok
00:17:31.0048 5680 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:17:31.0049 5680 megasas - ok
00:17:31.0078 5680 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:17:31.0081 5680 MegaSR - ok
00:17:31.0124 5680 Microsoft SharePoint Workspace Audit Service - ok
00:17:31.0144 5680 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:17:31.0147 5680 MMCSS - ok
00:17:31.0163 5680 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:17:31.0164 5680 Modem - ok
00:17:31.0182 5680 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:17:31.0183 5680 monitor - ok
00:17:31.0221 5680 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
00:17:31.0224 5680 MotioninJoyXFilter - ok
00:17:31.0238 5680 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:17:31.0240 5680 mouclass - ok
00:17:31.0279 5680 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:17:31.0281 5680 mouhid - ok
00:17:31.0297 5680 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:17:31.0299 5680 mountmgr - ok
00:17:31.0372 5680 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:17:31.0374 5680 MozillaMaintenance - ok
00:17:31.0407 5680 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
00:17:31.0409 5680 mpio - ok
00:17:31.0415 5680 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:17:31.0417 5680 mpsdrv - ok
00:17:31.0433 5680 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:17:31.0435 5680 MRxDAV - ok
00:17:31.0466 5680 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:17:31.0469 5680 mrxsmb - ok
00:17:31.0498 5680 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:17:31.0503 5680 mrxsmb10 - ok
00:17:31.0518 5680 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:17:31.0521 5680 mrxsmb20 - ok
00:17:31.0543 5680 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
00:17:31.0544 5680 msahci - ok
00:17:31.0568 5680 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
00:17:31.0570 5680 msdsm - ok
00:17:31.0597 5680 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:17:31.0600 5680 MSDTC - ok
00:17:31.0620 5680 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:17:31.0627 5680 Msfs - ok
00:17:31.0659 5680 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:17:31.0660 5680 mshidkmdf - ok
00:17:31.0670 5680 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
00:17:31.0671 5680 msisadrv - ok
00:17:31.0727 5680 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:17:31.0731 5680 MSiSCSI - ok
00:17:31.0734 5680 msiserver - ok
00:17:31.0787 5680 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:17:31.0798 5680 MSKSSRV - ok
00:17:31.0832 5680 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:31.0843 5680 MSPCLOCK - ok
00:17:31.0872 5680 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:17:31.0888 5680 MSPQM - ok
00:17:31.0940 5680 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:17:31.0965 5680 MsRPC - ok
00:17:31.0986 5680 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:17:31.0987 5680 mssmbios - ok
00:17:32.0060 5680 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:17:32.0070 5680 MSTEE - ok
00:17:32.0090 5680 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:17:32.0091 5680 MTConfig - ok
00:17:32.0146 5680 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:17:32.0147 5680 Mup - ok
00:17:32.0169 5680 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
00:17:32.0177 5680 napagent - ok
00:17:32.0196 5680 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:17:32.0201 5680 NativeWifiP - ok
00:17:32.0230 5680 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:17:32.0237 5680 NDIS - ok
00:17:32.0252 5680 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:32.0254 5680 NdisCap - ok
00:17:32.0279 5680 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:32.0281 5680 NdisTapi - ok
00:17:32.0295 5680 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:32.0297 5680 Ndisuio - ok
00:17:32.0330 5680 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:32.0333 5680 NdisWan - ok
00:17:32.0341 5680 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:17:32.0343 5680 NDProxy - ok
00:17:32.0348 5680 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:17:32.0350 5680 NetBIOS - ok
00:17:32.0368 5680 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:17:32.0371 5680 NetBT - ok
00:17:32.0387 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
00:17:32.0388 5680 Netlogon - ok
00:17:32.0426 5680 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:17:32.0431 5680 Netman - ok
00:17:32.0466 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:32.0495 5680 NetMsmqActivator - ok
00:17:32.0521 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:32.0523 5680 NetPipeActivator - ok
00:17:32.0543 5680 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:17:32.0551 5680 netprofm - ok
00:17:32.0567 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:32.0568 5680 NetTcpActivator - ok
00:17:32.0581 5680 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:32.0583 5680 NetTcpPortSharing - ok
00:17:32.0611 5680 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:17:32.0613 5680 nfrd960 - ok
00:17:32.0643 5680 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:17:32.0649 5680 NlaSvc - ok
00:17:32.0664 5680 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:17:32.0665 5680 Npfs - ok
00:17:32.0697 5680 npggsvc - ok
00:17:32.0701 5680 NPPTNT2 - ok
00:17:32.0714 5680 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:17:32.0716 5680 nsi - ok
00:17:32.0722 5680 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:17:32.0723 5680 nsiproxy - ok
00:17:32.0760 5680 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:17:32.0776 5680 Ntfs - ok
00:17:32.0793 5680 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
00:17:32.0794 5680 NuidFltr - ok
00:17:32.0816 5680 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:17:32.0817 5680 Null - ok
00:17:32.0849 5680 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
00:17:32.0851 5680 nusb3hub - ok
00:17:32.0870 5680 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:17:32.0873 5680 nusb3xhc - ok
00:17:32.0903 5680 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:17:32.0905 5680 nvraid - ok
00:17:32.0919 5680 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:17:32.0921 5680 nvstor - ok
00:17:32.0938 5680 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
00:17:32.0939 5680 nv_agp - ok
00:17:32.0943 5680 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:17:32.0946 5680 ohci1394 - ok
00:17:33.0024 5680 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:17:33.0026 5680 ose - ok
00:17:33.0149 5680 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:17:33.0189 5680 osppsvc - ok
00:17:33.0220 5680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:17:33.0224 5680 p2pimsvc - ok
00:17:33.0238 5680 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:17:33.0243 5680 p2psvc - ok
00:17:33.0264 5680 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:17:33.0266 5680 Parport - ok
00:17:33.0280 5680 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:17:33.0281 5680 partmgr - ok
00:17:33.0291 5680 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:17:33.0295 5680 PcaSvc - ok
