TechSpot

Win64/Patched.A in Services.exe

Solved
By JMerlPE
Oct 21, 2012
  1. Hi, my AVG has turned me onto a virus that I somehow acquired. I've tried using TDSS and some other virus removal software and I've had no luck. I'd love some help on how to remove this virus, Thank you!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Hi, thank you so much for your help! Here is my log from MBAM

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.22.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jen :: JEN-PC [administrator]

    10/22/2012 8:59:58 AM
    mbam-log-2012-10-22 (08-59-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204259
    Time elapsed: 4 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

    (end)
     
  4. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is my GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-22 09:34:10
    Windows 6.1.7601 Service Pack 1
    Running: 00mlpgz1.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f493
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x23 0x75 0xC3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DTools\
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f493 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x71 0x23 0x75 0xC3 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DTools\

    ---- EOF - GMER 1.0.15 ----
     
  5. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is my DDS.txt log

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
    Run by Jen at 9:36:23 on 2012-10-22
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2372 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\nvvsvc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\windows\SysWOW64\Rezip.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09242012
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
    uRun: [Magellan CmTray] C:\Program Files (x86)\Content Manager\CmTray.exe
    uRun: [MusicManager] "C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    uRun: [DAEMON Tools Lite] "D:\DTools\DTLite.exe" -autorun
    uRun: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
    uRun: [Steam] "D:\Games\Steam\Steam.exe" -silent
    uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
    uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{4698BC4D-B655-4798-A71E-112C05E59322} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{4698BC4D-B655-4798-A71E-112C05E59322}\24340535F575966496 : DHCPNameServer = 10.5.112.29 10.9.0.74 10.9.0.73
    TCP: Interfaces\{4698BC4D-B655-4798-A71E-112C05E59322}\2456C6B696E6F5E4F575962756C6563737F5141483247373 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{4698BC4D-B655-4798-A71E-112C05E59322}\46566796E637 : DHCPNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{4698BC4D-B655-4798-A71E-112C05E59322}\478656F50756E61353F5769627C637 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{8595CC34-384C-48A5-A944-5B7183E4EB3F} : DHCPNameServer = 68.87.66.249 162.150.8.28
    TCP: Interfaces\{F625E639-3111-4A99-B27E-A26EAAC010D2} : DHCPNameServer = 8.8.8.8 8.8.4.4
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: motolauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: pdr.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: motolauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: pdr.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    Hosts: 69.65.1.83 boards.endoftheinter.net
    Hosts: 69.65.1.83 wiki.endoftheinter.net
    Hosts: 69.65.1.83 static.endoftheinter.net
    Hosts: 69.65.1.83 links.endoftheinter.net
    Hosts: 69.65.1.83 archives.endoftheinter.net
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B4c1e4ead-48db-443b-ad7b-cbeed2acf30d%7D&mid=cbeae823e322ce9762a2cee8efd35c88-f92be38113a130a213ed3baf7d8afa85b604befc&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-25%2011%3A38%3A27&sap=ku&q=
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\Jen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Jen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Jen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-10-17 16:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\2vsan3bg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-9-21 61792]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-9-13 151904]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-25 31080]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-8-16 283200]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-2-2 13824]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12:40];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-19 146928]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-2 5783672]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-2 193568]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
    R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
    R2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-3-26 91992]
    R2 MSSQL$CSSQL05;SQL Server (CSSQL05);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-8-20 65657]
    R2 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-2-2 311296]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-9-19 2365792]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-25 722528]
    R3 easytether;easytether;C:\windows\System32\drivers\easytthr.sys [2012-10-4 20784]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-3 151936]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\System32\drivers\nvhda64v.sys [2009-8-21 84512]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-9-18 11880]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-4 250808]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-9 1025352]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\System32\drivers\motfilt.sys [2009-1-29 6144]
    S3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-2-3 52264]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2010-2-2 35104]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-7-10 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-4 135664]
    S3 motandroidusb;Mot ADB Interface Driver;C:\windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
    S3 motccgp;Motorola USB Composite Device Driver;C:\windows\System32\drivers\motccgp.sys [2012-6-11 22016]
    S3 motccgpfl;MotCcgpFlService;C:\windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\drivers\MijXfilt.sys [2012-8-28 121416]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-9 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-4-7 1255736]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    .
    =============== Created Last 30 ================
    .
    2012-10-22 12:58:59--------d-----w-C:\Users\Jen\AppData\Roaming\Malwarebytes
    2012-10-22 12:58:4625928----a-w-C:\windows\System32\drivers\mbam.sys
    2012-10-22 12:58:46--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-22 12:58:46--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-21 23:28:17--------d-----w-C:\FRST
    2012-10-21 22:37:23--------d-sh--w-C:\windows\SysWow64\%APPDATA%
    2012-10-21 22:36:56--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-21 22:09:01220160----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-10-21 22:08:53--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2012-10-21 14:29:32--------d-----w-C:\Program Files (x86)\Infogrames Interactive
    2012-10-21 14:28:4877824----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-10-21 14:28:4832768----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-10-21 14:28:48225280----a-w-C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
    2012-10-21 14:28:48176128----a-w-C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-10-17 17:48:3795208----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-10-17 17:20:5234656----a-w-C:\windows\System32\TURegOpt.exe
    2012-10-17 17:20:4825952----a-w-C:\windows\System32\authuitu.dll
    2012-10-17 17:20:4821344----a-w-C:\windows\SysWow64\authuitu.dll
    2012-10-17 17:19:34--------d-----w-C:\Program Files (x86)\TuneUp Utilities 2013
    2012-10-17 17:19:07--------d-----w-C:\ProgramData\TuneUp Software
    2012-10-17 17:18:59--------d-sh--w-C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-10-10 20:24:485559664----a-w-C:\windows\System32\ntoskrnl.exe
    2012-10-05 07:26:22111456----a-w-C:\windows\System32\drivers\avgmfx64.sys
    2012-10-04 11:35:5720784----a-w-C:\windows\System32\drivers\easytthr.sys
    2012-10-04 11:35:55--------d-----w-C:\Program Files (x86)\Mobile Stream
    2012-10-03 23:45:25--------d-----w-C:\Users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
    2012-10-02 07:30:38185696----a-w-C:\windows\System32\drivers\avgldx64.sys
    2012-10-01 13:53:23--------d-----w-C:\Users\Jen\AppData\Roaming\YoudaGames
    2012-09-27 01:28:54245760----a-w-C:\windows\System32\OxpsConverter.exe
    2012-09-25 15:40:27--------d-----w-C:\Users\Jen\AppData\Roaming\AVG2013
    2012-09-25 15:38:33--------d-----w-C:\Users\Jen\AppData\Roaming\TuneUp Software
    2012-09-25 15:38:2531080----a-w-C:\windows\System32\drivers\avgtpx64.sys
    2012-09-25 15:38:21--------d-----w-C:\Program Files (x86)\AVG Secure Search
    2012-09-25 15:36:12--------d-----w-C:\ProgramData\AVG2013
    2012-09-25 15:33:29--------d-----w-C:\Users\Jen\AppData\Local\MFAData
    2012-09-25 15:33:29--------d-----w-C:\Users\Jen\AppData\Local\Avg2013
    2012-09-24 17:21:28--------d-----w-C:\Users\Jen\AppData\Local\Xfinity.com
    2012-09-22 17:59:4933240----a-w-C:\windows\System32\drivers\GEARAspiWDM.sys
    2012-09-22 17:58:53--------d-----w-C:\Program Files\iPod
    2012-09-22 17:58:52--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-22 17:58:52--------d-----w-C:\Program Files\iTunes
    2012-09-22 17:58:52--------d-----w-C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-10-09 16:40:1273656----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 16:40:12696760----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-21 07:46:04200032----a-w-C:\windows\System32\drivers\avgtdia.sys
    2012-09-21 07:46:00225120----a-w-C:\windows\System32\drivers\avgloga.sys
    2012-09-21 07:45:5061792----a-w-C:\windows\System32\drivers\avgidsha.sys
    2012-09-14 19:19:292048----a-w-C:\windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\windows\SysWow64\tzres.dll
    2012-09-14 07:05:1840800----a-w-C:\windows\System32\drivers\avgrkx64.sys
    2012-09-13 13:54:03821736----a-w-C:\windows\SysWow64\npDeployJava1.dll
    2012-09-13 13:54:03746984----a-w-C:\windows\SysWow64\deployJava1.dll
    2012-09-13 07:11:18151904----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
    2012-08-31 18:19:351659760----a-w-C:\windows\System32\drivers\ntfs.sys
    2012-08-30 17:12:023968880----a-w-C:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\windows\SysWow64\wintrust.dll
    2012-08-24 10:31:322312704----a-w-C:\windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01:20125872----a-w-C:\windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20106928----a-w-C:\windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48:44362496----a-w-C:\windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-16 19:33:03178800----a-w-C:\windows\SysWow64\CmdLineExt_x64.dll
    2012-08-16 19:14:03283200----a-w-C:\windows\System32\drivers\dtsoftbus01.sys
    2012-08-16 19:10:02560184----a-w-C:\windows\System32\drivers\sptd.sys
    2012-08-11 00:56:03715776----a-w-C:\windows\System32\kerberos.dll
    2012-08-10 23:56:14542208----a-w-C:\windows\SysWow64\kerberos.dll
    2012-08-02 17:58:52574464----a-w-C:\windows\System32\d3d10level9.dll
    2012-08-02 16:57:20490496----a-w-C:\windows\SysWow64\d3d10level9.dll
    .
    ============= FINISH: 9:36:46.79 ===============
     
