1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

DCOM process server failure restart and plug and play restart

Discussion in 'Virus & Other Malware Removal' started by Kitsuneskyy, Jan 11, 2014.

Thread Status:
Not open for further replies.
  1. Kitsuneskyy

    Kitsuneskyy Thread Starter

    Joined:
    Jan 11, 2014
    Messages:
    2
    This just happened recently but my pc been restarting decom process stopping and even more recently plug and play i have just cleared a bunch of PUP from my pc using malwarebytes, hitmanPro,JRT,and adwarecleaner

    Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:49:19 AM, on 1/11/2014
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Users\Kitsuneskyy\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\Immunet\3.0.12\iptray.exe"
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
    O4 - Global Startup: DTAgent - Shortcut.lnk = C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    O4 - Global Startup: NETGEAR WNA3100 Genie.lnk = ?
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kitsuneskyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing)
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater17.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

    --
    End of file - 9190 bytes


    DDS.text :DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7600.16385
    Run by Kitsuneskyy at 3:50:24 on 2014-01-11
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.16338.13428 [GMT -6:00]
    .
    AV: Immunet 3.0 *Enabled/Updated* {065276D9-6EBF-968C-B5ED-7B8B1DCF4059}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Immunet\3.0.12\agent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Immunet\3.0.12\iptray.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Waterfox\waterfox.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = about:blank
    mStart Page = about:blank
    mSearch Page = hxxp://www.google.com
    mDefault_Page_URL = about:blank
    mDefault_Search_URL = hxxp://www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [Immunet Protect] "C:\Program Files\Immunet\3.0.12\iptray.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DTAGEN~1.LNK - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kitsuneskyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{14454C6E-5583-47FB-B5AD-B19F3934EF5E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{14454C6E-5583-47FB-B5AD-B19F3934EF5E}\441677E602C496E6562E08993702960586F6E656 : DHCPNameServer = 198.224.152.119 198.224.154.135
    TCP: Interfaces\{2A859709-4A5C-4E19-B6F3-0F284198363F} : DHCPNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = about:blank
    x64-mSearch Page = hxxp://www.google.com
    x64-mDefault_Page_URL = about:blank
    x64-mDefault_Search_URL = hxxp://www.google.com
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kitsuneskyy\AppData\Roaming\Mozilla\Firefox\Profiles\qwaohv50.default\
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Kitsuneskyy\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll
    FF - plugin: C:\Users\Kitsuneskyy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Kitsuneskyy\AppData\Roaming\Mozilla\Firefox\Profiles\qwaohv50.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Kitsuneskyy\AppData\Roaming\Mozilla\Firefox\Profiles\qwaohv50.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_9_900_170.dll
    FF - ExtSQL: 2013-12-23 11:11; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\Kitsuneskyy\AppData\Roaming\Mozilla\Firefox\Profiles\qwaohv50.default\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-4-16 9216]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-24 16152]
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-3-16 25056]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-26 46368]
    R1 ImmunetProtectDriver;ImmunetProtectDriver;C:\Windows\System32\drivers\ImmunetProtect.sys [2014-1-11 58112]
    R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;C:\Windows\System32\drivers\ImmunetSelfProtect.sys [2014-1-11 33024]
    R2 ImmunetNetworkMonitorDriver;ImmunetNetworkMonitorDriver;C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys [2013-3-16 99584]
    R2 ImmunetProtect;Immunet 3.0;C:\Program Files\Immunet\3.0.12\agent.exe [2014-1-11 514856]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-10 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-10 701512]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-1 15129376]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2013-9-3 5521192]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-18 3574624]
    R2 WSWNA3100;WSWNA3100;C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2013-3-16 303360]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-3-16 1256192]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-24 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-24 787736]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-10 25928]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-3-11 32344]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-7 39200]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-11 648808]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2013-9-3 18216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [?]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-10-24 137336]