00:17:33.0307 5680 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
00:17:33.0308 5680 pci - ok
00:17:33.0316 5680 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:17:33.0317 5680 pciide - ok
00:17:33.0335 5680 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:17:33.0337 5680 pcmcia - ok
00:17:33.0354 5680 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:17:33.0355 5680 pcw - ok
00:17:33.0373 5680 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:17:33.0380 5680 PEAUTH - ok
00:17:33.0413 5680 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:17:33.0427 5680 PeerDistSvc - ok
00:17:33.0498 5680 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:17:33.0500 5680 PerfHost - ok
00:17:33.0549 5680 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
00:17:33.0568 5680 pla - ok
00:17:33.0594 5680 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:17:33.0600 5680 PlugPlay - ok
00:17:33.0644 5680 PnkBstrA - ok
00:17:33.0685 5680 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:17:33.0688 5680 PNRPAutoReg - ok
00:17:33.0746 5680 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:17:33.0751 5680 PNRPsvc - ok
00:17:33.0833 5680 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:17:33.0844 5680 PolicyAgent - ok
00:17:33.0888 5680 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:17:33.0892 5680 Power - ok
00:17:33.0915 5680 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:17:33.0917 5680 PptpMiniport - ok
00:17:33.0935 5680 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:17:33.0937 5680 Processor - ok
00:17:33.0972 5680 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
00:17:33.0977 5680 ProfSvc - ok
00:17:33.0987 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:17:33.0989 5680 ProtectedStorage - ok
00:17:34.0009 5680 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:17:34.0011 5680 Psched - ok
00:17:34.0053 5680 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:17:34.0065 5680 ql2300 - ok
00:17:34.0081 5680 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:17:34.0083 5680 ql40xx - ok
00:17:34.0109 5680 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:17:34.0114 5680 QWAVE - ok
00:17:34.0128 5680 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:17:34.0129 5680 QWAVEdrv - ok
00:17:34.0210 5680 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:17:34.0231 5680 RasAcd - ok
00:17:34.0281 5680 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:34.0289 5680 RasAgileVpn - ok
00:17:34.0315 5680 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:17:34.0326 5680 RasAuto - ok
00:17:34.0343 5680 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:34.0350 5680 Rasl2tp - ok
00:17:34.0428 5680 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
00:17:34.0453 5680 RasMan - ok
00:17:34.0476 5680 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:34.0482 5680 RasPppoe - ok
00:17:34.0506 5680 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:17:34.0517 5680 RasSstp - ok
00:17:34.0536 5680 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:17:34.0545 5680 rdbss - ok
00:17:34.0567 5680 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:17:34.0568 5680 rdpbus - ok
00:17:34.0576 5680 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:34.0577 5680 RDPCDD - ok
00:17:34.0598 5680 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:17:34.0602 5680 RDPDR - ok
00:17:34.0606 5680 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:17:34.0607 5680 RDPENCDD - ok
00:17:34.0624 5680 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:17:34.0625 5680 RDPREFMP - ok
00:17:34.0643 5680 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:17:34.0647 5680 RDPWD - ok
00:17:34.0680 5680 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:17:34.0681 5680 rdyboost - ok
00:17:34.0700 5680 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:17:34.0703 5680 RemoteAccess - ok
00:17:34.0729 5680 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:17:34.0732 5680 RemoteRegistry - ok
00:17:34.0750 5680 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:17:34.0752 5680 RpcEptMapper - ok
00:17:34.0763 5680 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:17:34.0764 5680 RpcLocator - ok
00:17:34.0783 5680 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
00:17:34.0786 5680 RpcSs - ok
00:17:34.0799 5680 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:17:34.0801 5680 rspndr - ok
00:17:34.0825 5680 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:17:34.0838 5680 RTL8167 - ok
00:17:34.0857 5680 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
00:17:34.0858 5680 s3cap - ok
00:17:34.0870 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
00:17:34.0871 5680 SamSs - ok
00:17:34.0957 5680 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
00:17:34.0997 5680 SBAMSvc - ok
00:17:35.0053 5680 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
00:17:35.0055 5680 sbapifs - ok
00:17:35.0087 5680 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
00:17:35.0090 5680 sbhips - ok
00:17:35.0118 5680 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
00:17:35.0119 5680 sbp2port - ok
00:17:35.0142 5680 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
00:17:35.0143 5680 SBRE - ok
00:17:35.0170 5680 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:17:35.0175 5680 SCardSvr - ok
00:17:35.0187 5680 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:17:35.0190 5680 scfilter - ok
00:17:35.0226 5680 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
00:17:35.0238 5680 Schedule - ok
00:17:35.0254 5680 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:17:35.0255 5680 SCPolicySvc - ok
00:17:35.0264 5680 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:17:35.0268 5680 SDRSVC - ok
00:17:35.0285 5680 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:17:35.0286 5680 secdrv - ok
00:17:35.0296 5680 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
00:17:35.0299 5680 seclogon - ok
00:17:35.0317 5680 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:17:35.0319 5680 SENS - ok
00:17:35.0327 5680 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:17:35.0329 5680 SensrSvc - ok
00:17:35.0354 5680 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:17:35.0355 5680 Serenum - ok
00:17:35.0365 5680 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:17:35.0367 5680 Serial - ok
00:17:35.0395 5680 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:17:35.0396 5680 sermouse - ok
00:17:35.0430 5680 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
00:17:35.0433 5680 SessionEnv - ok
00:17:35.0436 5680 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:17:35.0437 5680 sffdisk - ok
00:17:35.0441 5680 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:17:35.0441 5680 sffp_mmc - ok
00:17:35.0445 5680 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:17:35.0446 5680 sffp_sd - ok
00:17:35.0449 5680 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:17:35.0450 5680 sfloppy - ok
00:17:35.0466 5680 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:17:35.0471 5680 ShellHWDetection - ok