  6. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    And lastly, here is the Attach.txt log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/4/2010 5:28:35 PM
    System Uptime: 10/22/2012 9:05:59 AM (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R580
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 19.6 GiB free.
    D: is FIXED (NTFS) - 351 GiB total, 282.486 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP301: 10/20/2012 8:09:51 PM - Removed CSI-Hard Evidence
    RP302: 10/21/2012 10:28:56 AM - Installed RollerCoaster Tycoon 2
    RP303: 10/21/2012 10:35:39 AM - Installed RollerCoaster Tycoon 2: Time Twister
    RP304: 10/21/2012 10:36:37 AM - Installed RollerCoaster Tycoon 2: Wacky Worlds
    RP305: 10/21/2012 10:40:15 AM - Removed RollerCoaster Tycoon 2: Time Twister
    .
    ==== Image File Execution Options =============
    .
    IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: motolauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: pdr.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: powerdvd8.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: producer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: realplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: rgsclauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IFEO: youcam.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: acrord32.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: labelprint.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: motolauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: pdr.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: powerdvd8.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: producer.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: realplay.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: rgsclauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: skype.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    x64-IFEO: youcam.exe - "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 69.65.1.83 boards.endoftheinter.net
    Hosts: 69.65.1.83 wiki.endoftheinter.net
    Hosts: 69.65.1.83 static.endoftheinter.net
    Hosts: 69.65.1.83 links.endoftheinter.net
    Hosts: 69.65.1.83 archives.endoftheinter.net
    Hosts: 69.65.1.83 endoftheinter.net
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe Flash Player 11 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9.3.1
    Adobe Shockwave Player 11.5
    AnyPC Client
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Client Installation Program
    AVG 2013
    BatteryLifeExtender
    Bloons TD 5 Deluxe version 1.06
    Bonjour
    ChargeableUSB
    Cheat Engine 6.2
    Chemistry Add-in for Word
    Compatibility Pack for the 2007 Office system
    ContentManager
    Counter-Strike
    Counter-Strike: Source
    CyberLink Blu-ray Disc Suite
    CyberLink LabelPrint
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 8
    CyberLink PowerProducer
    CyberLink YouCam
    D3DX10
    DAEMON Tools Lite
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    EasyTether
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GradeQuick Web Plugin
    Grand Theft Auto IV
    Half-Life 2
    Half-Life 2: Deathmatch
    iCloud
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    iTunes
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 30
    Java(TM) SE Development Kit 6 Update 21
    JavaFX 2.1.1
    JDownloader 0.9
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.1.1000
    Marvell Miniport Driver
    MergeModules
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 (CSSQL05)
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Tools
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MotoCast
    Motorola Device Manager
    Motorola Device Software Update
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 5.9.0
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    Music Manager
    Natural Selection 3.2
    NVIDIA Drivers
    Pirates, Vikings, & Knights II
    Portal 2 version 2.0.0.1
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    REALTEK Wireless LAN Software
    Rockstar Games Social Club
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon 2: Wacky Worlds
    Samsung R-Series
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    Skype Toolbars
    Skype™ 5.10
    Source Multiplayer Dedicated Server
    Source SDK
    Source SDK Base 2007
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Steam
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    Team Fortress Classic
    TuneUp Utilities 2013
    TuneUp Utilities Language Pack (en-US)
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User Guide
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VLC media player 2.0.3
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xilisoft iPod Rip
    YouWave for Android
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/22/2012 9:34:22 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/22/2012 9:34:22 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/22/2012 9:06:43 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/22/2012 9:06:35 AM, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: The system cannot find the file specified.
    10/21/2012 7:07:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
    10/21/2012 6:32:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/21/2012 6:31:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/21/2012 6:31:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/21/2012 6:31:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache SABI spldr Wanarpv6
    10/21/2012 6:31:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/21/2012 6:31:39 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/21/2012 6:31:00 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/21/2012 10:44:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (CSSQL05) service to connect.
    10/21/2012 10:44:15 AM, Error: Service Control Manager [7000] - The SQL Server (CSSQL05) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/21/2012 10:41:52 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    10/17/2012 9:28:21 AM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    10/17/2012 8:27:57 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KATIE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4698BC4D-B655-4798-A71E-112C05E59322}. The master browser is stopping or an election is being forced.
    10/17/2012 3:25:41 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    10/16/2012 3:32:03 PM, Error: NetBT [4321] - The name "JEN-PC :0" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.5 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
  7. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    After doing all the scans and following the steps you provided me with, my AVG still pops up sporadically informing me of the virus.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  9. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
    Ran by SYSTEM at 22-10-2012 15:38:57
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9644576 2009-12-14] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16413288 2010-01-07] (NVIDIA Corporation)
    HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-03] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-15] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-11-20] (cyberlink)
    HKLM-x32\...\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-01-11] (CyberLink Corp.)
    HKLM-x32\...\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe" [13312 2009-11-19] (DoctorSoft)
    HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-25] ()
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT [856160 2012-09-25] ()
    HKU\Jen\...\Run: [Magellan CmTray] C:\Program Files (x86)\Content Manager\CmTray.exe [458752 2011-03-04] (MiTAC Digital Corporation.)
    HKU\Jen\...\Run: [MusicManager] "C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7321600 2012-08-31] (Google Inc.)
    HKU\Jen\...\Run: [DAEMON Tools Lite] "D:\DTools\DTLite.exe" -autorun [x]
    HKU\Jen\...\Run: [RGSC] D:\Games\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\Jen\...\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent [x]
    HKU\Jen\...\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [x]
    HKU\Jen\...\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe" [48680 2012-06-06] (Mobile Stream)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    AppInit_DLLs:
    IMEO\acrord32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\labelprint.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\motolauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\olrsubmission.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\pdr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\powerdvd8.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\producer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\realplay.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\rgsclauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    IMEO\youcam.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ==================== Services (Whitelisted) ===================

    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
    2 MSSQL$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sCSSQL05 [29293408 2010-12-10] (Microsoft Corporation)
    2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
    2 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe" [2365792 2012-09-19] (TuneUp Software)
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-25] ()
    2 msftesql$CSSQL05; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:CSSQL05 [x]

    ==================== Drivers (Whitelisted) =====================

    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-12] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-20] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [31080 2012-09-25] (AVG Technologies)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-16] (DT Soft Ltd)
    3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [20784 2012-06-06] (Mobile Stream)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-16] (Duplex Secure Ltd.)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-09-18] (TuneUp Software)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
    2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-11-19] (CyberLink Corp.)
    2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [x]
    3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
    3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-22 04:58 - 2012-10-22 04:58 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Malwarebytes
    2012-10-22 04:58 - 2012-10-22 04:58 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-22 04:58 - 2012-10-22 04:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-22 04:58 - 2012-09-29 15:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-21 15:28 - 2012-10-21 15:28 - 00000000 ____D C:\FRST
    2012-10-21 14:37 - 2012-10-21 14:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-21 14:36 - 2012-10-21 14:36 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-21 14:12 - 2012-10-21 14:16 - 00000000 ____D C:\Users\Jen\Desktop\People.Like.Us.2012.DVDRip.XviD-SPARKS
    2012-10-21 14:08 - 2012-10-21 14:09 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-10-21 06:36 - 2012-10-21 06:36 - 00000000 ____D C:\Users\Jen\AppData\Roaming\Leadertech
    2012-10-21 06:31 - 2012-10-21 06:31 - 00000000 ____A C:\Windows\PowerReg.dat
    2012-10-21 06:29 - 2012-10-21 06:29 - 00000000 ____D C:\Program Files (x86)\Infogrames Interactive
    2012-10-17 09:48 - 2012-09-24 19:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-10-17 09:48 - 2012-09-24 19:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-10-17 09:48 - 2012-09-24 19:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-10-17 09:47 - 2012-10-17 09:48 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-17 09:20 - 2012-09-19 08:10 - 00034656 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-10-17 09:20 - 2012-09-19 08:10 - 00025952 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
    2012-10-17 09:20 - 2012-09-19 08:10 - 00021344 ____A (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
    2012-10-17 09:19 - 2012-10-17 09:20 - 00000000 ____D C:\Users\All Users\TuneUp Software
    2012-10-17 09:19 - 2012-10-17 09:20 - 00000000 ____D C:\Program Files (x86)\TuneUp Utilities 2013
    2012-10-17 09:18 - 2012-10-17 09:30 - 00000000 __SHD C:\Users\All Users\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2012-10-13 17:58 - 2012-10-13 17:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2012-10-13 17:58 - 2012-10-13 17:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2012-10-10 12:25 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 12:25 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 12:25 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 12:25 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 12:25 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 12:25 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 12:25 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 12:25 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 12:25 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 12:25 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 12:25 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 12:24 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-10 12:24 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-10 12:24 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-10 12:24 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-10 12:24 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-10 12:24 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-10 12:24 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 12:24 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 12:24 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 12:24 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-10 12:24 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-10 12:24 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-10 12:24 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-10 12:24 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-10 12:24 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-10 12:24 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-07 15:05 - 2012-10-07 15:05 - 00013457 ____A C:\Users\Jen\Desktop\2012 Room and Room Supervisor assignments.xlsx
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 15:00 - 2012-10-04 15:00 - 00124072 ____A C:\Users\Jen\Desktop\PastedGraphic-2.tiff
    2012-10-04 03:35 - 2012-10-04 03:35 - 00000000 ____D C:\Program Files (x86)\Mobile Stream
    2012-10-04 03:35 - 2012-06-06 11:55 - 00020784 ____A (Mobile Stream) C:\Windows\System32\Drivers\easytthr.sys
    2012-10-03 15:45 - 2012-10-03 15:45 - 00000000 ____D C:\Users\Jen\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
    2012-10-02 09:01 - 2012-10-02 09:01 - 00000000 ____D C:\Users\Jen\Documents\Telltale Games
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-10-01 05:53 - 2012-10-01 05:53 - 00000000 ____D C:\Users\Jen\AppData\Roaming\YoudaGames
    2012-10-01 05:52 - 2012-10-01 05:52 - 00000000 ____D C:\Users\Jen\Documents\My Cheat Tables
    2012-10-01 05:49 - 2012-10-01 05:49 - 00000355 ____A C:\Users\Jen\Desktop\My Computer.lnk
    2012-09-26 17:28 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-25 11:00 - 2012-09-25 11:00 - 01587185 ____A C:\Users\Jen\Downloads\Virtual Bart.zip
    2012-09-25 07:40 - 2012-09-25 07:40 - 00000000 ____D C:\Users\Jen\AppData\Roaming\AVG2013
    2012-09-25 07:38 - 2012-10-17 09:19 - 00000000 ____D C:\Users\Jen\AppData\Roaming\TuneUp Software
    2012-09-25 07:38 - 2012-09-25 07:38 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-25 07:38 - 2012-09-25 07:38 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-09-25 07:36 - 2012-09-25 07:38 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-09-25 07:33 - 2012-09-25 08:40 - 00000000 ____D C:\Users\Jen\AppData\Local\Avg2013
    2012-09-25 07:33 - 2012-09-25 07:33 - 00000000 ____D C:\Users\Jen\AppData\Local\MFAData
    2012-09-24 09:21 - 2012-09-24 09:21 - 00776792 ____A C:\Users\Jen\Downloads\Comcast_Desktop_Software_1203.exe
    2012-09-24 09:21 - 2012-09-24 09:21 - 00005288 ____A C:\comcastrelease.log
    2012-09-24 09:21 - 2012-09-24 09:21 - 00000000 ____D C:\Users\Jen\AppData\Local\Xfinity.com
    2012-09-23 16:14 - 2012-09-23 16:14 - 00027331 ____A C:\Users\Jen\Downloads\hachiko-a-dogs-story-aka-hachi-a-dogs-tale_english-323671.zip
    2012-09-22 19:34 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-22 19:34 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-22 19:34 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-22 19:34 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-22 19:34 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-22 19:34 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-22 19:34 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-22 19:34 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-22 19:34 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-22 19:34 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-22 19:34 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-22 19:34 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-22 19:34 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-22 19:34 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-22 19:34 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-22 19:34 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-22 19:34 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-22 19:34 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-22 19:34 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-22 19:34 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-22 19:34 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-22 19:34 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-22 19:34 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-22 19:34 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-22 19:34 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-22 19:34 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-22 19:34 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-22 19:34 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-22 19:34 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 19:34 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-22 19:34 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-22 19:34 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-22 10:00 - 2012-09-22 10:00 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-22 09:59 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-22 09:58 - 2012-09-22 09:59 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-22 09:58 - 2012-09-22 09:59 - 00000000 ____D C:\Program Files\iTunes
    2012-09-22 09:58 - 2012-09-22 09:59 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-09-22 09:58 - 2012-09-22 09:58 - 00000000 ____D C:\Program Files\iPod
     