    .
    =============== Created Last 30 ================
    .
    2014-01-11 09:40:20 33024 ----a-w- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
    2014-01-11 09:40:16 58112 ----a-w- C:\Windows\System32\drivers\ImmunetProtect.sys
    2014-01-10 19:38:42 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Local\FileTypeAssistant
    2014-01-10 11:16:18 -------- d-----w- C:\Program Files\HitmanPro
    2014-01-10 11:15:56 -------- d-----w- C:\ProgramData\HitmanPro
    2014-01-10 11:09:23 -------- d-----w- C:\Windows\ERUNT
    2014-01-10 11:04:21 -------- d-----w- C:\AdwCleaner
    2014-01-10 10:21:38 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Roaming\Malwarebytes
    2014-01-10 10:21:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-01-10 10:21:27 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-10 10:21:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-10 09:11:56 -------- d---a-w- C:\$Anvi Rescue Disk$
    2014-01-10 04:15:24 696832 ----a-w- C:\Windows\System32\xvidcore.dll
    2014-01-10 04:15:24 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
    2014-01-10 04:15:24 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2014-01-10 04:15:24 173568 ----a-w- C:\Windows\System32\xvid.ax
    2014-01-10 04:15:23 -------- d-----w- C:\Program Files (x86)\Xvid
    2014-01-10 04:08:49 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Local\Gaijin Games
    2014-01-10 03:27:34 -------- d-----w- C:\Users\Kitsuneskyy\.thumbnails
    2014-01-10 03:26:53 -------- d-----w- C:\Program Files\Blender Foundation
    2014-01-10 03:19:36 -------- d-----w- C:\ProgramData\OEM Links
    2014-01-10 03:19:36 -------- d-----w- C:\MININT
    2014-01-09 01:10:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-09 01:10:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-01-09 00:40:39 -------- d-----w- C:\Windows\SysWow64\Adobe
    2014-01-09 00:01:20 -------- d-----w- C:\Program Files (x86)\InstantStorm
    2014-01-08 21:17:44 -------- d-----w- C:\ProgramData\n7-89-o9-3r-4t-r9
    2014-01-08 21:16:46 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Roaming\GameHouse
    2014-01-08 00:33:47 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-01-08 00:33:47 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-01-04 01:00:18 -------- d-----w- C:\Users\Kitsuneskyy\Obitus - The Final Departure
    2014-01-04 00:58:28 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Local\Obitus___The_Final_Departure
    2014-01-03 01:51:06 -------- d-----w- C:\Program Files (x86)\WinLemm
    2014-01-02 23:08:37 -------- d-----w- C:\Windows\SysWow64\log
    2013-12-31 10:16:42 -------- d-----w- C:\Program Files (x86)\Games
    2013-12-30 03:09:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2013-12-30 03:09:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2013-12-30 03:09:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2013-12-30 03:09:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2013-12-30 03:09:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2013-12-30 03:02:03 -------- d-----w- C:\Users\Kitsuneskyy\AppData\Local\Apple
    2013-12-19 18:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2014-01-11 09:40:14 99584 ----a-w- C:\Windows\System32\drivers\ImmunetNetworkMonitor.sys
    2013-12-25 08:03:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll
    2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
    2013-12-10 14:29:06 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
    2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2013-11-14 11:55:24 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
    2013-11-14 11:55:24 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
    2013-11-14 02:25:13 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
    2013-11-14 02:25:13 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
    2013-11-14 02:25:13 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
    2013-11-14 02:00:09 94208 ----a-w- C:\Windows\DIIUnin.exe
    2013-11-14 02:00:09 2829 ----a-w- C:\Windows\DIIUnin.pif
    2013-11-12 16:38:20 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-10-24 13:05:51 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2013-10-24 13:05:51 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2013-10-24 13:05:51 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2013-10-24 13:05:51 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2013-10-24 06:28:34 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-10-24 06:28:29 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-10-24 06:28:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
    2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
    2013-10-22 06:30:21 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
    2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
    2012-08-17 15:35:52 81 ----a-w- C:\Program Files (x86)\update-srtt.bat
    .
    ============= FINISH: 3:50:45.05 ===============