00:17:35.0478 5680 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:17:35.0479 5680 SiSRaid2 - ok
00:17:35.0495 5680 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:17:35.0496 5680 SiSRaid4 - ok
00:17:35.0559 5680 [ 4523268768F70049EA95FFDF8354B4FA ] sj C:\AeriaGames\EdenEternal\sjcs64.sys
00:17:35.0561 5680 sj - ok
00:17:35.0621 5680 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:17:35.0625 5680 SkypeUpdate - ok
00:17:35.0707 5680 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
00:17:35.0709 5680 Smart TimeLock - ok
00:17:35.0725 5680 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:17:35.0730 5680 Smb - ok
00:17:35.0750 5680 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:17:35.0752 5680 SNMPTRAP - ok
00:17:35.0764 5680 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:17:35.0765 5680 spldr - ok
00:17:35.0790 5680 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
00:17:35.0797 5680 Spooler - ok
00:17:35.0851 5680 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
00:17:35.0884 5680 sppsvc - ok
00:17:35.0902 5680 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:17:35.0904 5680 sppuinotify - ok
00:17:35.0922 5680 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:17:35.0927 5680 srv - ok
00:17:35.0956 5680 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:17:35.0961 5680 srv2 - ok
00:17:35.0972 5680 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:17:35.0975 5680 srvnet - ok
00:17:36.0004 5680 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:17:36.0008 5680 SSDPSRV - ok
00:17:36.0015 5680 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:17:36.0018 5680 SstpSvc - ok
00:17:36.0034 5680 Steam Client Service - ok
00:17:36.0052 5680 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:17:36.0053 5680 stexstor - ok
00:17:36.0085 5680 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
00:17:36.0093 5680 stisvc - ok
00:17:36.0117 5680 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
00:17:36.0118 5680 storflt - ok
00:17:36.0128 5680 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
00:17:36.0130 5680 storvsc - ok
00:17:36.0144 5680 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:17:36.0145 5680 swenum - ok
00:17:36.0159 5680 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:17:36.0166 5680 swprv - ok
00:17:36.0201 5680 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
00:17:36.0222 5680 SysMain - ok
00:17:36.0245 5680 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:17:36.0248 5680 TabletInputService - ok
00:17:36.0263 5680 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
00:17:36.0269 5680 TapiSrv - ok
00:17:36.0274 5680 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:17:36.0276 5680 TBS - ok
00:17:36.0319 5680 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:17:36.0331 5680 Tcpip - ok
00:17:36.0358 5680 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:17:36.0365 5680 TCPIP6 - ok
00:17:36.0384 5680 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:17:36.0385 5680 tcpipreg - ok
00:17:36.0403 5680 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:17:36.0404 5680 TDPIPE - ok
00:17:36.0433 5680 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:17:36.0435 5680 TDTCP - ok
00:17:36.0466 5680 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:17:36.0469 5680 tdx - ok
00:17:36.0478 5680 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:17:36.0480 5680 TermDD - ok
00:17:36.0518 5680 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
00:17:36.0529 5680 TermService - ok
00:17:36.0550 5680 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:17:36.0562 5680 Themes - ok
00:17:36.0593 5680 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:17:36.0594 5680 THREADORDER - ok
00:17:36.0612 5680 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:17:36.0619 5680 TrkWks - ok
00:17:36.0688 5680 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:17:36.0698 5680 TrustedInstaller - ok
00:17:36.0730 5680 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:36.0742 5680 tssecsrv - ok
00:17:36.0789 5680 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:17:36.0794 5680 tunnel - ok
00:17:36.0814 5680 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:17:36.0815 5680 uagp35 - ok
00:17:36.0839 5680 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:17:36.0845 5680 udfs - ok
00:17:36.0876 5680 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:17:36.0880 5680 UI0Detect - ok
00:17:36.0900 5680 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
00:17:36.0902 5680 uliagpkx - ok
00:17:36.0928 5680 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:17:36.0930 5680 umbus - ok
00:17:36.0950 5680 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:17:36.0951 5680 UmPass - ok
00:17:36.0986 5680 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
00:17:36.0991 5680 UmRdpService - ok
00:17:37.0007 5680 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:17:37.0014 5680 upnphost - ok
00:17:37.0063 5680 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:17:37.0066 5680 usbaudio - ok
00:17:37.0093 5680 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:17:37.0096 5680 usbccgp - ok
00:17:37.0111 5680 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
00:17:37.0113 5680 usbcir - ok
00:17:37.0135 5680 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:17:37.0136 5680 usbehci - ok
00:17:37.0163 5680 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:17:37.0169 5680 usbhub - ok
00:17:37.0183 5680 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:17:37.0185 5680 usbohci - ok
00:17:37.0204 5680 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:17:37.0205 5680 usbprint - ok
00:17:37.0233 5680 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:17:37.0235 5680 USBSTOR - ok
00:17:37.0246 5680 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:17:37.0247 5680 usbuhci - ok
00:17:37.0270 5680 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:17:37.0272 5680 UxSms - ok
00:17:37.0286 5680 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
00:17:37.0288 5680 VaultSvc - ok
00:17:37.0295 5680 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
00:17:37.0296 5680 vdrvroot - ok
00:17:37.0318 5680 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
00:17:37.0325 5680 vds - ok
00:17:37.0338 5680 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:37.0340 5680 vga - ok
00:17:37.0356 5680 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:17:37.0357 5680 VgaSave - ok
00:17:37.0363 5680 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
00:17:37.0365 5680 vhdmp - ok
00:17:37.0388 5680 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
00:17:37.0389 5680 viaide - ok
00:17:37.0411 5680 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
00:17:37.0413 5680 vmbus - ok
00:17:37.0426 5680 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
00:17:37.0427 5680 VMBusHID - ok
00:17:37.0443 5680 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
00:17:37.0444 5680 volmgr - ok
00:17:37.0462 5680 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:17:37.0464 5680 volmgrx - ok
00:17:37.0479 5680 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