  10. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    ==================== 3 Months Modified Files ==================

    2012-10-22 11:34 - 2009-07-13 21:13 - 00834694 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-22 11:33 - 2012-10-22 11:33 - 01459119 ____A (Farbar) C:\Users\Jen\Desktop\FRST64.exe
    2012-10-22 11:33 - 2012-07-04 14:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-22 11:33 - 2012-05-17 18:45 - 00020507 ____A C:\Windows\setupact.log
    2012-10-22 11:33 - 2010-08-28 17:31 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001UA.job
    2012-10-22 11:33 - 2010-04-04 13:54 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-22 07:26 - 2010-04-04 13:54 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-22 05:14 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-22 05:14 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-22 05:06 - 2010-02-02 19:42 - 00948002 ____A C:\Windows\PFRO.log
    2012-10-22 05:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-21 14:27 - 2010-02-02 19:02 - 01436509 ____A C:\Windows\WindowsUpdate.log
    2012-10-21 06:31 - 2012-10-21 06:31 - 00000000 ____A C:\Windows\PowerReg.dat
    2012-10-21 06:14 - 2010-08-28 17:31 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1025616775-32965946-2427245248-1001Core.job
    2012-10-17 09:48 - 2012-10-17 09:47 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-11 06:13 - 2010-04-05 08:08 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-10 14:27 - 2012-05-26 05:03 - 00002374 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-10-09 08:40 - 2012-07-04 14:16 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-09 08:40 - 2011-06-05 18:44 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-07 15:05 - 2012-10-07 15:05 - 00013457 ____A C:\Users\Jen\Desktop\2012 Room and Room Supervisor assignments.xlsx
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 15:00 - 2012-10-04 15:00 - 00124072 ____A C:\Users\Jen\Desktop\PastedGraphic-2.tiff
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-10-01 19:32 - 2011-07-10 10:05 - 00005373 ____A C:\Windows\IE9_main.log
    2012-10-01 05:49 - 2012-10-01 05:49 - 00000355 ____A C:\Users\Jen\Desktop\My Computer.lnk
    2012-09-29 15:54 - 2012-10-22 04:58 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-25 11:00 - 2012-09-25 11:00 - 01587185 ____A C:\Users\Jen\Downloads\Virtual Bart.zip
    2012-09-25 07:38 - 2012-09-25 07:38 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-09-24 19:16 - 2012-10-17 09:48 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-24 19:08 - 2012-10-17 09:48 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-24 19:07 - 2012-10-17 09:48 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-24 09:21 - 2012-09-24 09:21 - 00776792 ____A C:\Users\Jen\Downloads\Comcast_Desktop_Software_1203.exe
    2012-09-24 09:21 - 2012-09-24 09:21 - 00005288 ____A C:\comcastrelease.log
    2012-09-23 16:14 - 2012-09-23 16:14 - 00027331 ____A C:\Users\Jen\Downloads\hachiko-a-dogs-story-aka-hachi-a-dogs-tale_english-323671.zip
    2012-09-22 10:00 - 2012-09-22 10:00 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-20 23:46 - 2012-09-20 23:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-20 23:45 - 2012-09-20 23:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-19 08:10 - 2012-10-17 09:20 - 00034656 ____A (TuneUp Software) C:\Windows\System32\TURegOpt.exe
    2012-09-19 08:10 - 2012-10-17 09:20 - 00025952 ____A (TuneUp Software) C:\Windows\System32\authuitu.dll
    2012-09-19 08:10 - 2012-10-17 09:20 - 00021344 ____A (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
    2012-09-14 11:19 - 2012-10-10 12:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-10 12:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-13 23:05 - 2012-09-13 23:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-13 05:54 - 2012-08-16 07:17 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-13 05:54 - 2010-09-27 11:23 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-12 23:11 - 2012-09-12 23:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-08-31 10:19 - 2012-10-10 12:24 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-10 12:24 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-10 12:24 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-10 12:24 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-28 13:33 - 2012-08-28 13:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-08-28 13:33 - 2012-08-28 13:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
    2012-08-25 19:59 - 2012-08-25 19:25 - 00000604 ____N C:\Windows\Sof2.INI
    2012-08-24 10:05 - 2012-10-10 12:24 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-10 12:24 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-22 19:34 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 19:34 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 19:34 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 19:34 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 19:34 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 19:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 19:34 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 19:34 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 19:34 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-22 19:34 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-22 19:34 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 19:34 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 19:34 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 19:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 19:34 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 19:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 19:34 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 19:34 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 19:34 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 19:34 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 19:34 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 19:34 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 19:34 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 19:34 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-22 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-22 19:34 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 19:34 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-22 19:34 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-22 19:34 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 19:34 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 10:12 - 2012-09-12 06:58 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 06:58 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 06:58 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 06:58 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 23:00 - 2012-08-21 23:00 - 00260246 ____A C:\Windows\msxml4-KB2721691-enu.LOG
    2012-08-21 13:01 - 2012-09-26 17:28 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 09:01 - 2012-09-22 09:59 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 09:01 - 2010-04-04 14:08 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 09:01 - 2010-04-04 14:08 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-10 12:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-10 12:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-10 12:25 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-10 12:25 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-10 12:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-10 12:25 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-10 12:25 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-10 12:25 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-10 12:25 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-10 12:25 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-10 12:25 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 12:25 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 12:25 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-10 12:25 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-16 11:33 - 2012-08-16 11:33 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
    2012-08-16 11:32 - 2010-02-02 20:01 - 00103728 ____A C:\Windows\DirectX.log
    2012-08-16 11:14 - 2012-08-16 11:14 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-08-16 11:10 - 2010-04-04 16:20 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
    2012-08-16 05:47 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-16 05:46 - 2009-07-13 20:45 - 00428176 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-10 16:56 - 2012-10-10 12:24 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-10 12:24 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-09 11:20 - 2012-08-09 11:20 - 00012456 ____A C:\Users\Jen\Documents\TraxelOrderNew.xlsx
    2012-08-07 05:35 - 2012-08-07 05:35 - 00896400 ____A (BitTorrent, Inc.) C:\Users\Jen\Desktop\uTorrent.exe
    2012-08-02 09:58 - 2012-09-12 06:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 06:58 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

    ZeroAccess:
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\L
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\L\00000004.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\L\201d3dde
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\00000004.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\00000008.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\000000cb.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\80000000.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\80000032.@
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-20 16:10:06
    Restore point made on: 2012-10-21 06:29:09
    Restore point made on: 2012-10-21 06:35:49
    Restore point made on: 2012-10-21 06:36:40
    Restore point made on: 2012-10-21 06:40:19

    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 3956.55 MB
    Available physical RAM: 3323.57 MB
    Total Pagefile: 3954.7 MB
    Available Pagefile: 3319.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:100 GB) (Free:19.51 GB) NTFS
    2 Drive e: () (Fixed) (Total:350.66 GB) (Free:282.49 GB) NTFS
    3 Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:1.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    5 Drive h: () (Removable) (Total:0.48 GB) (Free:0.43 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 488 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 15 GB 1024 KB
    Partition 2 Primary 100 MB 15 GB
    Partition 3 Primary 100 GB 15 GB
    Partition 4 Primary 350 GB 115 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F RECOVERY NTFS Partition 15 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 100 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E NTFS Partition 350 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 488 MB 116 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT Removable 488 MB Healthy

    =========================================================

    Last Boot: 2012-10-16 10:47

    ==================== End Of Log =============================
     
  11. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the Search.txt

    Farbar Recovery Scan Tool (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-22 15:41:36
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    ======================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  13. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    When I restarted my computer after running FRST64 a second time, no AVG messages popped up!