    attached .txt .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/11/2013 3:11:44 PM
    System Uptime: 1/11/2014 3:41:05 AM (0 hours ago)
    .
    Motherboard: MSI | | Z77A-G45 (MS-7752)
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 164.346 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP220: 1/10/2014 4:51:30 AM - Removed 3DMark 11
    RP221: 1/10/2014 4:52:25 AM - Removed Apple Software Update
    RP222: 1/10/2014 4:53:00 AM - Removed Apple Application Support
    RP223: 1/10/2014 5:01:27 AM - Removed RadioTuna.
    RP224: 1/10/2014 5:01:49 AM - Removed S4 League_EU
    .
    ==== Installed Programs ======================
    .
    Leawo Video Converter version 5.3.0.0
    µTorrent
    7-Zip 9.20 (x64 edition)
    A New Beginning - Final Cut
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 12.0
    Antichamber
    ArcaniA – Gothic 4
    Bandisoft MPEG-1 Decoder
    Battlefield 3™
    Battlelog Standalone
    Battlelog Web Plugins
    BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
    Bloody Good Time
    Borderlands
    Borderlands 2
    Bridge Project version 1
    Cargo! - The quest for gravity
    CastleStorm
    Chaos on Deponia
    Chivalry: Medieval Warfare
    Closure
    Core Temp version 0.99.7
    CPUID HWMonitor 1.23
    Cube World
    DAEMON Tools Pro
    Darksiders II
    Dead Pixels
    DeathSpank
    DeathSpank: Thongs Of Virtue
    Defense Grid: The Awakening
    Diablo II
    Dino D-Day
    Dishonored
    DLC Quest
    DragonNest
    Dream Tale - The Golden Keys
    Duke Nukem 3D: Megaton Edition
    Dungeon Defenders
    Edna & Harvey: Harvey's New Eyes
    ESN Sonar
    Euro Truck Simulator 2 v1.3.1
    EVGA Precision X 3.0.3
    F.E.A.R. 3
    FEZ
    File Type Assistant
    Firestorm-Beta (remove only)
    Firestorm-Release (remove only)
    FlatOut 2
    Forge
    Free File Viewer 2012
    FTL version 1.03.1
    Futuremark SystemInfo
    GeForce Experience NvStream Client Components
    Guild Wars 2
    Hammerwatch
    Hawken
    Hi-Rez Studios Authenticate and Update Service
    HitmanPro 3.7
    Hotline Miami
    Immunet 3.0
    Infectonator 2
    InstantStorm 2.0
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Internet Explorer Toolbar 4.7 by SweetPacks
    Jamestown
    Java 7 Update 45 (64-bit)
    Joe Danger 2: The Movie
    Killing Floor
    King Arthur's Gold
    League of Legends
    Left 4 Dead 2
    Legend of Dungeon
    Livestream Procaster
    Logitech GamePanel Software 3.05.151
    Magicka
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft WSE 3.0 Runtime
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Framework Redistributable 4.0 Refresh
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 2.3.1
    MSI Kombustor 2.5.0
    MSXML 4.0 SP3 Parser
    My Game Long Name
    Nation Red
    Natural Selection 2
    Need for Speed Most Wanted Black Edition
    Neighbours From Hell Compilation
    NETGEAR WNA3100 wireless USB 2.0 adapter
    Nexon Game Manager
    Nihilumbra / by NSIS
    No More Room in Hell
    No Time To Explain
    NVIDIA 3D Vision Controller Driver 332.21
    NVIDIA 3D Vision Driver 332.21
    NVIDIA Control Panel 332.21
    NVIDIA GeForce Experience 1.8.1
    NVIDIA Graphics Driver 332.21
    NVIDIA HD Audio Driver 1.3.30.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0725
    NVIDIA ShadowPlay 10.11.15
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 10.11.15
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.19
    Obitus - The Final Departure
    On the Rain-Slick Precipice of Darkness, Episode One
    On the Rain-Slick Precipice of Darkness, Episode Two
    OpenAL
    Orcs Must Die! 2
    Origin
    ORION: Dino Horde
    Pando Media Booster
    Papo & Yo
    Path of Exile
    PlanetSide 2
    Pokki Download Helper
    PONY_ALL_NO_SOUND
    PONY_ALL_SOUND
    Portal 2
    Primal Carnage
    Project Zomboid
    PunkBuster Services
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Red Faction: Armageddon
    S.T.A.L.K.E.R.: Call of Pripyat
    Saints Row 2
    Sanctum 2
    Shatter
    SHIELD Streaming
    Skype Click to Call
    Skype™ 6.11
    Source SDK Base 2007
    Space Pirates and Zombies
    Starbound
    StarCraft II
    Steam
    Supreme Commander
    Supreme Commander: Forged Alliance
    swMSM
    System Requirements Lab CYRI
    Team Fortress 2
    TeamViewer 8
    Terraria
    The Baconing
    The Game Of Life by Hasbro
    The Lord of the Rings: War in the North
    They Bleed Pixels
    Torchlight II
    Transformice
    Trapped Dead
    Tribes: Ascend
    Trine 2
    Unity Web Player
    Video Screensaver 1.0
    Vindictus
    VLC media player 2.0.5
    VS10Runtimex64
    VTFEdit 1.2.5
    Warframe
    Waterfox
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Windows Live ID Sign-in Assistant
    Windows Mobile Device Updater Component
    Worms Revolution
    XCOM: Enemy Unknown
    Xvid Video Codec
    YTD Video Downloader 4.2
    Zombie Shooter 2
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/11/2014 3:41:28 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    1/11/2014 3:41:28 AM, Error: Service Control Manager [7000] - The vToolbarUpdater17.3.0 service failed to start due to the following error: The system cannot find the file specified.
    1/11/2014 3:40:22 AM, Error: Service Control Manager [7030] - The Immunet 3.0 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/11/2014 3:34:41 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    1/11/2014 3:34:41 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    1/11/2014 3:34:41 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    1/11/2014 3:33:55 AM, Error: Service Control Manager [7031] - The Immunet 3.0 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
    1/11/2014 2:58:54 AM, Error: Service Control Manager [7031] - The Immunet 3.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/11/2014 12:40:54 AM, Error: Service Control Manager [7034] - The Immunet 3.0 service terminated unexpectedly. It has done this 3 time(s).
    1/11/2014 1:33:48 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
    .
    ==== End Of File ===========================
     