00:17:37.0482 5680 volsnap - ok
00:17:37.0499 5680 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:17:37.0501 5680 vsmraid - ok
00:17:37.0534 5680 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
00:17:37.0553 5680 VSS - ok
00:17:37.0568 5680 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:17:37.0569 5680 vwifibus - ok
00:17:37.0593 5680 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:17:37.0599 5680 W32Time - ok
00:17:37.0623 5680 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:17:37.0625 5680 WacomPen - ok
00:17:37.0690 5680 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:17:37.0694 5680 WANARP - ok
00:17:37.0700 5680 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:17:37.0702 5680 Wanarpv6 - ok
00:17:37.0801 5680 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:37.0819 5680 WatAdminSvc - ok
00:17:37.0861 5680 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
00:17:37.0877 5680 wbengine - ok
00:17:37.0892 5680 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:17:37.0896 5680 WbioSrvc - ok
00:17:37.0925 5680 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:17:37.0931 5680 wcncsvc - ok
00:17:37.0940 5680 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:17:37.0943 5680 WcsPlugInService - ok
00:17:37.0957 5680 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:17:37.0958 5680 Wd - ok
00:17:37.0983 5680 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:17:37.0988 5680 Wdf01000 - ok
00:17:37.0998 5680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:17:38.0002 5680 WdiServiceHost - ok
00:17:38.0005 5680 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:17:38.0008 5680 WdiSystemHost - ok
00:17:38.0030 5680 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
00:17:38.0034 5680 WebClient - ok
00:17:38.0051 5680 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:17:38.0055 5680 Wecsvc - ok
00:17:38.0066 5680 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:17:38.0069 5680 wercplsupport - ok
00:17:38.0072 5680 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:17:38.0075 5680 WerSvc - ok
00:17:38.0087 5680 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:38.0089 5680 WfpLwf - ok
00:17:38.0107 5680 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:17:38.0108 5680 WIMMount - ok
00:17:38.0129 5680 WinHttpAutoProxySvc - ok
00:17:38.0170 5680 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:17:38.0174 5680 Winmgmt - ok
00:17:38.0223 5680 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
00:17:38.0250 5680 WinRM - ok
00:17:38.0297 5680 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
00:17:38.0299 5680 WinUSB - ok
00:17:38.0333 5680 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:17:38.0346 5680 Wlansvc - ok
00:17:38.0472 5680 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:17:38.0500 5680 wlidsvc - ok
00:17:38.0514 5680 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:17:38.0515 5680 WmiAcpi - ok
00:17:38.0543 5680 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:17:38.0546 5680 wmiApSrv - ok
00:17:38.0559 5680 WMPNetworkSvc - ok
00:17:38.0576 5680 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:17:38.0579 5680 WPCSvc - ok
00:17:38.0590 5680 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:17:38.0594 5680 WPDBusEnum - ok
00:17:38.0620 5680 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:17:38.0621 5680 ws2ifsl - ok
00:17:38.0651 5680 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
00:17:38.0653 5680 WSDPrintDevice - ok
00:17:38.0656 5680 WSearch - ok
00:17:38.0677 5680 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:17:38.0679 5680 WudfPf - ok
00:17:38.0707 5680 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:38.0709 5680 WUDFRd - ok
00:17:38.0717 5680 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:17:38.0719 5680 wudfsvc - ok
00:17:38.0738 5680 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:17:38.0741 5680 WwanSvc - ok
00:17:38.0858 5680 X6va005 - ok
00:17:38.0909 5680 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
00:17:38.0912 5680 xusb21 - ok
00:17:38.0932 5680 ================ Scan global ===============================
00:17:38.0948 5680 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:17:38.0972 5680 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:17:38.0982 5680 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
00:17:39.0003 5680 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:17:39.0022 5680 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:17:39.0029 5680 [Global] - ok
00:17:39.0029 5680 ================ Scan MBR ==================================
00:17:39.0039 5680 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:17:39.0040 5680 Suspicious mbr (Forged): \Device\Harddisk0\DR0
00:17:39.0083 5680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
00:17:39.0083 5680 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
00:17:39.0116 5680 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
00:17:39.0116 5680 \Device\Harddisk0\DR0 - detected TDSS File System (1)
00:17:39.0122 5680 [ 922F3615652A18ECBDFCE841363709B8 ] \Device\Harddisk1\DR1
00:18:39.0961 5680 \Device\Harddisk1\DR1 - ok
00:18:39.0962 5680 ================ Scan VBR ==================================
00:18:39.0978 5680 [ 4A75BC82B161EFC2CA8C7DCA85E6457F ] \Device\Harddisk0\DR0\Partition1
00:18:39.0991 5680 \Device\Harddisk0\DR0\Partition1 - ok
00:18:39.0992 5680 ============================================================
00:18:39.0992 5680 Scan finished
00:18:39.0992 5680 ============================================================
00:18:40.0012 3568 Detected object count: 2
00:18:40.0012 3568 Actual detected object count: 2
00:19:18.0831 3568 \Device\Harddisk0\DR0\# - copied to quarantine
00:19:18.0858 3568 \Device\Harddisk0\DR0 - copied to quarantine
00:19:18.0901 3568 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:19:18.0904 3568 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:19:18.0923 3568 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
00:19:18.0929 3568 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
00:19:18.0946 3568 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:19:18.0957 3568 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:19:18.0960 3568 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:19:18.0962 3568 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:19:18.0966 3568 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:19:18.0970 3568 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:19:18.0974 3568 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:19:18.0984 3568 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:19:18.0997 3568 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:19:19.0008 3568 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:19:19.0069 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:19:19.0086 3568 \Device\Harddisk0\DR0 - ok
00:19:19.0091 3568 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:19:19.0092 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
00:19:19.0092 3568 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
00:19:26.0969 5188 Deinitialize success