    Here is the fixlog.txt

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-22 16:21:55 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{fe4a6d35-4dc2-fa49-6958-ca8514c604f2} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  14. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the TDSSKiller Report

    16:27:27.0278 5544 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    16:27:28.0722 5544 ============================================================
    16:27:28.0722 5544 Current date / time: 2012/10/22 16:27:28.0722
    16:27:28.0722 5544 SystemInfo:
    16:27:28.0722 5544
    16:27:28.0723 5544 OS Version: 6.1.7601 ServicePack: 1.0
    16:27:28.0723 5544 Product type: Workstation
    16:27:28.0723 5544 ComputerName: JEN-PC
    16:27:28.0723 5544 UserName: Jen
    16:27:28.0723 5544 Windows directory: C:\windows
    16:27:28.0723 5544 System windows directory: C:\windows
    16:27:28.0723 5544 Running under WOW64
    16:27:28.0723 5544 Processor architecture: Intel x64
    16:27:28.0723 5544 Number of processors: 4
    16:27:28.0723 5544 Page size: 0x1000
    16:27:28.0723 5544 Boot type: Normal boot
    16:27:28.0723 5544 ============================================================
    16:27:29.0073 5544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:27:29.0077 5544 Drive \Device\Harddisk1\DR1 - Size: 0x1E8BE000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:27:29.0080 5544 ============================================================
    16:27:29.0080 5544 \Device\Harddisk0\DR0:
    16:27:29.0080 5544 MBR partitions:
    16:27:29.0080 5544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
    16:27:29.0080 5544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xC800000
    16:27:29.0080 5544 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE632800, BlocksNum 0x2BD52800
    16:27:29.0080 5544 \Device\Harddisk1\DR1:
    16:27:29.0081 5544 MBR partitions:
    16:27:29.0081 5544 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xE9, BlocksNum 0xF4117
    16:27:29.0081 5544 ============================================================
    16:27:29.0108 5544 C: <-> \Device\Harddisk0\DR0\Partition2
    16:27:29.0159 5544 D: <-> \Device\Harddisk0\DR0\Partition3
    16:27:29.0159 5544 ============================================================
    16:27:29.0159 5544 Initialize success
    16:27:29.0159 5544 ============================================================
    16:27:29.0882 4156 ============================================================
    16:27:29.0882 4156 Scan started
    16:27:29.0882 4156 Mode: Manual;
    16:27:29.0882 4156 ============================================================
    16:27:30.0126 4156 ================ Scan system memory ========================
    16:27:30.0126 4156 System memory - ok
    16:27:30.0126 4156 ================ Scan services =============================
    16:27:30.0289 4156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    16:27:30.0290 4156 1394ohci - ok
    16:27:30.0343 4156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    16:27:30.0345 4156 ACPI - ok
    16:27:30.0385 4156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    16:27:30.0386 4156 AcpiPmi - ok
    16:27:30.0772 4156 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:27:30.0773 4156 AdobeFlashPlayerUpdateSvc - ok
    16:27:30.0824 4156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    16:27:30.0827 4156 adp94xx - ok
    16:27:30.0839 4156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    16:27:30.0841 4156 adpahci - ok
    16:27:30.0855 4156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    16:27:30.0856 4156 adpu320 - ok
    16:27:30.0889 4156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    16:27:30.0890 4156 AeLookupSvc - ok
    16:27:30.0946 4156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    16:27:30.0949 4156 AFD - ok
    16:27:30.0996 4156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    16:27:30.0997 4156 agp440 - ok
    16:27:31.0033 4156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    16:27:31.0033 4156 ALG - ok
    16:27:31.0063 4156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    16:27:31.0063 4156 aliide - ok
    16:27:31.0118 4156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    16:27:31.0119 4156 amdide - ok
    16:27:31.0151 4156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    16:27:31.0151 4156 AmdK8 - ok
    16:27:31.0156 4156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    16:27:31.0156 4156 AmdPPM - ok
    16:27:31.0222 4156 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    16:27:31.0223 4156 amdsata - ok
    16:27:31.0242 4156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    16:27:31.0244 4156 amdsbs - ok
    16:27:31.0269 4156 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    16:27:31.0270 4156 amdxata - ok
    16:27:31.0325 4156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    16:27:31.0326 4156 AppID - ok
    16:27:31.0358 4156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    16:27:31.0359 4156 AppIDSvc - ok
    16:27:31.0393 4156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    16:27:31.0394 4156 Appinfo - ok
    16:27:31.0651 4156 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:27:31.0653 4156 Apple Mobile Device - ok
    16:27:31.0687 4156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
    16:27:31.0688 4156 arc - ok
    16:27:31.0693 4156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    16:27:31.0694 4156 arcsas - ok
    16:27:31.0727 4156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    16:27:31.0727 4156 AsyncMac - ok
    16:27:31.0771 4156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    16:27:31.0772 4156 atapi - ok
    16:27:31.0838 4156 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\windows\system32\DRIVERS\athrx.sys
    16:27:31.0847 4156 athr - ok
    16:27:31.0921 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    16:27:31.0925 4156 AudioEndpointBuilder - ok
    16:27:31.0935 4156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    16:27:31.0939 4156 AudioSrv - ok
    16:27:32.0113 4156 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    16:27:32.0118 4156 AVG Security Toolbar Service - ok
    16:27:32.0310 4156 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    16:27:32.0339 4156 AVGIDSAgent - ok
    16:27:32.0446 4156 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
    16:27:32.0447 4156 AVGIDSDriver - ok
    16:27:32.0495 4156 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
    16:27:32.0495 4156 AVGIDSHA - ok
    16:27:32.0953 4156 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
    16:27:32.0954 4156 Avgldx64 - ok
    16:27:33.0011 4156 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\windows\system32\DRIVERS\avgloga.sys
    16:27:33.0012 4156 Avgloga - ok
    16:27:33.0082 4156 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
    16:27:33.0083 4156 Avgmfx64 - ok
    16:27:33.0130 4156 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
    16:27:33.0130 4156 Avgrkx64 - ok
    16:27:33.0174 4156 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
    16:27:33.0175 4156 Avgtdia - ok
    16:27:33.0216 4156 [ DE24B2CA078FC6A7EAA53B1DFD3F61CF ] avgtp C:\windows\system32\drivers\avgtpx64.sys
    16:27:33.0216 4156 avgtp - ok
    16:27:33.0272 4156 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    16:27:33.0274 4156 avgwd - ok
    16:27:33.0343 4156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    16:27:33.0344 4156 AxInstSV - ok
    16:27:33.0400 4156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    16:27:33.0402 4156 b06bdrv - ok
    16:27:33.0449 4156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    16:27:33.0450 4156 b57nd60a - ok
    16:27:33.0508 4156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    16:27:33.0509 4156 BDESVC - ok
    16:27:33.0531 4156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    16:27:33.0534 4156 Beep - ok
    16:27:33.0605 4156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    16:27:33.0609 4156 BFE - ok
    16:27:33.0627 4156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    16:27:33.0627 4156 blbdrive - ok
    16:27:33.0711 4156 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:27:33.0714 4156 Bonjour Service - ok
    16:27:33.0758 4156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    16:27:33.0759 4156 bowser - ok
    16:27:33.0789 4156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    16:27:33.0789 4156 BrFiltLo - ok
    16:27:33.0830 4156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    16:27:33.0831 4156 BrFiltUp - ok
    16:27:33.0892 4156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    16:27:33.0894 4156 Browser - ok
    16:27:33.0909 4156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    16:27:33.0911 4156 Brserid - ok
    16:27:33.0926 4156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    16:27:33.0927 4156 BrSerWdm - ok
    16:27:33.0974 4156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    16:27:33.0974 4156 BrUsbMdm - ok
    16:27:34.0012 4156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    16:27:34.0013 4156 BrUsbSer - ok
    16:27:34.0078 4156 [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\windows\system32\DRIVERS\motfilt.sys
    16:27:34.0079 4156 BTCFilterService - ok
    16:27:34.0186 4156 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
    16:27:34.0187 4156 BthEnum - ok
    16:27:34.0216 4156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    16:27:34.0217 4156 BTHMODEM - ok
    16:27:34.0268 4156 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
    16:27:34.0269 4156 BthPan - ok
    16:27:34.0319 4156 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
    16:27:34.0322 4156 BTHPORT - ok
    16:27:34.0374 4156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    16:27:34.0375 4156 bthserv - ok
    16:27:34.0425 4156 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
    16:27:34.0426 4156 BTHUSB - ok
    16:27:34.0472 4156 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
    16:27:34.0473 4156 btusbflt - ok
    16:27:34.0493 4156 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
    16:27:34.0494 4156 btwaudio - ok
    16:27:34.0532 4156 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\drivers\btwavdt.sys
    16:27:34.0533 4156 btwavdt - ok
    16:27:34.0597 4156 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    16:27:34.0602 4156 btwdins - ok
    16:27:34.0650 4156 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
    16:27:34.0650 4156 btwl2cap - ok
    16:27:34.0671 4156 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
    16:27:34.0671 4156 btwrchid - ok
    16:27:34.0705 4156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    16:27:34.0706 4156 cdfs - ok
    16:27:34.0768 4156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    16:27:34.0770 4156 cdrom - ok
    16:27:34.0807 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    16:27:34.0808 4156 CertPropSvc - ok
    16:27:34.0844 4156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
    16:27:34.0845 4156 circlass - ok
    16:27:34.0890 4156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    16:27:34.0892 4156 CLFS - ok
    16:27:34.0960 4156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:27:34.0961 4156 clr_optimization_v2.0.50727_32 - ok
    16:27:35.0037 4156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:27:35.0038 4156 clr_optimization_v2.0.50727_64 - ok
    16:27:35.0133 4156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:27:35.0135 4156 clr_optimization_v4.0.30319_32 - ok
    16:27:35.0189 4156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:27:35.0190 4156 clr_optimization_v4.0.30319_64 - ok
    16:27:35.0224 4156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    16:27:35.0224 4156 CmBatt - ok
    16:27:35.0274 4156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    16:27:35.0274 4156 cmdide - ok
    16:27:35.0330 4156 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    16:27:35.0333 4156 CNG - ok
    16:27:35.0378 4156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    16:27:35.0378 4156 Compbatt - ok
    16:27:35.0449 4156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    16:27:35.0450 4156 CompositeBus - ok