  2. Kitsuneskyy

    Kitsuneskyy Thread Starter

    Joined:
    Jan 11, 2014
    Messages:
    2
    Here is the Ark.txt and the specs

    :GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2014-01-11 07:02:21
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 ST1000DM003-9YN162 rev.CC4C 931.51GB
    Running: ctobjibr.exe; Driver: C:\Users\KITSUN~1\AppData\Local\Temp\pxtyipow.sys


    ---- Kernel code sections - GMER 2.1 ----

    .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880045bdc34 12 bytes {MOV RAX, 0xfffffa800e41a2a0; JMP RAX}

    ---- User code sections - GMER 2.1 ----

    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefe7a7728 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefe7b87a0 9 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\ole32.dll!CoCreateInstance + 11 000007fefe7b87ab 3 bytes [00, 00, 00]
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\wininet.dll!HttpSendRequestW 000007fefe382f84 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\wininet.dll!HttpSendRequestA 000007fefe3f7210 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\WS2_32.dll!GetAddrInfoW + 1 000007fefece3101 13 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW + 1 000007fefecece71 13 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefcb438d0 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\dsound.dll!DirectSoundCreate 00000000013b5a84 14 bytes {JMP QWORD [RIP+0x0]}
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726117fa 2 bytes CALL 77021199 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072611860 2 bytes CALL 77021199 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072611942 2 bytes JMP 76b4c29f C:\Windows\syswow64\WS2_32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007261194d 2 bytes JMP 76b4418d C:\Windows\syswow64\WS2_32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrA.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000726117fa 2 bytes CALL 77021199 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000072611860 2 bytes CALL 77021199 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000072611942 2 bytes JMP 76b4c29f C:\Windows\syswow64\WS2_32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007261194d 2 bytes JMP 76b4418d C:\Windows\syswow64\WS2_32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Windows\SysWOW64\PnkBstrB.exe[2232] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe[2616] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4064] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 000000007702d03c 5 bytes [33, C0, C2, 04, 00]
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3272] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f71401 2 bytes JMP 7703eb26 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f71419 2 bytes JMP 7704b513 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f71431 2 bytes JMP 770c8609 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f7144a 2 bytes CALL 77021dfa C:\Windows\syswow64\kernel32.dll
    .text ... * 9
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f714dd 2 bytes JMP 770c7efe C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f714f5 2 bytes JMP 770c80d8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f7150d 2 bytes JMP 770c7df4 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f71525 2 bytes JMP 770c81c2 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f7153d 2 bytes JMP 7703f088 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f71555 2 bytes JMP 7704b885 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f7156d 2 bytes JMP 770c86c1 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f71585 2 bytes JMP 770c8222 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f7159d 2 bytes JMP 770c7db8 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f715b5 2 bytes JMP 7703f121 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f715cd 2 bytes JMP 7704b29f C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f716b2 2 bytes JMP 770c8584 C:\Windows\syswow64\kernel32.dll
    .text C:\Program Files (x86)\Windows Media Player\wmplayer.exe[4644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f716bd 2 bytes JMP 770c7d4d C:\Windows\syswow64\kernel32.dll