TDSSKiller after reboot

00:21:18.0776 3268 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:21:20.0789 3268 ============================================================
00:21:20.0789 3268 Current date / time: 2012/08/29 00:21:20.0789
00:21:20.0789 3268 SystemInfo:
00:21:20.0789 3268
00:21:20.0789 3268 OS Version: 6.1.7600 ServicePack: 0.0
00:21:20.0789 3268 Product type: Workstation
00:21:20.0789 3268 ComputerName: JAKE-PC
00:21:20.0789 3268 UserName: Jake
00:21:20.0789 3268 Windows directory: C:\Windows
00:21:20.0789 3268 System windows directory: C:\Windows
00:21:20.0789 3268 Running under WOW64
00:21:20.0789 3268 Processor architecture: Intel x64
00:21:20.0789 3268 Number of processors: 4
00:21:20.0789 3268 Page size: 0x1000
00:21:20.0789 3268 Boot type: Normal boot
00:21:20.0789 3268 ============================================================
00:21:25.0454 3268 BG loaded
00:21:26.0141 3268 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:21:26.0156 3268 Drive \Device\Harddisk1\DR1 - Size: 0x1E1509000 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:21:26.0156 3268 ============================================================
00:21:26.0156 3268 \Device\Harddisk0\DR0:
00:21:26.0172 3268 MBR partitions:
00:21:26.0172 3268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
00:21:26.0172 3268 \Device\Harddisk1\DR1:
00:21:26.0172 3268 MBR partitions:
00:21:26.0172 3268 ============================================================
00:21:26.0390 3268 C: <-> \Device\Harddisk0\DR0\Partition1
00:21:26.0390 3268 ============================================================
00:21:26.0390 3268 Initialize success
00:21:26.0390 3268 ============================================================
00:31:54.0341 3200 Deinitialize success

Combofixlog.txt

ComboFix 12-08-28.03 - Jake 08/29/2012 0:47.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.6677 [GMT -4:00]
Running from: c:\users\Jake\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\getSilverlight.ashx
c:\users\Jake\Documents\~WRL3588.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 04:59 . 2012-08-29 04:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 04:19 . 2012-08-29 04:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 11:36 . 2012-08-27 11:37 -------- d-----w- C:\FRST
2012-08-20 15:38 . 2012-08-20 15:38 388096 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-20 15:38 . 2012-08-20 15:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-20 04:01 . 2012-08-20 04:01 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes
2012-08-20 04:01 . 2012-08-20 15:10 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-20 04:01 . 2012-08-21 14:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-20 04:01 . 2012-08-20 04:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-20 04:01 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 18:05 . 2012-08-19 18:12 -------- d-----w- c:\users\Jake\AppData\Local\adaware
2012-08-19 18:05 . 2012-08-19 18:05 -------- d-----w- c:\programdata\Lavasoft
2012-08-19 18:05 . 2012-08-29 04:38 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 18:01 . 2012-08-29 04:27 -------- d-----w- c:\users\Jake\AppData\Roaming\Ad-Aware Antivirus
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- c:\programdata\GFI Software
2012-08-13 22:10 . 2012-08-29 11:32 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-13 22:09 . 2012-08-13 22:09 -------- d-----w- c:\users\Jake\AppData\Local\Downloaded Installations
2012-08-13 19:24 . 2012-08-13 19:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-13 19:17 . 2012-08-13 19:17 -------- d-----w- c:\windows\Sun
2012-08-04 04:51 . 2012-08-04 04:51 -------- d-----w- c:\users\Jake\AppData\Local\Macromedia
2012-08-03 06:30 . 2012-08-03 06:30 -------- d-----w- C:\$AVG
2012-08-03 05:59 . 2012-08-03 05:59 -------- d-----w- c:\users\Jake\AppData\Roaming\AVG2012
2012-08-03 05:55 . 2012-08-29 04:40 -------- d-----w- c:\programdata\AVG2012
2012-08-03 05:54 . 2012-08-03 05:54 -------- d-----w- c:\program files (x86)\AVG
2012-08-03 05:40 . 2012-08-03 05:40 -------- d--h--w- c:\programdata\Common Files
2012-08-03 05:38 . 2012-08-03 05:38 -------- d-----w- c:\users\Jake\AppData\Local\Mozilla
2012-08-03 05:38 . 2012-08-03 05:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-02 05:45 . 2012-08-02 05:45 -------- d-----w- c:\users\Jake\AppData\Roaming\UDP Software
2012-08-01 12:50 . 2012-08-01 12:50 -------- d-----w- c:\users\Jake\AppData\Roaming\runic games
2012-07-31 14:57 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D590D8E4-5EBB-4A7C-A819-60AD4A984FBE}\mpengine.dll
2012-07-31 14:56 . 2012-08-28 21:11 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-31 01:25 . 2012-08-29 04:21 -------- d-----r- c:\users\Jake\Dropbox
2012-07-31 01:22 . 2012-08-29 04:22 -------- d-----w- c:\users\Jake\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 11:33 . 2010-11-20 17:45 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-08-29 11:32 . 2010-11-20 17:45 25640 ----a-w- c:\windows\gdrv.sys
2012-08-28 21:11 . 2011-05-17 23:32 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:13 . 2010-12-26 03:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 22:14 . 2011-08-22 18:59 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-06-30 23:45 . 2010-12-10 03:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-12 03:02 . 2012-07-12 04:17 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 19:06 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 19:06 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 19:06 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 19:06 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 19:06 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-23 15:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 15:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 15:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 15:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 15:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 15:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 15:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 15:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 15:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 04:12 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 04:12 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 04:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 04:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 04:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 04:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 04:12 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 04:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 04:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 04:12 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 04:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 04:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 04:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 04:12 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 04:12 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 04:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 04:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 04:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 04:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-11 19:06 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 19:06 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 19:06 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 19:06 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 19:06 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 19:06 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 19:06 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 19:06 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 19:06 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-11-20 17:36 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-29 399736]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-20 39408]
"Akamai NetSession Interface"="c:\users\Jake\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\TERA\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-01-01 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-04-29 47224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va005;X6va005;c:\users\Jake\AppData\Local\Temp\00512B6.tmp [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-05 270912]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-29 30528]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-28 20:50]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 18:30]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 18:30]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000Core.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 23:55]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000UA.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 23:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=c8bb701c0000000000001c6f653cd2f4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 49.212.77.169:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXViewer.cab
DPF: {7608AFAE-F937-4BC9-82C5-8567C3A0EAAF} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXRetrieval.cab
DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXSelect.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\nvthq0i1.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-71432019.sys
AddRemove-FoxTab PDF Creator - c:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Jake\AppData\Local\Temp\00512B6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\GIGABYTE\ET6\GUI.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Completion time: 2012-08-29 07:36:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-29 11:36
.
Pre-Run: 576,006,225,920 bytes free
Post-Run: 575,694,110,720 bytes free
.
- - End Of File - - FDD5A666C3053F71ECA229460100DAFB

CatByte · 29-Aug-2012, 05:32 PM **#10**

Please re-run TDSSKiller and search for the TDSS File system again, this time you can delete it as the Pihar rootkit has been removed

NEXT

Please do the following:

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

ricosauve · 03-Sep-2012, 07:34 PM **#11**

MalwareBytes actually didn't find anything, but ESET did. The problem I initially posted on here for had stopped after the step I ran TDSSKiller and Combofix, but lets continue to remove anything else potentially harmful, again I'm sorry for the slow response time.

MBAM.txt

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jake :: JAKE-PC [administrator]

9/3/2012 4:41:58 PM
mbam-log-2012-09-03 (16-41-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205034
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETlog.txt

C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NP trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.08.2012_00.16.50\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
C:\Users\Jake\APB_Reloaded_Installer.exe Win32/OpenCandy application
C:\Users\Jake\Downloads\Audacity_737.exe a variant of Win32/InstallIQ application
C:\Users\Jake\Downloads\openofficewriter-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Jake\Downloads\winamp5621_full_bundle_emusic-7plus_all.exe Win32/OpenCandy application
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd79923eea8 cce.0000 Win64/Patched.B.Gen trojan

CatByte · 03-Sep-2012, 07:41 PM **#12**

most of the detections are in quarantine, but we will remove the rest:

NOTE: Please allow ComboFix to update if it requests to do so:

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:

File::
C:\Users\Jake\APB_Reloaded_Installer.exe 
C:\Users\Jake\Downloads\winamp5621_full_bundle_emusic-7plus_all.exe
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd79923eea8 cce.0000 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update; please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

ricosauve · 05-Sep-2012, 07:31 AM **#13**

Combofix.txt

ComboFix 12-09-04.03 - Jake 09/05/2012 1:01.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.6429 [GMT -4:00]
Running from: c:\users\Jake\Downloads\ComboFix.exe
Command switches used :: c:\users\Jake\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Jake\APB_Reloaded_Installer.exe"
"c:\users\Jake\Downloads\winamp5621_full_bundle_emusic-7plus_all.exe"
"c:\windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd79923eea 8 cce.0000"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jake\APB_Reloaded_Installer.exe
c:\users\Jake\Downloads\winamp5621_full_bundle_emusic-7plus_all.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 05:10 . 2012-09-05 05:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 23:42 . 2012-09-03 23:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-09-03 20:53 . 2012-09-03 20:53 -------- d-----w- c:\program files (x86)\ESET
2012-09-03 01:25 . 2012-09-03 01:25 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-31 15:11 . 2012-08-31 15:11 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-30 23:04 . 2012-08-31 03:20 -------- d-----w- c:\users\Jake\AppData\Roaming\Mumble
2012-08-30 23:04 . 2012-08-30 23:04 -------- d-----w- c:\program files (x86)\Mumble
2012-08-29 04:19 . 2012-08-29 04:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 11:36 . 2012-08-27 11:37 -------- d-----w- C:\FRST
2012-08-20 19:53 . 2012-08-29 17:13 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-08-20 15:38 . 2012-08-20 15:38 388096 ----a-r- c:\users\Jake\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-20 15:38 . 2012-08-20 15:38 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-20 04:01 . 2012-08-20 04:01 -------- d-----w- c:\users\Jake\AppData\Roaming\Malwarebytes
2012-08-20 04:01 . 2012-08-20 15:10 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-08-20 04:01 . 2012-08-21 14:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-20 04:01 . 2012-08-20 04:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-20 04:01 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-19 18:05 . 2012-08-19 18:12 -------- d-----w- c:\users\Jake\AppData\Local\adaware
2012-08-19 18:05 . 2012-08-19 18:05 -------- d-----w- c:\programdata\Lavasoft
2012-08-19 18:05 . 2012-08-29 04:38 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 18:01 . 2012-08-29 04:27 -------- d-----w- c:\users\Jake\AppData\Roaming\Ad-Aware Antivirus
2012-08-19 16:54 . 2012-08-19 16:54 -------- d-----w- c:\programdata\GFI Software
2012-08-13 22:10 . 2012-09-05 11:24 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-13 22:09 . 2012-08-13 22:09 -------- d-----w- c:\users\Jake\AppData\Local\Downloaded Installations
2012-08-13 19:24 . 2012-08-13 19:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-13 19:17 . 2012-08-13 19:17 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 05:11 . 2010-11-20 17:45 25640 ----a-w- c:\windows\gdrv.sys
2012-09-05 04:47 . 2010-11-20 17:45 30528 ----a-w- c:\windows\GVTDrv64.sys
2012-08-28 21:11 . 2012-07-31 14:56 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 21:11 . 2011-05-17 23:32 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 04:13 . 2010-12-26 03:36 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 22:14 . 2011-08-22 18:59 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-06-30 23:45 . 2010-12-10 03:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-29 10:04 . 2012-07-31 14:57 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D590D8E4-5EBB-4A7C-A819-60AD4A984FBE}\mpengine.dll
2012-06-12 03:02 . 2012-07-12 04:17 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 19:06 14165504 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-29_11.32.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-20 19:06 . 2012-09-05 04:48 74250 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 04:48 34022 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-20 18:38 . 2012-09-05 04:48 22440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-104524247-7513960-3082922971-1000_UserData.bin
- 2010-11-20 20:13 . 2012-08-22 17:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2010-11-20 20:13 . 2012-09-05 05:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2010-11-20 20:13 . 2012-08-22 17:56 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2010-11-20 20:13 . 2012-09-05 05:44 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-05 05:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-22 17:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2012-09-05 05:11 . 2012-09-05 05:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-29 05:34 . 2012-08-29 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 05:11 . 2012-09-05 05:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-29 05:34 . 2012-08-29 05:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 13:15 . 2010-03-18 13:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 13:15 . 2010-03-18 13:15 421200 c:\windows\SysWOW64\msvcp100.dll
- 2011-06-11 05:58 . 2011-06-11 05:58 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2010-11-21 12:03 . 2012-09-03 10:10 312060 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-01-26 19:57 . 2012-09-02 16:05 415730 c:\windows\system32\perfh011.dat
- 2012-01-26 19:57 . 2012-08-27 07:26 415730 c:\windows\system32\perfh011.dat
+ 2009-07-14 02:36 . 2012-09-02 16:05 660296 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-27 07:26 660296 c:\windows\system32\perfh009.dat
- 2012-01-26 19:57 . 2012-08-27 07:26 121224 c:\windows\system32\perfc011.dat
+ 2012-01-26 19:57 . 2012-09-02 16:05 121224 c:\windows\system32\perfc011.dat
- 2009-07-14 02:36 . 2012-08-27 07:26 121224 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-02 16:05 121224 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-29 05:33 419436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-05 05:10 419436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-03 01:25 . 2012-09-03 01:25 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2012-09-03 23:41 . 2012-09-03 23:41 3881472 c:\windows\Installer\12700.msi
- 2009-07-14 02:34 . 2012-08-29 10:00 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-05 05:59 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-01-28 08:39 . 2012-09-05 05:10 16805348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-104524247-7513960-3082922971-1000-8192.dat
+ 2012-08-30 22:00 . 2012-08-30 22:00 17904640 c:\windows\Installer\8d7394b.msi
+ 2012-09-03 01:25 . 2012-09-03 01:25 16791040 c:\windows\Installer\18d6dccd.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-29 399736]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-20 39408]
"Akamai NetSession Interface"="c:\users\Jake\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\TERA\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-01-01 25640]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-09-05 30528]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 121416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 sj;sj;c:\aeriagames\EdenEternal\sjcs64.sys [2012-04-29 47224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-22 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 X6va005;X6va005;c:\users\Jake\AppData\Local\Temp\00512B6.tmp [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 21544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-05 270912]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2009-06-17 68136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-26 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-26 176640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-01-28 20:50]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 18:30]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 18:30]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000Core.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 23:55]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-104524247-7513960-3082922971-1000UA.job
- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-07 23:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Jake\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?AF=100486&babsrc=HP_ss&mntrId=c8bb701c0000000000001c6f653cd2f4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 49.212.77.169:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
DPF: {238EC5B8-0BF5-11D5-826E-00010239321B} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXViewer.cab
DPF: {7608AFAE-F937-4BC9-82C5-8567C3A0EAAF} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXRetrieval.cab
DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650} - hxxp://www.pairis.state.pa.us/dcnr/Applets/OBXSelect.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\nvthq0i1.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Jake\AppData\Local\Temp\00512B6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
.
**************************************************************************
.
Completion time: 2012-09-05 07:28:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 11:28
ComboFix2.txt 2012-08-29 11:36
.
Pre-Run: 584,910,577,664 bytes free
Post-Run: 582,914,744,320 bytes free
.
- - End Of File - - 1CB3AF5DAE08067F46D902164A547969

CatByte · 05-Sep-2012, 09:23 AM **#14**

please run the following:

Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List installed programs.
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT

Please download Farbar Service Scanner to your desktop and run it.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

C:\Windows\svchost.exe ...I think..

Find the solution to your computer problem!

Find the solution to your
computer problem!