    16:27:35.0464 4156 COMSysApp - ok
    16:27:35.0488 4156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    16:27:35.0489 4156 crcdisk - ok
    16:27:35.0560 4156 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    16:27:35.0562 4156 CryptSvc - ok
    16:27:35.0618 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    16:27:35.0622 4156 DcomLaunch - ok
    16:27:35.0652 4156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    16:27:35.0654 4156 defragsvc - ok
    16:27:35.0728 4156 [ 3430EAD65BBE8516572EB7C8B82ED8CD ] DeviceMonitorService C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    16:27:35.0729 4156 DeviceMonitorService - ok
    16:27:35.0766 4156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    16:27:35.0767 4156 DfsC - ok
    16:27:35.0839 4156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    16:27:35.0841 4156 Dhcp - ok
    16:27:35.0872 4156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    16:27:35.0873 4156 discache - ok
    16:27:35.0892 4156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
    16:27:35.0893 4156 Disk - ok
    16:27:35.0932 4156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    16:27:35.0933 4156 Dnscache - ok
    16:27:35.0975 4156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    16:27:35.0976 4156 dot3svc - ok
    16:27:36.0020 4156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    16:27:36.0021 4156 DPS - ok
    16:27:36.0059 4156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    16:27:36.0060 4156 drmkaud - ok
    16:27:36.0108 4156 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
    16:27:36.0110 4156 dtsoftbus01 - ok
    16:27:36.0149 4156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    16:27:36.0154 4156 DXGKrnl - ok
    16:27:36.0165 4156 eamonm - ok
    16:27:36.0200 4156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    16:27:36.0201 4156 EapHost - ok
    16:27:36.0246 4156 [ 7A0887B0C3F5D8768C2F7C8524834FE6 ] easytether C:\windows\system32\DRIVERS\easytthr.sys
    16:27:36.0246 4156 easytether - ok
    16:27:36.0335 4156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    16:27:36.0352 4156 ebdrv - ok
    16:27:36.0416 4156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    16:27:36.0417 4156 EFS - ok
    16:27:36.0482 4156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    16:27:36.0485 4156 ehRecvr - ok
    16:27:36.0527 4156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    16:27:36.0528 4156 ehSched - ok
    16:27:36.0596 4156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    16:27:36.0599 4156 elxstor - ok
    16:27:36.0625 4156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    16:27:36.0626 4156 ErrDev - ok
    16:27:36.0667 4156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    16:27:36.0669 4156 EventSystem - ok
    16:27:36.0708 4156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    16:27:36.0709 4156 exfat - ok
    16:27:36.0742 4156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    16:27:36.0744 4156 fastfat - ok
    16:27:36.0803 4156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    16:27:36.0807 4156 Fax - ok
    16:27:36.0829 4156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
    16:27:36.0829 4156 fdc - ok
    16:27:36.0869 4156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    16:27:36.0870 4156 fdPHost - ok
    16:27:36.0882 4156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    16:27:36.0883 4156 FDResPub - ok
    16:27:36.0942 4156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    16:27:36.0943 4156 FileInfo - ok
    16:27:36.0997 4156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    16:27:36.0997 4156 Filetrace - ok
    16:27:37.0010 4156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    16:27:37.0011 4156 flpydisk - ok
    16:27:37.0033 4156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    16:27:37.0035 4156 FltMgr - ok
    16:27:37.0081 4156 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    16:27:37.0087 4156 FontCache - ok
    16:27:37.0147 4156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:27:37.0148 4156 FontCache3.0.0.0 - ok
    16:27:37.0180 4156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    16:27:37.0181 4156 FsDepends - ok
    16:27:37.0235 4156 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    16:27:37.0236 4156 fssfltr - ok
    16:27:37.0342 4156 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    16:27:37.0350 4156 fsssvc - ok
    16:27:37.0402 4156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    16:27:37.0403 4156 Fs_Rec - ok
    16:27:37.0452 4156 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    16:27:37.0454 4156 fvevol - ok
    16:27:37.0479 4156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    16:27:37.0480 4156 gagp30kx - ok
    16:27:37.0509 4156 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    16:27:37.0509 4156 GEARAspiWDM - ok
    16:27:37.0559 4156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    16:27:37.0563 4156 gpsvc - ok
    16:27:37.0690 4156 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:27:37.0691 4156 gupdate - ok
    16:27:37.0745 4156 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:27:37.0746 4156 gupdatem - ok
    16:27:37.0789 4156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    16:27:37.0789 4156 hcw85cir - ok
    16:27:37.0838 4156 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    16:27:37.0840 4156 HdAudAddService - ok
    16:27:37.0867 4156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    16:27:37.0868 4156 HDAudBus - ok
    16:27:37.0890 4156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    16:27:37.0891 4156 HidBatt - ok
    16:27:37.0904 4156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    16:27:37.0905 4156 HidBth - ok
    16:27:37.0943 4156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    16:27:37.0943 4156 HidIr - ok
    16:27:37.0980 4156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    16:27:37.0981 4156 hidserv - ok
    16:27:38.0027 4156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    16:27:38.0028 4156 HidUsb - ok
    16:27:38.0061 4156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    16:27:38.0062 4156 hkmsvc - ok
    16:27:38.0116 4156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    16:27:38.0118 4156 HomeGroupListener - ok
    16:27:38.0128 4156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    16:27:38.0130 4156 HomeGroupProvider - ok
    16:27:38.0166 4156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    16:27:38.0167 4156 HpSAMD - ok
    16:27:38.0192 4156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    16:27:38.0196 4156 HTTP - ok
    16:27:38.0220 4156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    16:27:38.0221 4156 hwpolicy - ok
    16:27:38.0268 4156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    16:27:38.0269 4156 i8042prt - ok
    16:27:38.0315 4156 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    16:27:38.0318 4156 iaStor - ok
    16:27:38.0345 4156 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    16:27:38.0347 4156 iaStorV - ok
    16:27:38.0405 4156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:27:38.0410 4156 idsvc - ok
    16:27:38.0559 4156 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    16:27:38.0589 4156 igfx - ok
    16:27:38.0625 4156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    16:27:38.0626 4156 iirsp - ok
    16:27:38.0661 4156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    16:27:38.0665 4156 IKEEXT - ok
    16:27:38.0707 4156 [ 42AB9EB7A48B173F32743FBBB4B85626 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
    16:27:38.0708 4156 Impcd - ok
    16:27:38.0805 4156 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    16:27:38.0816 4156 IntcAzAudAddService - ok
    16:27:38.0831 4156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    16:27:38.0831 4156 intelide - ok
    16:27:38.0868 4156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    16:27:38.0869 4156 intelppm - ok
    16:27:38.0904 4156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    16:27:38.0905 4156 IPBusEnum - ok
    16:27:38.0943 4156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    16:27:38.0944 4156 IpFilterDriver - ok
    16:27:38.0984 4156 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    16:27:38.0987 4156 iphlpsvc - ok
    16:27:39.0021 4156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    16:27:39.0021 4156 IPMIDRV - ok
    16:27:39.0052 4156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    16:27:39.0053 4156 IPNAT - ok
    16:27:39.0123 4156 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:27:39.0127 4156 iPod Service - ok
    16:27:39.0161 4156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    16:27:39.0162 4156 IRENUM - ok
    16:27:39.0175 4156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    16:27:39.0176 4156 isapnp - ok
    16:27:39.0200 4156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    16:27:39.0202 4156 iScsiPrt - ok
    16:27:39.0223 4156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    16:27:39.0224 4156 kbdclass - ok
    16:27:39.0262 4156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    16:27:39.0263 4156 kbdhid - ok
    16:27:39.0282 4156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    16:27:39.0284 4156 KeyIso - ok
    16:27:39.0313 4156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    16:27:39.0314 4156 KSecDD - ok
    16:27:39.0340 4156 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    16:27:39.0341 4156 KSecPkg - ok
    16:27:39.0353 4156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    16:27:39.0353 4156 ksthunk - ok
    16:27:39.0394 4156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    16:27:39.0397 4156 KtmRm - ok
    16:27:39.0438 4156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    16:27:39.0441 4156 LanmanServer - ok
    16:27:39.0475 4156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    16:27:39.0477 4156 LanmanWorkstation - ok
    16:27:39.0522 4156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    16:27:39.0529 4156 lltdio - ok
    16:27:39.0566 4156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    16:27:39.0568 4156 lltdsvc - ok
    16:27:39.0581 4156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    16:27:39.0582 4156 lmhosts - ok
    16:27:39.0633 4156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    16:27:39.0634 4156 LSI_FC - ok
    16:27:39.0671 4156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    16:27:39.0672 4156 LSI_SAS - ok
    16:27:39.0693 4156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    16:27:39.0694 4156 LSI_SAS2 - ok
    16:27:39.0706 4156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    16:27:39.0707 4156 LSI_SCSI - ok
    16:27:39.0733 4156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    16:27:39.0734 4156 luafv - ok
    16:27:39.0767 4156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    16:27:39.0768 4156 Mcx2Svc - ok
    16:27:39.0786 4156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    16:27:39.0786 4156 megasas - ok
    16:27:39.0819 4156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    16:27:39.0821 4156 MegaSR - ok
    16:27:39.0899 4156 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    16:27:39.0901 4156 Microsoft Office Groove Audit Service - ok
    16:27:39.0930 4156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    16:27:39.0931 4156 MMCSS - ok
    16:27:39.0951 4156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    16:27:39.0952 4156 Modem - ok
    16:27:39.0983 4156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    16:27:39.0984 4156 monitor - ok
    16:27:40.0037 4156 [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb C:\windows\system32\Drivers\motoandroid.sys
    16:27:40.0037 4156 motandroidusb - ok
    16:27:40.0090 4156 [ 43E754047C6DEE50666554D3C66D6279 ] motccgp C:\windows\system32\DRIVERS\motccgp.sys
    16:27:40.0090 4156 motccgp - ok
    16:27:40.0133 4156 [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl C:\windows\system32\DRIVERS\motccgpfl.sys
    16:27:40.0134 4156 motccgpfl - ok
    16:27:40.0189 4156 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter
     