    ---- Devices - GMER 2.1 ----

    Device \Driver\atapi \Device\Ide\IdePort0 fffffa800c71d2c0
    Device \Driver\atapi \Device\Ide\IdePort1 fffffa800c71d2c0
    Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-5 fffffa800c71d2c0
    Device \Driver\atapi \Device\Ide\IdePort2 fffffa800c71d2c0
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 fffffa800c71d2c0
    Device \Driver\atapi \Device\Ide\IdePort3 fffffa800c71d2c0
    Device \Driver\a15ztzsp \Device\Scsi\a15ztzsp1 fffffa800da2c2c0
    Device \Driver\a15ztzsp \Device\Scsi\a15ztzsp1Port4Path0Target1Lun0 fffffa800da2c2c0
    Device \Driver\a15ztzsp \Device\Scsi\a15ztzsp1Port4Path0Target0Lun0 fffffa800da2c2c0
    Device \FileSystem\Ntfs \Ntfs fffffa800c7232c0
    Device \Driver\usbehci \Device\USBPDO-1 fffffa800e4162c0
    Device \Driver\cdrom \Device\CdRom0 fffffa800e34e2c0
    Device \Driver\cdrom \Device\CdRom1 fffffa800e34e2c0
    Device \Driver\cdrom \Device\CdRom2 fffffa800e34e2c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{1A663B51-753F-4E28-A040-A90797D376C2} fffffa800e35e2c0
    Device \Driver\usbehci \Device\USBFDO-0 fffffa800e4162c0
    Device \Driver\usbehci \Device\USBFDO-1 fffffa800e4162c0
    Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800e35e2c0
    Device \Driver\atapi \Device\ScsiPort0 fffffa800c71d2c0
    Device \Driver\usbehci \Device\USBPDO-0 fffffa800e4162c0
    Device \Driver\atapi \Device\ScsiPort1 fffffa800c71d2c0
    Device \Driver\NetBT \Device\NetBT_Tcpip_{14454C6E-5583-47FB-B5AD-B19F3934EF5E} fffffa800e35e2c0
    Device \Driver\atapi \Device\ScsiPort2 fffffa800c71d2c0
    Device \Driver\atapi \Device\ScsiPort3 fffffa800c71d2c0
    Device \Driver\a15ztzsp \Device\ScsiPort4 fffffa800da2c2c0

    ---- Trace I/O - GMER 2.1 ----

    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800c71d2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa800c71d2c0
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d805060] fffffa800d805060
    Trace 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800d5ce680] fffffa800d5ce680
    Trace \Driver\atapi[0xfffffa800d3732e0] -> IRP_MJ_CREATE -> 0xfffffa800c71d2c0 fffffa800c71d2c0

    ---- Modules - GMER 2.1 ----

    Module \SystemRoot\System32\Drivers\a15ztzsp.SYS fffff88003e5c000-fffff88003ea9000 (315392 bytes)

    ---- Threads - GMER 2.1 ----

    Thread C:\Windows\system32\svchost.exe [800:924] 000000000015a548
    Thread C:\Windows\system32\svchost.exe [800:976] 0000000000151540
    Thread C:\Windows\system32\svchost.exe [800:980] 000000000077b898
    Thread C:\Windows\system32\svchost.exe [800:984] 000000000077b220

    ---- Services - GMER 2.1 ----

    Service C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys (*** hidden *** ) [AUTO] ImmunetNetworkMonitorDriver <-- ROOTKIT !!!
    Service C:\Program Files\Immunet\3.0.12\agent.exe (*** hidden *** ) [AUTO] ImmunetProtect <-- ROOTKIT !!!
    Service C:\Windows\system32\DRIVERS\ImmunetProtect.sys (*** hidden *** ) [SYSTEM] ImmunetProtectDriver <-- ROOTKIT !!!
    Service C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys (*** hidden *** ) [SYSTEM] ImmunetSelfProtectDriver <-- ROOTKIT !!!