  15. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    C:\windows\system32\DRIVERS\MijXfilt.sys
    16:27:40.0191 4156 MotioninJoyXFilter - ok
    16:27:40.0194 4156 motmodem - ok
    16:27:40.0264 4156 [ A8FD4605AACF006BBA3B2B90AC9565B2 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    16:27:40.0265 4156 Motorola Device Manager - ok
    16:27:40.0296 4156 [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\windows\system32\DRIVERS\motswch.sys
    16:27:40.0296 4156 MotoSwitchService - ok
    16:27:40.0331 4156 [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet C:\windows\system32\DRIVERS\Motousbnet.sys
    16:27:40.0332 4156 Motousbnet - ok
    16:27:40.0335 4156 motusbdevice - ok
    16:27:40.0375 4156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    16:27:40.0375 4156 mouclass - ok
    16:27:40.0410 4156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    16:27:40.0411 4156 mouhid - ok
    16:27:40.0456 4156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    16:27:40.0457 4156 mountmgr - ok
    16:27:40.0554 4156 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:27:40.0555 4156 MozillaMaintenance - ok
    16:27:40.0608 4156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    16:27:40.0609 4156 mpio - ok
    16:27:40.0658 4156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    16:27:40.0659 4156 mpsdrv - ok
    16:27:40.0703 4156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    16:27:40.0708 4156 MpsSvc - ok
    16:27:40.0746 4156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    16:27:40.0747 4156 MRxDAV - ok
    16:27:40.0790 4156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    16:27:40.0791 4156 mrxsmb - ok
    16:27:40.0832 4156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    16:27:40.0833 4156 mrxsmb10 - ok
    16:27:40.0849 4156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    16:27:40.0850 4156 mrxsmb20 - ok
    16:27:40.0874 4156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
    16:27:40.0875 4156 msahci - ok
    16:27:40.0889 4156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    16:27:40.0890 4156 msdsm - ok
    16:27:40.0905 4156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    16:27:40.0907 4156 MSDTC - ok
    16:27:40.0939 4156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    16:27:40.0940 4156 Msfs - ok
    16:27:41.0034 4156 [ 54819FC5C79E4B2C6E896F9DE440494D ] msftesql$CSSQL05 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    16:27:41.0035 4156 msftesql$CSSQL05 - ok
    16:27:41.0075 4156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    16:27:41.0076 4156 mshidkmdf - ok
    16:27:41.0084 4156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    16:27:41.0085 4156 msisadrv - ok
    16:27:41.0120 4156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    16:27:41.0122 4156 MSiSCSI - ok
    16:27:41.0125 4156 msiserver - ok
    16:27:41.0147 4156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    16:27:41.0147 4156 MSKSSRV - ok
    16:27:41.0155 4156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    16:27:41.0155 4156 MSPCLOCK - ok
    16:27:41.0166 4156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    16:27:41.0167 4156 MSPQM - ok
    16:27:41.0207 4156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    16:27:41.0209 4156 MsRPC - ok
    16:27:41.0226 4156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    16:27:41.0227 4156 mssmbios - ok
    16:27:41.0238 4156 MSSQL$CSSQL05 - ok
    16:27:41.0293 4156 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    16:27:41.0294 4156 MSSQLServerADHelper - ok
    16:27:41.0310 4156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    16:27:41.0311 4156 MSTEE - ok
    16:27:41.0327 4156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    16:27:41.0327 4156 MTConfig - ok
    16:27:41.0345 4156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    16:27:41.0346 4156 Mup - ok
    16:27:41.0392 4156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    16:27:41.0396 4156 napagent - ok
    16:27:41.0451 4156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    16:27:41.0453 4156 NativeWifiP - ok
    16:27:41.0520 4156 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    16:27:41.0526 4156 NDIS - ok
    16:27:41.0540 4156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    16:27:41.0541 4156 NdisCap - ok
    16:27:41.0580 4156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    16:27:41.0581 4156 NdisTapi - ok
    16:27:41.0613 4156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    16:27:41.0614 4156 Ndisuio - ok
    16:27:41.0651 4156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    16:27:41.0652 4156 NdisWan - ok
    16:27:41.0663 4156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    16:27:41.0664 4156 NDProxy - ok
    16:27:41.0705 4156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    16:27:41.0706 4156 NetBIOS - ok
    16:27:41.0723 4156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    16:27:41.0725 4156 NetBT - ok
    16:27:41.0748 4156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    16:27:41.0750 4156 Netlogon - ok
    16:27:41.0788 4156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    16:27:41.0791 4156 Netman - ok
    16:27:41.0822 4156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    16:27:41.0825 4156 netprofm - ok
    16:27:41.0878 4156 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:27:41.0879 4156 NetTcpPortSharing - ok
    16:27:41.0896 4156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    16:27:41.0897 4156 nfrd960 - ok
    16:27:41.0945 4156 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    16:27:41.0948 4156 NlaSvc - ok
    16:27:41.0980 4156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    16:27:41.0981 4156 Npfs - ok
    16:27:42.0009 4156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    16:27:42.0010 4156 nsi - ok
    16:27:42.0025 4156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    16:27:42.0026 4156 nsiproxy - ok
    16:27:42.0091 4156 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    16:27:42.0099 4156 Ntfs - ok
    16:27:42.0120 4156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    16:27:42.0120 4156 Null - ok
    16:27:42.0164 4156 [ AD37248BD442D41C9A896E53EB8A85EE ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
    16:27:42.0165 4156 NVHDA - ok
    16:27:42.0385 4156 [ 1E5312E8DC483867EFB854935C7ACA65 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
    16:27:42.0442 4156 nvlddmkm - ok
    16:27:42.0468 4156 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    16:27:42.0470 4156 nvraid - ok
    16:27:42.0505 4156 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    16:27:42.0506 4156 nvstor - ok
    16:27:42.0562 4156 [ DEC39984871A20CC9CB3A340FF0919F2 ] nvsvc C:\windows\system32\nvvsvc.exe
    16:27:42.0565 4156 nvsvc - ok
    16:27:42.0620 4156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    16:27:42.0621 4156 nv_agp - ok
    16:27:42.0716 4156 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:27:42.0719 4156 odserv - ok
    16:27:42.0742 4156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    16:27:42.0743 4156 ohci1394 - ok
    16:27:42.0801 4156 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:27:42.0802 4156 ose - ok
    16:27:42.0834 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    16:27:42.0836 4156 p2pimsvc - ok
    16:27:42.0878 4156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    16:27:42.0881 4156 p2psvc - ok
    16:27:42.0911 4156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
    16:27:42.0912 4156 Parport - ok
    16:27:42.0955 4156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    16:27:42.0956 4156 partmgr - ok
    16:27:42.0973 4156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    16:27:42.0975 4156 PcaSvc - ok
    16:27:43.0009 4156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    16:27:43.0011 4156 pci - ok
    16:27:43.0031 4156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
    16:27:43.0031 4156 pciide - ok
    16:27:43.0054 4156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    16:27:43.0056 4156 pcmcia - ok
    16:27:43.0070 4156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    16:27:43.0071 4156 pcw - ok
    16:27:43.0110 4156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    16:27:43.0114 4156 PEAUTH - ok
    16:27:43.0255 4156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    16:27:43.0256 4156 PerfHost - ok
    16:27:43.0318 4156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    16:27:43.0325 4156 pla - ok
    16:27:43.0376 4156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    16:27:43.0379 4156 PlugPlay - ok
    16:27:43.0406 4156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    16:27:43.0407 4156 PNRPAutoReg - ok
    16:27:43.0422 4156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    16:27:43.0425 4156 PNRPsvc - ok
    16:27:43.0465 4156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    16:27:43.0468 4156 PolicyAgent - ok
    16:27:43.0503 4156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    16:27:43.0505 4156 Power - ok
    16:27:43.0552 4156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    16:27:43.0553 4156 PptpMiniport - ok
    16:27:43.0580 4156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
    16:27:43.0580 4156 Processor - ok
    16:27:43.0613 4156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    16:27:43.0615 4156 ProfSvc - ok
    16:27:43.0627 4156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    16:27:43.0628 4156 ProtectedStorage - ok
    16:27:43.0673 4156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    16:27:43.0674 4156 Psched - ok
    16:27:43.0754 4156 [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    16:27:43.0755 4156 PST Service - ok
    16:27:43.0896 4156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    16:27:43.0904 4156 ql2300 - ok
    16:27:43.0959 4156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    16:27:43.0960 4156 ql40xx - ok
    16:27:44.0025 4156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    16:27:44.0027 4156 QWAVE - ok
    16:27:44.0058 4156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    16:27:44.0059 4156 QWAVEdrv - ok
    16:27:44.0077 4156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    16:27:44.0078 4156 RasAcd - ok
    16:27:44.0151 4156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    16:27:44.0152 4156 RasAgileVpn - ok
    16:27:44.0196 4156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    16:27:44.0198 4156 RasAuto - ok
    16:27:44.0230 4156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    16:27:44.0231 4156 Rasl2tp - ok
    16:27:44.0279 4156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    16:27:44.0282 4156 RasMan - ok
    16:27:44.0319 4156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    16:27:44.0320 4156 RasPppoe - ok
    16:27:44.0337 4156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    16:27:44.0338 4156 RasSstp - ok
    16:27:44.0353 4156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    16:27:44.0355 4156 rdbss - ok
    16:27:44.0368 4156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    16:27:44.0369 4156 rdpbus - ok
    16:27:44.0387 4156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    16:27:44.0388 4156 RDPCDD - ok
    16:27:44.0416 4156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    16:27:44.0417 4156 RDPENCDD - ok
    16:27:44.0422 4156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    16:27:44.0423 4156 RDPREFMP - ok
    16:27:44.0461 4156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    16:27:44.0462 4156 RDPWD - ok
    16:27:44.0492 4156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    16:27:44.0494 4156 rdyboost - ok
    16:27:44.0527 4156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    16:27:44.0529 4156 RemoteAccess - ok
    16:27:44.0609 4156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    16:27:44.0611 4156 RemoteRegistry - ok
    16:27:44.0643 4156 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\windows\SysWOW64\Rezip.exe
    16:27:44.0645 4156 Rezip - ok
    16:27:44.0683 4156 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
    16:27:44.0684 4156 RFCOMM - ok
    16:27:44.0788 4156 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    16:27:44.0789 4156 RichVideo - ok
    16:27:44.0802 4156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    16:27:44.0803 4156 RpcEptMapper - ok
    16:27:44.0823 4156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    16:27:44.0824 4156 RpcLocator - ok
    16:27:44.0861 4156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    16:27:44.0865 4156 RpcSs - ok
    16:27:44.0903 4156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    16:27:44.0904 4156 rspndr - ok
    16:27:44.0941 4156 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    16:27:44.0943 4156 RTL8167 - ok
    16:27:44.0983 4156 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
    16:27:44.0983 4156 SABI - ok
    16:27:44.0993 4156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    16:27:44.0994 4156 SamSs - ok
    16:27:45.0019 4156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    16:27:45.0020 4156 sbp2port - ok
    16:27:45.0048 4156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    16:27:45.0050 4156 SCardSvr - ok
    16:27:45.0084 4156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    16:27:45.0084 4156 scfilter - ok
    16:27:45.0137 4156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    16:27:45.0144 4156 Schedule - ok
    16:27:45.0161 4156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    16:27:45.0162 4156 SCPolicySvc - ok
    16:27:45.0187 4156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    16:27:45.0189 4156 SDRSVC - ok
    16:27:45.0219 4156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    16:27:45.0220 4156 secdrv - ok
    16:27:45.0228 4156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    16:27:45.0229 4156 seclogon - ok
    16:27:45.0260 4156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    16:27:45.0262 4156 SENS - ok
    16:27:45.0271 4156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    16:27:45.0272 4156 SensrSvc - ok
    16:27:45.0306 4156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    16:27:45.0307 4156 Serenum - ok
    16:27:45.0343 4156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
    16:27:45.0344 4156 Serial - ok
    16:27:45.0360 4156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    16:27:45.0361 4156 sermouse - ok
    16:27:45.0400 4156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    16:27:45.0402 4156 SessionEnv - ok
    16:27:45.0432 4156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    16:27:45.0432 4156 sffdisk - ok
    16:27:45.0453 4156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    16:27:45.0453 4156 sffp_mmc - ok
    16:27:45.0469 4156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    16:27:45.0470 4156 sffp_sd - ok
    16:27:45.0495 4156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    16:27:45.0496 4156 sfloppy - ok
    16:27:45.0534 4156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    16:27:45.0537 4156 ShellHWDetection - ok
    16:27:45.0565 4156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    16:27:45.0566 4156 SiSRaid2 - ok
    16:27:45.0590 4156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    16:27:45.0591 4156 SiSRaid4 - ok
    16:27:45.0650 4156 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:27:45.0651 4156 SkypeUpdate - ok
    16:27:45.0687 4156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    16:27:45.0688 4156 Smb - ok
    16:27:45.0733 4156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    16:27:45.0735 4156 SNMPTRAP - ok
    16:27:45.0769 4156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    16:27:45.0769 4156 spldr - ok
    16:27:45.0809 4156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    16:27:45.0812 4156 Spooler - ok
    16:27:45.0900 4156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    16:27:45.0917 4156 sppsvc - ok
    16:27:45.0960 4156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    16:27:45.0962 4156 sppuinotify - ok
    16:27:46.0016 4156 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\windows\System32\Drivers\sptd.sys
    16:27:46.0019 4156 sptd - ok
    16:27:46.0052 4156 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    16:27:46.0054 4156 SQLBrowser - ok
    16:27:46.0126 4156 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    16:27:46.0128 4156 SQLWriter - ok
    16:27:46.0168 4156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    16:27:46.0171 4156 srv - ok
    16:27:46.0182 4156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    16:27:46.0185 4156 srv2 - ok
    16:27:46.0204 4156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    16:27:46.0206 4156 srvnet - ok
    16:27:46.0245 4156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    16:27:46.0247 4156 SSDPSRV - ok
    16:27:46.0262 4156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    16:27:46.0264 4156 SstpSvc - ok
    16:27:46.0300 4156 Steam Client Service - ok
    16:27:46.0337 4156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    16:27:46.0338 4156 stexstor - ok
    16:27:46.0371 4156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    16:27:46.0375 4156 stisvc - ok
    16:27:46.0398 4156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
    16:27:46.0399 4156 swenum - ok
    16:27:46.0424 4156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    16:27:46.0427 4156 swprv - ok
    16:27:46.0484 4156 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    16:27:46.0486 4156 SynTP - ok
    16:27:46.0552 4156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    16:27:46.0561 4156 SysMain - ok
    16:27:46.0615 4156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    16:27:46.0617 4156 TabletInputService - ok
    16:27:46.0660 4156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    16:27:46.0662 4156 TapiSrv - ok
    16:27:46.0688 4156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    16:27:46.0690 4156 TBS - ok
    16:27:46.0752 4156 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
    16:27:46.0762 4156 Tcpip - ok
    16:27:46.0797 4156 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    16:27:46.0807 4156 TCPIP6 - ok
    16:27:46.0839 4156 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    16:27:46.0840 4156 tcpipreg - ok
    16:27:46.0863 4156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    16:27:46.0864 4156 TDPIPE - ok
    16:27:46.0896 4156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    16:27:46.0897 4156 TDTCP - ok
    16:27:46.0929 4156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    16:27:46.0930 4156 tdx - ok
    16:27:46.0961 4156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
    16:27:46.0962 4156 TermDD - ok
    16:27:47.0001 4156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    16:27:47.0005 4156 TermService - ok
    16:27:47.0027 4156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    16:27:47.0028 4156 Themes - ok
    16:27:47.0063 4156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    16:27:47.0064 4156 THREADORDER - ok
    16:27:47.0077 4156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    16:27:47.0079 4156 TrkWks - ok
    16:27:47.0134 4156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    16:27:47.0135 4156 TrustedInstaller - ok
    16:27:47.0165 4156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    16:27:47.0166 4156 tssecsrv - ok
    16:27:47.0245 4156 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    16:27:47.0246 4156 TsUsbFlt - ok
    16:27:47.0376 4156 [ BA1EE944D5A06CC4A8DD51546BBA6547 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
    16:27:47.0388 4156 TuneUp.UtilitiesSvc - ok
    16:27:47.0428 4156 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
    16:27:47.0429 4156 TuneUpUtilitiesDrv - ok
    16:27:47.0489 4156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    16:27:47.0490 4156 tunnel - ok
    16:27:47.0520 4156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    16:27:47.0526 4156 uagp35 - ok
    16:27:47.0573 4156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    16:27:47.0575 4156 udfs - ok
    16:27:47.0623 4156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    16:27:47.0625 4156 UI0Detect - ok
    16:27:47.0638 4156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    16:27:47.0639 4156 uliagpkx - ok
    16:27:47.0675 4156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
    16:27:47.0676 4156 umbus - ok
    16:27:47.0696 4156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    16:27:47.0697 4156 UmPass - ok
    16:27:47.0711 4156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    16:27:47.0714 4156 upnphost - ok
    16:27:47.0756 4156 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    16:27:47.0757 4156 USBAAPL64 - ok
    16:27:47.0776 4156 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    16:27:47.0777 4156 usbccgp - ok
    16:27:47.0814 4156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    16:27:47.0815 4156 usbcir - ok
    16:27:47.0839 4156 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
    16:27:47.0840 4156 usbehci - ok
    16:27:47.0866 4156 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    16:27:47.0868 4156 usbhub - ok
    16:27:47.0897 4156 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
    16:27:47.0898 4156 usbohci - ok
    16:27:47.0938 4156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    16:27:47.0939 4156 usbprint - ok
    16:27:47.0975 4156 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    16:27:47.0976 4156 usbscan - ok
    16:27:47.0985 4156 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    16:27:47.0986 4156 USBSTOR - ok
    16:27:48.0000 4156 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    16:27:48.0000 4156 usbuhci - ok
    16:27:48.0049 4156 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    16:27:48.0050 4156 usbvideo - ok
    16:27:48.0074 4156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    16:27:48.0075 4156 UxSms - ok
    16:27:48.0081 4156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    16:27:48.0082 4156 VaultSvc - ok
    16:27:48.0211 4156 [ C83D714B7CA4286515B5954B8F8C3C1F ] VBoxDrv C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys
    16:27:48.0212 4156 VBoxDrv - ok
    16:27:48.0243 4156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    16:27:48.0244 4156 vdrvroot - ok
    16:27:48.0281 4156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    16:27:48.0284 4156 vds - ok
    16:27:48.0318 4156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    16:27:48.0319 4156 vga - ok
    16:27:48.0339 4156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    16:27:48.0340 4156 VgaSave - ok
    16:27:48.0377 4156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    16:27:48.0378 4156 vhdmp - ok
    16:27:48.0407 4156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    16:27:48.0408 4156 viaide - ok
    16:27:48.0424 4156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    16:27:48.0425 4156 volmgr - ok
    16:27:48.0461 4156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    16:27:48.0463 4156 volmgrx - ok
    16:27:48.0499 4156 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
    16:27:48.0501 4156 volsnap - ok
    16:27:48.0517 4156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    16:27:48.0518 4156 vsmraid - ok
    16:27:48.0577 4156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    16:27:48.0585 4156 VSS - ok
    16:27:48.0724 4156 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    16:27:48.0728 4156 vToolbarUpdater12.2.6 - ok
    16:27:48.0775 4156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    16:27:48.0776 4156 vwifibus - ok
    16:27:48.0826 4156 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    16:27:48.0827 4156 vwififlt - ok
    16:27:48.0866 4156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    16:27:48.0869 4156 W32Time - ok
    16:27:48.0883 4156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    16:27:48.0884 4156 WacomPen - ok
    16:27:48.0936 4156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    16:27:48.0937 4156 WANARP - ok
    16:27:48.0941 4156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    16:27:48.0942 4156 Wanarpv6 - ok
    16:27:49.0012 4156 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    16:27:49.0018 4156 WatAdminSvc - ok
    16:27:49.0076 4156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    16:27:49.0084 4156 wbengine - ok
    16:27:49.0112 4156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    16:27:49.0114 4156 WbioSrvc - ok
    16:27:49.0149 4156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    16:27:49.0152 4156 wcncsvc - ok
    16:27:49.0166 4156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    16:27:49.0167 4156 WcsPlugInService - ok
    16:27:49.0196 4156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
    16:27:49.0197 4156 Wd - ok
    16:27:49.0225 4156 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    16:27:49.0228 4156 Wdf01000 - ok
    16:27:49.0238 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    16:27:49.0240 4156 WdiServiceHost - ok
    16:27:49.0243 4156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    16:27:49.0245 4156 WdiSystemHost - ok
    16:27:49.0264 4156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    16:27:49.0266 4156 WebClient - ok
    16:27:49.0298 4156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    16:27:49.0301 4156 Wecsvc - ok
    16:27:49.0319 4156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    16:27:49.0321 4156 wercplsupport - ok
    16:27:49.0352 4156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    16:27:49.0354 4156 WerSvc - ok
    16:27:49.0403 4156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    16:27:49.0403 4156 WfpLwf - ok
    16:27:49.0420 4156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    16:27:49.0421 4156 WIMMount - ok
    16:27:49.0450 4156 WinDefend - ok
    16:27:49.0455 4156 WinHttpAutoProxySvc - ok
    16:27:49.0529 4156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    16:27:49.0541 4156 Winmgmt - ok
    16:27:49.0618 4156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    16:27:49.0628 4156 WinRM - ok
    16:27:49.0707 4156 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    16:27:49.0708 4156 WinUsb - ok
    16:27:49.0770 4156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    16:27:49.0775 4156 Wlansvc - ok
    16:27:49.0929 4156 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:27:49.0940 4156 wlidsvc - ok
    16:27:49.0989 4156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    16:27:49.0990 4156 WmiAcpi - ok
    16:27:50.0035 4156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    16:27:50.0036 4156 wmiApSrv - ok
    16:27:50.0058 4156 WMPNetworkSvc - ok
    16:27:50.0090 4156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    16:27:50.0091 4156 WPCSvc - ok
    16:27:50.0120 4156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    16:27:50.0122 4156 WPDBusEnum - ok
    16:27:50.0147 4156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    16:27:50.0148 4156 ws2ifsl - ok
    16:27:50.0177 4156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    16:27:50.0179 4156 wscsvc - ok
    16:27:50.0182 4156 WSearch - ok
    16:27:50.0217 4156 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    16:27:50.0218 4156 WudfPf - ok
    16:27:50.0248 4156 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    16:27:50.0249 4156 WUDFRd - ok
    16:27:50.0265 4156 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    16:27:50.0267 4156 wudfsvc - ok
    16:27:50.0306 4156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    16:27:50.0308 4156 WwanSvc - ok
    16:27:50.0376 4156 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\windows\system32\DRIVERS\xusb21.sys
    16:27:50.0377 4156 xusb21 - ok
    16:27:50.0417 4156 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
    16:27:50.0420 4156 yukonw7 - ok
    16:27:50.0508 4156 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
    16:27:50.0509 4156 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
    16:27:50.0509 4156 ================ Scan global ===============================
    16:27:50.0544 4156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    16:27:50.0577 4156 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    16:27:50.0584 4156 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    16:27:50.0625 4156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    16:27:50.0656 4156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    16:27:50.0659 4156 [Global] - ok
    16:27:50.0659 4156 ================ Scan MBR ==================================
    16:27:50.0681 4156 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
    16:27:51.0033 4156 \Device\Harddisk0\DR0 - ok
    16:27:51.0038 4156 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
    16:27:51.0045 4156 \Device\Harddisk1\DR1 - ok
    16:27:51.0045 4156 ================ Scan VBR ==================================
    16:27:51.0047 4156 [ 8D1C1D53413A9338BB83BD1792E3461D ] \Device\Harddisk0\DR0\Partition1
    16:27:51.0049 4156 \Device\Harddisk0\DR0\Partition1 - ok
    16:27:51.0070 4156 [ 320648E8C0B59BD797F01A6A1D235CF3 ] \Device\Harddisk0\DR0\Partition2
    16:27:51.0072 4156 \Device\Harddisk0\DR0\Partition2 - ok
    16:27:51.0092 4156 [ 68E42B6F8EE78EA5C2F6FDEA1216B2A0 ] \Device\Harddisk0\DR0\Partition3
    16:27:51.0094 4156 \Device\Harddisk0\DR0\Partition3 - ok
    16:27:51.0098 4156 [ 4F18ED431AF66A9CFEC05C24CE6E2214 ] \Device\Harddisk1\DR1\Partition1
    16:27:51.0099 4156 \Device\Harddisk1\DR1\Partition1 - ok
    16:27:51.0099 4156 ============================================================
    16:27:51.0099 4156 Scan finished
    16:27:51.0100 4156 ============================================================
    16:27:51.0109 5436 Detected object count: 0
    16:27:51.0109 5436 Actual detected object count: 0
     
  16. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the first RogueKiller Report

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jen [Admin rights]
    Mode : Scan -- Date : 10/22/2012 16:30:32

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] MusicManager.exe -- C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1025616775-32965946-2427245248-1001[...]\Run : MusicManager ("C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> FOUND
    [TASK][SUSP PATH] {2F84F598-EFF8-4B87-8F62-AAB183A85CF1} : C:\windows\system32\pcalua.exe -a C:\Users\Jen\Desktop\QuickTimeInstaller.exe -d C:\Users\Jen\Desktop -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    69.65.1.83 boards.endoftheinter.net
    69.65.1.83 wiki.endoftheinter.net
    69.65.1.83 static.endoftheinter.net
    69.65.1.83 links.endoftheinter.net
    69.65.1.83 archives.endoftheinter.net
    69.65.1.83 endoftheinter.net


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM500JI +++++
    --- User ---
    [MBR] b8b2b4ae1bd0859842a8b92b53982ea2
    [BSP] 02439505a494b1ad5082c7ed6e7f6584 : KIWI Image system MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 102400 Mo
    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 241379328 | Size: 359077 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer Micro USB Device +++++
    --- User ---
    [MBR] 3a3a52443d407f40a1e189a99405b26f
    [BSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 233 | Size: 488 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  17. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the 2nd RogueKiller Report

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jen [Admin rights]
    Mode : Remove -- Date : 10/22/2012 16:30:46

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] MusicManager.exe -- C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Jen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (\??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl) -> DELETED
    [TASK][SUSP PATH] {2F84F598-EFF8-4B87-8F62-AAB183A85CF1} : C:\windows\system32\pcalua.exe -a C:\Users\Jen\Desktop\QuickTimeInstaller.exe -d C:\Users\Jen\Desktop -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    69.65.1.83 boards.endoftheinter.net
    69.65.1.83 wiki.endoftheinter.net
    69.65.1.83 static.endoftheinter.net
    69.65.1.83 links.endoftheinter.net
    69.65.1.83 archives.endoftheinter.net
    69.65.1.83 endoftheinter.net


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM500JI +++++
    --- User ---
    [MBR] b8b2b4ae1bd0859842a8b92b53982ea2
    [BSP] 02439505a494b1ad5082c7ed6e7f6584 : KIWI Image system MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 102400 Mo
    3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 241379328 | Size: 359077 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: SanDisk Cruzer Micro USB Device +++++
    --- User ---
    [MBR] 3a3a52443d407f40a1e189a99405b26f
    [BSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 233 | Size: 488 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  18. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the MBAM log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.22.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jen :: JEN-PC [administrator]

    10/22/2012 4:34:08 PM
    mbam-log-2012-10-22 (16-34-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203761
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  19. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    And finally here is the aswMBR log!

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-22 16:38:48
    -----------------------------
    16:38:48.846 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:38:48.847 Number of processors: 4 586 0x2502
    16:38:48.847 ComputerName: JEN-PC UserName: Jen
    16:38:49.691 Initialize success
    16:39:29.258 AVAST engine defs: 12102201
    16:39:56.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:39:56.560 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
    16:39:56.577 Disk 0 MBR read successfully
    16:39:56.580 Disk 0 MBR scan
    16:39:56.599 Disk 0 unknown MBR code
    16:39:56.620 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
    16:39:56.640 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
    16:39:56.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 102400 MB offset 31664128
    16:39:56.677 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 359077 MB offset 241379328
    16:39:56.703 Disk 0 scanning C:\windows\system32\drivers
    16:40:07.262 Service scanning
    16:40:33.315 Modules scanning
    16:40:33.325 Disk 0 trace - called modules:
    16:40:33.370 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
    16:40:33.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c060]
    16:40:33.385 3 CLASSPNP.SYS[fffff88000fcb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800493d050]
    16:40:34.054 AVAST engine scan C:\windows
    16:40:36.653 AVAST engine scan C:\windows\system32
    16:44:07.087 AVAST engine scan C:\windows\system32\drivers
    16:44:20.483 AVAST engine scan C:\Users\Jen
    16:54:30.161 AVAST engine scan C:\ProgramData
    16:56:09.240 Scan finished successfully
    16:57:28.033 Disk 0 MBR has been saved successfully to "C:\Users\Jen\Desktop\MBR.dat"
    16:57:28.038 The log file has been saved successfully to "C:\Users\Jen\Desktop\aswMBR.txt"
     
  20. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  21. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    I ran Combofix without a problem, it finished and provided me with a log. However I have been unable to reconnect to the Internet even after restarting my computer. I'm posting this from my phone, what steps do I need to take to reconfigure my connection?
     
  22. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Combofix created restore point.
    Use it and see if it helps.
     
  23. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Hmm, I used the restore point, but it did not work, and now my computer is running very slowly.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,684   +268

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  25. JMerlPE

    JMerlPE TS Rookie Topic Starter Posts: 45

    Here is the FSS log

    Farbar Service Scanner Version: 19-10-2012
    Ran by Jen (administrator) on 23-10-2012 at 14:01:42
    Running from "C:\Users\Jen\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    LAN connected.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-27 21:55] - [2012-10-23 10:25] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

    ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.