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] ImmunetNetworkMonitorDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\Wdf
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver\Parameters\[email protected] 1.9???????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetNetworkMonitorDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 272
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] C:\Program Files\Immunet\3.0.12\agent.exe
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] Immunet 3.0
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] Immunet 3.0
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtect
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] system32\DRIVERS\ImmunetProtect.sys
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] ImmunetProtectDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Content Screener
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] Immunet Protect Driver
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\[email protected] ImmunetProtect Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect [email protected] 388300
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver\Instances\ImmunetProtect [email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetProtectDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 3
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] system32\DRIVERS\ImmunetSelfProtect.sys
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] ImmunetSelfProtectDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Content Screener
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
    Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] Immunet Self Protection Driver
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\[email protected] ImmunetSelfProtect Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect [email protected] 388530
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect [email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\ImmunetSelfProtectDriver
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xB7 0x50 0xC6 0x2A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x84 0xCC 0x9C 0x7D ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xCC 0xA8 0x2C 0x2E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xC3 0x6B 0xC1 0x26 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x78 0x68 0x42 0xD1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x0A 0xB8 0xC2 0xA9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x1C 0x79 0x13 0xDE ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x0A 0xB8 0xC2 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] ImmunetNetworkMonitorDriver
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\Wdf (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetNetworkMonitorDriver\Parameters\[email protected] 1.9???????????
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 272
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] C:\Program Files\Immunet\3.0.12\agent.exe
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] Immunet 3.0
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] Immunet 3.0
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] system32\DRIVERS\ImmunetProtect.sys
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] ImmunetProtectDriver
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Content Screener
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] Immunet Protect Driver
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\[email protected] ImmunetProtect Instance
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect Instance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect [email protected] 388300
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetProtectDriver\Instances\ImmunetProtect [email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 3
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] system32\DRIVERS\ImmunetSelfProtect.sys
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] ImmunetSelfProtectDriver
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Content Screener
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
    Reg HKLM\SYSTEM\ControlSet002\services\[email protected] Immunet Self Protection Driver
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\[email protected] ImmunetSelfProtect Instance
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect Instance (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect [email protected] 388530
    Reg HKLM\SYSTEM\ControlSet002\services\ImmunetSelfProtectDriver\Instances\ImmunetSelfProtect [email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files (x86)\DAEMON Tools Pro\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xB7 0x50 0xC6 0x2A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x84 0xCC 0x9C 0x7D ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xCC 0xA8 0x2C 0x2E ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xC3 0x6B 0xC1 0x26 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x78 0x68 0x42 0xD1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x0A 0xB8 0xC2 0xA9 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x10 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x7C 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x1C 0x79 0x13 0xDE ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\[email protected] 0x0A 0xB8 0xC2 0xA9 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\crack games\Zoo Tycoon 2 \xae Ultimate Collection with save+Extras\Zoo Tycoon 2\Setup.Exe 1

    ---- Files - GMER 2.1 ----

    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY0X0OS8\easy-and-practical-weight-loss-tips[1].txt 13383 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KY0X0OS8\CAH5UXHC.HTM 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt 618 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt 439 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt 144 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt 1127 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt 787 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 488 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt 568 bytes

    ---- EOF - GMER 2.1 ----

    here are the specs Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, 64 bit
    Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 4
    RAM: 16337 Mb
    Graphics Card: NVIDIA GeForce GTX 660, -2048 Mb
    Hard Drives: C: Total - 953867 MB, Free - 168415 MB;
    Motherboard: MSI, Z77A-G45 (MS-7752)
    Antivirus: Immunet 3.0, Updated and Enabled
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1117280

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice