Solved Alureon.a rootkit detected by MSSE

M

mrtraver

Posts: 571   +422
Security Essentials suggested running Windows Defender Offline. I could not get it to boot from a CD, but I finally did manage to run it from a flash drive and the tool said it successfully removed the threat. However, when I restarted, MSSE said it was still there. I had already been planning on uninstalling MSSE, and I installed Avast tonight. I have also run a full scan of Malwarebytes Antimalware. While searching for a reliable removal tool, I kept seeing conflicting info. I'm just not sure what to do next to remove this, other than reformat and reinstall windows 7 home 64 bit. Are there any LiveCDs I should try? Or any other suggestions?

Thank you!!
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

=========================

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you! sorry for the delayed response; keep getting bsod.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.09.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jake :: JAKE-PC [administrator]
1/9/2013 7:43:12 PM
MBAM-log-2013-01-09 (19-49-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224951
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1564 -> No action taken.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\jake\Downloads\SWBFII_Patch.exe (Malware.Packer.Gen) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
(end)
--------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/31/2012 6:03:22 PM
System Uptime: 1/9/2013 8:30:57 PM (0 hours ago)
.
Motherboard: ECS | | IC780M-A2
Processor: AMD Athlon(tm) II X3 455 Processor | CPU 1 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 149.59 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP133: 1/9/2013 7:51:34 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.22 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
AMD OverDrive
AMD USB Filter Driver
ATI Catalyst Install Manager
avast! Free Antivirus
Battlefield 1942™
Beowulf TM
Black & White® 2
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Diablo II
Empire Earth III
Free YouTube Downloader 3.5.128
GameSpy Arcade
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java(TM) 6 Update 27
Java(TM) 6 Update 27 (64-bit)
K-Lite Mega Codec Pack 7.8.0
Malwarebytes Anti-Malware version 1.70.0.1100
Mass Effect™ 3 Demo
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Origin
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Rome - Total War(TM) Demo
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Star Wars Battlefront II
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VirtualCloneDrive
Wheelman
Windows Driver Package - Realtek (RTL8167) Net (05/22/2009 7.003.0522.2009)
Xfire (remove only)
Yontoo 1.10.03
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 8:44:19 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
1/9/2013 8:43:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
1/9/2013 8:35:15 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
1/9/2013 8:35:15 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
1/9/2013 8:31:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c2ffd0, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-41309-01.
1/9/2013 7:44:03 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
1/9/2013 6:56:06 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c6266b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-24039-01.
1/9/2013 5:12:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fef300d, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d100c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010913-26052-01.
1/8/2013 7:09:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f7963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-22807-01.
1/8/2013 10:34:38 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/8/2013 10:29:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c9a715). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010813-30576-01.
1/8/2013 10:27:55 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/7/2013 11:20:29 AM, Error: cdrom [15] - The device, \Device\CdRom2, is not ready for access yet.
1/6/2013 4:09:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
1/6/2013 4:09:04 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/6/2013 4:05:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000000007691a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d0c0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-26239-01.
1/6/2013 12:52:36 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002fd0a34, 0xfffff880086bce80, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-25630-01.
1/6/2013 12:49:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00001000000103d9, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d140c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010613-50294-01.
1/6/2013 10:35:37 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/6/2013 10:20:36 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/5/2013 12:46:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
1/5/2013 12:46:15 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 10:34:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/5/2013 10:34:50 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 10:34:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/5/2013 10:22:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
1/5/2013 10:22:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
1/5/2013 10:18:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d130c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-29655-01.
1/5/2013 10:15:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
1/5/2013 10:15:01 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 10:15:01 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 10:15:01 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/5/2013 10:12:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f7963a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-36348-01.
1/5/2013 1:02:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/5/2013 1:01:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c6666b, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010513-39717-01.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by jake at 20:44:02 on 2013-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2663 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.0.1 76.7.255.188
TCP: Interfaces\{09B6E950-66FA-4FF0-AEB0-0D9CFDEF3DCA} : DHCPNameServer = 192.168.0.1 76.7.255.188
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-6 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-6 370288]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-6 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-6 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-1-6 44808]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-31 34872]
S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-5-5 124256]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-4-28 1847296]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-28 19456]
S3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\System32\drivers\netr6164.sys [2012-3-31 438784]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]
.
=============== Created Last 30 ================
.
2013-01-10 02:13:42 20480 ----a-w- C:\Windows\svchost.exe
2013-01-09 23:25:44 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 23:25:44 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 23:25:20 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 23:25:20 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 23:25:19 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 23:25:19 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 23:25:14 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 23:25:14 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 23:25:10 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 23:25:10 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 23:23:48 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04279EAC-43AF-4255-86E9-996558EBB1BB}\mpengine.dll
2013-01-09 23:22:55 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 23:22:52 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 02:42:47 -------- d-----w- C:\Program Files\CCleaner
2013-01-06 06:46:25 4096000 ----a-w- C:\Program Files (x86)\GUT646E.tmp
2013-01-06 06:46:25 -------- d-----w- C:\Program Files (x86)\GUM646D.tmp
2013-01-06 06:40:24 -------- d-----w- C:\Users\jake\AppData\Local\Google
2013-01-06 06:40:15 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-01-06 06:40:11 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-01-06 06:40:02 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-01-06 06:39:40 41224 ----a-w- C:\Windows\avastSS.scr
2013-01-06 06:39:30 -------- d-----w- C:\ProgramData\AVAST Software
2013-01-06 06:39:30 -------- d-----w- C:\Program Files\AVAST Software
2013-01-06 04:52:04 -------- d-----w- C:\Users\jake\AppData\Local\Programs
2013-01-06 04:41:57 -------- d-----w- C:\Windows\pss
2013-01-05 21:09:21 -------- d-----w- C:\Windows\Microsoft Antimalware
2013-01-01 06:54:29 -------- d-----w- C:\Users\jake\AppData\Local\Stronghold_LLC
2013-01-01 06:53:20 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-01-01 06:52:33 -------- d-----w- C:\Program Files\Babylon
2013-01-01 06:52:33 -------- d-----w- C:\Program Files (x86)\Babylon
2013-01-01 06:52:27 -------- d-----w- C:\Users\jake\AppData\Roaming\Strongvault
2013-01-01 06:52:11 -------- d-----w- C:\Program Files (x86)\Yontoo
2013-01-01 06:52:08 -------- d-----w- C:\ProgramData\Tarma Installer
2012-12-21 09:00:53 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 09:00:53 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 09:00:52 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 09:00:51 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 01:37:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-21 01:37:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-21 01:35:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-21 01:35:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
==================== Find3M ====================
.
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 00:56:24 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 00:56:24 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 20:44:15.08 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Part 1:
22:16:06.0821 1076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:16:07.0445 1076 ============================================================
22:16:07.0445 1076 Current date / time: 2013/01/09 22:16:07.0445
22:16:07.0445 1076 SystemInfo:
22:16:07.0445 1076
22:16:07.0445 1076 OS Version: 6.1.7601 ServicePack: 1.0
22:16:07.0445 1076 Product type: Workstation
22:16:07.0445 1076 ComputerName: JAKE-PC
22:16:07.0445 1076 UserName: jake
22:16:07.0445 1076 Windows directory: C:\Windows
22:16:07.0445 1076 System windows directory: C:\Windows
22:16:07.0445 1076 Running under WOW64
22:16:07.0445 1076 Processor architecture: Intel x64
22:16:07.0445 1076 Number of processors: 3
22:16:07.0445 1076 Page size: 0x1000
22:16:07.0445 1076 Boot type: Normal boot
22:16:07.0445 1076 ============================================================
22:16:07.0617 1076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:07.0617 1076 Drive \Device\Harddisk1\DR1 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:16:07.0617 1076 ============================================================
22:16:07.0617 1076 \Device\Harddisk0\DR0:
22:16:07.0617 1076 MBR partitions:
22:16:07.0617 1076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
22:16:07.0617 1076 \Device\Harddisk1\DR1:
22:16:07.0617 1076 MBR partitions:
22:16:07.0617 1076 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xEE4080
22:16:07.0617 1076 ============================================================
22:16:07.0648 1076 C: <-> \Device\Harddisk0\DR0\Partition1
22:16:07.0648 1076 ============================================================
22:16:07.0648 1076 Initialize success
22:16:07.0648 1076 ============================================================
22:16:08.0865 2608 ============================================================
22:16:08.0865 2608 Scan started
22:16:08.0865 2608 Mode: Manual;
22:16:08.0865 2608 ============================================================
22:16:09.0317 2608 ================ Scan system memory ========================
22:16:09.0317 2608 System memory - ok
22:16:09.0317 2608 ================ Scan services =============================
22:16:09.0489 2608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:16:09.0489 2608 1394ohci - ok
22:16:09.0567 2608 [ F146E2BA475893DD77B2370DC1211FC6 ] 81202784 C:\Windows\system32\drivers\71681885.sys
22:16:09.0598 2608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:16:09.0598 2608 ACPI - ok
22:16:09.0629 2608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:16:09.0629 2608 AcpiPmi - ok
22:16:09.0692 2608 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:16:09.0692 2608 AdobeARMservice - ok
22:16:09.0879 2608 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:16:09.0879 2608 AdobeFlashPlayerUpdateSvc - ok
22:16:09.0910 2608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:16:09.0910 2608 adp94xx - ok
22:16:09.0941 2608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:16:09.0941 2608 adpahci - ok
22:16:09.0957 2608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:16:09.0957 2608 adpu320 - ok
22:16:09.0988 2608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:16:09.0988 2608 AeLookupSvc - ok
22:16:10.0144 2608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:16:10.0144 2608 AFD - ok
22:16:10.0175 2608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:16:10.0175 2608 agp440 - ok
22:16:10.0191 2608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:16:10.0191 2608 ALG - ok
22:16:10.0207 2608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:16:10.0207 2608 aliide - ok
22:16:10.0222 2608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:16:10.0222 2608 amdide - ok
22:16:10.0238 2608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:16:10.0238 2608 AmdK8 - ok
22:16:10.0269 2608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:16:10.0269 2608 AmdPPM - ok
22:16:10.0316 2608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:16:10.0316 2608 amdsata - ok
22:16:10.0363 2608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:16:10.0363 2608 amdsbs - ok
22:16:10.0378 2608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:16:10.0378 2608 amdxata - ok
22:16:10.0456 2608 [ 4FA3B5A200AB70F3B62F2A82DAC8DCBD ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
22:16:10.0472 2608 AODService - ok
22:16:10.0534 2608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:16:10.0534 2608 AppID - ok
22:16:10.0565 2608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:16:10.0565 2608 AppIDSvc - ok
22:16:10.0612 2608 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:16:10.0628 2608 Appinfo - ok
22:16:10.0659 2608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:16:10.0659 2608 arc - ok
22:16:10.0675 2608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:16:10.0675 2608 arcsas - ok
22:16:10.0893 2608 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:16:10.0893 2608 aspnet_state - ok
22:16:10.0987 2608 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:16:10.0987 2608 aswFsBlk - ok
22:16:11.0065 2608 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:16:11.0065 2608 aswMonFlt - ok
22:16:11.0158 2608 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
22:16:11.0158 2608 aswRdr - ok
22:16:11.0236 2608 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:16:11.0252 2608 aswSnx - ok
22:16:11.0314 2608 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:16:11.0314 2608 aswSP - ok
22:16:11.0345 2608 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:16:11.0345 2608 aswTdi - ok
22:16:11.0392 2608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:11.0392 2608 AsyncMac - ok
22:16:11.0439 2608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:16:11.0439 2608 atapi - ok
22:16:11.0517 2608 [ 36322190763845975E0D001E90687BF2 ] athur C:\Windows\system32\DRIVERS\athurx.sys
22:16:11.0533 2608 athur - ok
22:16:11.0579 2608 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:16:11.0579 2608 AtiPcie - ok
22:16:11.0626 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:16:11.0626 2608 AudioEndpointBuilder - ok
22:16:11.0642 2608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:16:11.0657 2608 AudioSrv - ok
22:16:11.0735 2608 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:16:11.0751 2608 avast! Antivirus - ok
22:16:11.0813 2608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:16:11.0813 2608 AxInstSV - ok
22:16:11.0860 2608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:16:11.0860 2608 b06bdrv - ok
22:16:11.0907 2608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:16:11.0907 2608 b57nd60a - ok
22:16:11.0907 2608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:16:11.0907 2608 BDESVC - ok
22:16:11.0938 2608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:16:11.0938 2608 Beep - ok
22:16:11.0985 2608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:16:12.0001 2608 BFE - ok
22:16:12.0047 2608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:16:12.0063 2608 BITS - ok
22:16:12.0079 2608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:12.0079 2608 blbdrive - ok
22:16:12.0125 2608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:16:12.0125 2608 bowser - ok
22:16:12.0141 2608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:16:12.0141 2608 BrFiltLo - ok
22:16:12.0157 2608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:16:12.0157 2608 BrFiltUp - ok
22:16:12.0203 2608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:16:12.0203 2608 Browser - ok
22:16:12.0219 2608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:16:12.0219 2608 Brserid - ok
22:16:12.0266 2608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:12.0266 2608 BrSerWdm - ok
22:16:12.0266 2608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:12.0266 2608 BrUsbMdm - ok
22:16:12.0297 2608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:12.0297 2608 BrUsbSer - ok
22:16:12.0344 2608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:16:12.0344 2608 BTHMODEM - ok
22:16:12.0484 2608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:16:12.0484 2608 bthserv - ok
22:16:12.0515 2608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:16:12.0515 2608 cdfs - ok
22:16:12.0547 2608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:16:12.0547 2608 cdrom - ok
22:16:12.0562 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:16:12.0578 2608 CertPropSvc - ok
22:16:12.0609 2608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:16:12.0609 2608 circlass - ok
22:16:12.0640 2608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:16:12.0640 2608 CLFS - ok
22:16:12.0703 2608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:16:12.0703 2608 clr_optimization_v2.0.50727_32 - ok
22:16:12.0749 2608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:16:12.0749 2608 clr_optimization_v2.0.50727_64 - ok
22:16:12.0890 2608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:16:12.0890 2608 clr_optimization_v4.0.30319_32 - ok
22:16:12.0905 2608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:16:12.0905 2608 clr_optimization_v4.0.30319_64 - ok
22:16:12.0937 2608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:16:12.0937 2608 CmBatt - ok
22:16:12.0952 2608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:16:12.0952 2608 cmdide - ok
22:16:13.0015 2608 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:16:13.0015 2608 CNG - ok
22:16:13.0030 2608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:16:13.0030 2608 Compbatt - ok
22:16:13.0061 2608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:16:13.0061 2608 CompositeBus - ok
22:16:13.0077 2608 COMSysApp - ok
22:16:13.0093 2608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:16:13.0093 2608 crcdisk - ok
22:16:13.0155 2608 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:16:13.0155 2608 CryptSvc - ok
22:16:13.0186 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:16:13.0202 2608 DcomLaunch - ok
22:16:13.0233 2608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:16:13.0233 2608 defragsvc - ok
22:16:13.0264 2608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:16:13.0264 2608 DfsC - ok
22:16:13.0295 2608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:16:13.0295 2608 Dhcp - ok
22:16:13.0311 2608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:16:13.0311 2608 discache - ok
22:16:13.0327 2608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:16:13.0342 2608 Disk - ok
22:16:13.0373 2608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:16:13.0373 2608 Dnscache - ok
22:16:13.0389 2608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:16:13.0389 2608 dot3svc - ok
22:16:13.0405 2608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:16:13.0405 2608 DPS - ok
22:16:13.0451 2608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:16:13.0451 2608 drmkaud - ok
22:16:13.0498 2608 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:16:13.0514 2608 DXGKrnl - ok
22:16:13.0545 2608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:16:13.0545 2608 EapHost - ok
22:16:13.0670 2608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:16:13.0701 2608 ebdrv - ok
22:16:13.0732 2608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:16:13.0732 2608 EFS - ok
22:16:13.0795 2608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:16:13.0810 2608 ehRecvr - ok
22:16:13.0841 2608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:16:13.0857 2608 ehSched - ok
22:16:13.0919 2608 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
22:16:13.0919 2608 ElbyCDIO - ok
22:16:13.0966 2608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:16:13.0982 2608 elxstor - ok
22:16:13.0997 2608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:16:13.0997 2608 ErrDev - ok
22:16:14.0044 2608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:16:14.0060 2608 EventSystem - ok
22:16:14.0060 2608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:16:14.0075 2608 exfat - ok
22:16:14.0075 2608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:16:14.0075 2608 fastfat - ok
22:16:14.0138 2608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:16:14.0153 2608 Fax - ok
22:16:14.0185 2608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:16:14.0185 2608 fdc - ok
22:16:14.0185 2608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:16:14.0200 2608 fdPHost - ok
22:16:14.0200 2608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:16:14.0200 2608 FDResPub - ok
22:16:14.0216 2608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:16:14.0216 2608 FileInfo - ok
22:16:14.0231 2608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:16:14.0231 2608 Filetrace - ok
22:16:14.0231 2608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:16:14.0247 2608 flpydisk - ok
22:16:14.0263 2608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:16:14.0263 2608 FltMgr - ok
22:16:14.0294 2608 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:16:14.0309 2608 FontCache - ok
22:16:14.0341 2608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:16:14.0341 2608 FontCache3.0.0.0 - ok
22:16:14.0356 2608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:16:14.0356 2608 FsDepends - ok
22:16:14.0387 2608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:16:14.0387 2608 Fs_Rec - ok
22:16:14.0419 2608 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:16:14.0419 2608 fvevol - ok
22:16:14.0434 2608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:16:14.0434 2608 gagp30kx - ok
22:16:14.0465 2608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:16:14.0465 2608 gpsvc - ok
22:16:14.0575 2608 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:14.0575 2608 gupdate - ok
22:16:14.0590 2608 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:14.0606 2608 gupdatem - ok
22:16:14.0668 2608 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:16:14.0684 2608 gusvc - ok
22:16:14.0715 2608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:16:14.0715 2608 hcw85cir - ok
22:16:14.0762 2608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:16:14.0762 2608 HdAudAddService - ok
22:16:14.0824 2608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:14.0824 2608 HDAudBus - ok
22:16:14.0840 2608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:16:14.0840 2608 HidBatt - ok
22:16:14.0871 2608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:16:14.0871 2608 HidBth - ok
22:16:14.0918 2608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:16:14.0918 2608 HidIr - ok
22:16:14.0980 2608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:16:14.0980 2608 hidserv - ok
22:16:15.0074 2608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:16:15.0074 2608 HidUsb - ok
22:16:15.0105 2608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:16:15.0121 2608 hkmsvc - ok
22:16:15.0136 2608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:16:15.0152 2608 HomeGroupListener - ok
22:16:15.0199 2608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:16:15.0199 2608 HomeGroupProvider - ok
22:16:15.0230 2608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:16:15.0230 2608 HpSAMD - ok
22:16:15.0261 2608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:16:15.0277 2608 HTTP - ok
22:16:15.0292 2608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:16:15.0292 2608 hwpolicy - ok
22:16:15.0292 2608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:16:15.0292 2608 i8042prt - ok
22:16:15.0323 2608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:16:15.0339 2608 iaStorV - ok
22:16:15.0386 2608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:16:15.0401 2608 idsvc - ok
22:16:15.0417 2608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:16:15.0417 2608 iirsp - ok
22:16:15.0448 2608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:16:15.0448 2608 IKEEXT - ok
22:16:15.0589 2608 [ 4BBB5A55EEB5EC11B20FCBB4CBB49357 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:16:15.0604 2608 IntcAzAudAddService - ok
22:16:15.0635 2608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:16:15.0635 2608 intelide - ok
22:16:15.0667 2608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:16:15.0667 2608 intelppm - ok
22:16:15.0698 2608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:16:15.0698 2608 IPBusEnum - ok
22:16:15.0713 2608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:16:15.0713 2608 IpFilterDriver - ok
22:16:15.0760 2608 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:16:15.0760 2608 iphlpsvc - ok
22:16:15.0776 2608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:16:15.0776 2608 IPMIDRV - ok
22:16:15.0791 2608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:16:15.0791 2608 IPNAT - ok
22:16:15.0823 2608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:16:15.0823 2608 IRENUM - ok
22:16:15.0838 2608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:16:15.0838 2608 isapnp - ok
22:16:15.0869 2608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:16:15.0885 2608 iScsiPrt - ok
22:16:15.0901 2608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:16:15.0901 2608 kbdclass - ok
22:16:15.0916 2608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:16:15.0916 2608 kbdhid - ok
22:16:15.0932 2608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:16:15.0932 2608 KeyIso - ok
22:16:15.0979 2608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:16:15.0979 2608 KSecDD - ok
22:16:16.0025 2608 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:16:16.0025 2608 KSecPkg - ok
22:16:16.0025 2608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:16:16.0025 2608 ksthunk - ok
22:16:16.0072 2608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:16:16.0072 2608 KtmRm - ok
22:16:16.0103 2608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:16:16.0119 2608 LanmanServer - ok
22:16:16.0150 2608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:16:16.0166 2608 LanmanWorkstation - ok
22:16:16.0181 2608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:16:16.0197 2608 lltdio - ok
22:16:16.0244 2608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:16:16.0259 2608 lltdsvc - ok
22:16:16.0275 2608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:16:16.0275 2608 lmhosts - ok
22:16:16.0322 2608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:16:16.0322 2608 LSI_FC - ok
22:16:16.0322 2608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:16:16.0337 2608 LSI_SAS - ok
22:16:16.0337 2608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:16:16.0337 2608 LSI_SAS2 - ok
22:16:16.0353 2608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:16:16.0353 2608 LSI_SCSI - ok
22:16:16.0369 2608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:16:16.0384 2608 luafv - ok
22:16:16.0400 2608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:16:16.0400 2608 Mcx2Svc - ok
22:16:16.0415 2608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:16:16.0415 2608 megasas - ok
22:16:16.0431 2608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:16:16.0447 2608 MegaSR - ok
22:16:16.0462 2608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:16:16.0462 2608 MMCSS - ok
22:16:16.0478 2608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:16:16.0478 2608 Modem - ok
22:16:16.0509 2608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:16:16.0509 2608 monitor - ok
22:16:16.0509 2608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:16:16.0509 2608 mouclass - ok
22:16:16.0525 2608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:16:16.0525 2608 mouhid - ok
22:16:16.0540 2608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:16:16.0540 2608 mountmgr - ok
22:16:16.0556 2608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:16:16.0556 2608 mpio - ok
22:16:16.0571 2608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:16:16.0571 2608 mpsdrv - ok
22:16:16.0618 2608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:16:16.0634 2608 MpsSvc - ok
22:16:16.0665 2608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:16:16.0665 2608 MRxDAV - ok
22:16:16.0681 2608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:16.0681 2608 mrxsmb - ok
22:16:16.0727 2608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:16.0727 2608 mrxsmb10 - ok
22:16:16.0743 2608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:16.0743 2608 mrxsmb20 - ok
22:16:16.0759 2608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:16:16.0759 2608 msahci - ok
22:16:16.0774 2608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:16:16.0774 2608 msdsm - ok
22:16:16.0790 2608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:16:16.0790 2608 MSDTC - ok
22:16:16.0821 2608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:16:16.0821 2608 Msfs - ok
22:16:16.0821 2608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:16:16.0821 2608 mshidkmdf - ok
22:16:16.0837 2608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:16:16.0837 2608 msisadrv - ok
22:16:16.0883 2608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:16:16.0883 2608 MSiSCSI - ok
22:16:16.0883 2608 msiserver - ok
22:16:16.0915 2608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:16:16.0915 2608 MSKSSRV - ok
22:16:16.0915 2608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:16.0915 2608 MSPCLOCK - ok
22:16:16.0930 2608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:16:16.0930 2608 MSPQM - ok
22:16:16.0946 2608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:16:16.0961 2608 MsRPC - ok
22:16:16.0977 2608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:16.0977 2608 mssmbios - ok
22:16:16.0977 2608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:16:16.0977 2608 MSTEE - ok
22:16:16.0993 2608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:16:16.0993 2608 MTConfig - ok
22:16:17.0008 2608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:16:17.0008 2608 Mup - ok
22:16:17.0039 2608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:16:17.0055 2608 napagent - ok
22:16:17.0086 2608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:16:17.0102 2608 NativeWifiP - ok
22:16:17.0164 2608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:16:17.0180 2608 NDIS - ok
22:16:17.0195 2608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:17.0195 2608 NdisCap - ok
22:16:17.0211 2608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:17.0211 2608 NdisTapi - ok
22:16:17.0242 2608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:17.0242 2608 Ndisuio - ok
22:16:17.0258 2608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:17.0258 2608 NdisWan - ok
22:16:17.0273 2608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:16:17.0273 2608 NDProxy - ok
 
Part 2:
22:16:17.0289 2608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:16:17.0289 2608 NetBIOS - ok
22:16:17.0305 2608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:16:17.0305 2608 NetBT - ok
22:16:17.0320 2608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:16:17.0320 2608 Netlogon - ok
22:16:17.0351 2608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:16:17.0351 2608 Netman - ok
22:16:17.0383 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:17.0398 2608 NetMsmqActivator - ok
22:16:17.0398 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:17.0414 2608 NetPipeActivator - ok
22:16:17.0445 2608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:16:17.0445 2608 netprofm - ok
22:16:17.0445 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:17.0461 2608 NetTcpActivator - ok
22:16:17.0461 2608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:16:17.0461 2608 NetTcpPortSharing - ok
22:16:17.0476 2608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:16:17.0476 2608 nfrd960 - ok
22:16:17.0539 2608 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:16:17.0539 2608 NlaSvc - ok
22:16:17.0601 2608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:16:17.0601 2608 Npfs - ok
22:16:17.0663 2608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:16:17.0663 2608 nsi - ok
22:16:17.0741 2608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:16:17.0741 2608 nsiproxy - ok
22:16:17.0851 2608 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:16:17.0882 2608 Ntfs - ok
22:16:17.0897 2608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:16:17.0897 2608 Null - ok
22:16:18.0287 2608 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:18.0334 2608 nvlddmkm - ok
22:16:18.0381 2608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:16:18.0381 2608 nvraid - ok
22:16:18.0397 2608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:16:18.0412 2608 nvstor - ok
22:16:18.0475 2608 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:16:18.0490 2608 nvsvc - ok
22:16:18.0615 2608 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:16:18.0631 2608 nvUpdatusService - ok
22:16:18.0662 2608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:16:18.0662 2608 nv_agp - ok
22:16:18.0677 2608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:16:18.0677 2608 ohci1394 - ok
22:16:18.0709 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:16:18.0709 2608 p2pimsvc - ok
22:16:18.0724 2608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:16:18.0740 2608 p2psvc - ok
22:16:18.0755 2608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:16:18.0755 2608 Parport - ok
22:16:18.0802 2608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:16:18.0802 2608 partmgr - ok
22:16:18.0818 2608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:16:18.0833 2608 PcaSvc - ok
22:16:18.0865 2608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:16:18.0865 2608 pci - ok
22:16:18.0865 2608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:16:18.0880 2608 pciide - ok
22:16:18.0896 2608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:16:18.0896 2608 pcmcia - ok
22:16:18.0911 2608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:16:18.0911 2608 pcw - ok
22:16:18.0927 2608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:16:18.0943 2608 PEAUTH - ok
22:16:19.0021 2608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:16:19.0021 2608 PerfHost - ok
22:16:19.0083 2608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:16:19.0099 2608 pla - ok
22:16:19.0145 2608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:16:19.0161 2608 PlugPlay - ok
22:16:19.0192 2608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:16:19.0192 2608 PNRPAutoReg - ok
22:16:19.0208 2608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:16:19.0223 2608 PNRPsvc - ok
22:16:19.0270 2608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:16:19.0286 2608 PolicyAgent - ok
22:16:19.0301 2608 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:16:19.0317 2608 Power - ok
22:16:19.0348 2608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:16:19.0348 2608 PptpMiniport - ok
22:16:19.0364 2608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:16:19.0364 2608 Processor - ok
22:16:19.0426 2608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:16:19.0426 2608 ProfSvc - ok
22:16:19.0442 2608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:16:19.0442 2608 ProtectedStorage - ok
22:16:19.0473 2608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:16:19.0473 2608 Psched - ok
22:16:19.0520 2608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:16:19.0520 2608 ql2300 - ok
22:16:19.0535 2608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:16:19.0535 2608 ql40xx - ok
22:16:19.0567 2608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:16:19.0567 2608 QWAVE - ok
22:16:19.0582 2608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:16:19.0582 2608 QWAVEdrv - ok
22:16:19.0598 2608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:16:19.0598 2608 RasAcd - ok
22:16:19.0613 2608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:16:19.0613 2608 RasAgileVpn - ok
22:16:19.0629 2608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:16:19.0629 2608 RasAuto - ok
22:16:19.0645 2608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:19.0645 2608 Rasl2tp - ok
22:16:19.0676 2608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:16:19.0676 2608 RasMan - ok
22:16:19.0691 2608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:19.0691 2608 RasPppoe - ok
22:16:19.0691 2608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:16:19.0691 2608 RasSstp - ok
22:16:19.0723 2608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:16:19.0723 2608 rdbss - ok
22:16:19.0723 2608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:16:19.0723 2608 rdpbus - ok
22:16:19.0754 2608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:19.0754 2608 RDPCDD - ok
22:16:19.0769 2608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:16:19.0769 2608 RDPENCDD - ok
22:16:19.0801 2608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:16:19.0801 2608 RDPREFMP - ok
22:16:19.0863 2608 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:16:19.0863 2608 RdpVideoMiniport - ok
22:16:19.0925 2608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:16:19.0925 2608 RDPWD - ok
22:16:19.0972 2608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:16:19.0972 2608 rdyboost - ok
22:16:20.0035 2608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:16:20.0035 2608 RemoteAccess - ok
22:16:20.0081 2608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:16:20.0081 2608 RemoteRegistry - ok
22:16:20.0113 2608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:16:20.0128 2608 RpcEptMapper - ok
22:16:20.0159 2608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:16:20.0159 2608 RpcLocator - ok
22:16:20.0191 2608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:16:20.0206 2608 RpcSs - ok
22:16:20.0222 2608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:16:20.0222 2608 rspndr - ok
22:16:20.0237 2608 RT2500 - ok
22:16:20.0269 2608 [ EC7F0030D58886B0FCD3EEFB1C51F8E2 ] rt61x64 C:\Windows\system32\DRIVERS\netr6164.sys
22:16:20.0269 2608 rt61x64 - ok
22:16:20.0315 2608 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:16:20.0331 2608 RTL8167 - ok
22:16:20.0347 2608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:16:20.0347 2608 SamSs - ok
22:16:20.0378 2608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:16:20.0378 2608 sbp2port - ok
22:16:20.0409 2608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:16:20.0425 2608 SCardSvr - ok
22:16:20.0440 2608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:16:20.0440 2608 scfilter - ok
22:16:20.0471 2608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:16:20.0487 2608 Schedule - ok
22:16:20.0503 2608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:16:20.0503 2608 SCPolicySvc - ok
22:16:20.0518 2608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:16:20.0518 2608 SDRSVC - ok
22:16:20.0549 2608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:16:20.0549 2608 secdrv - ok
22:16:20.0565 2608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:16:20.0565 2608 seclogon - ok
22:16:20.0596 2608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:16:20.0596 2608 SENS - ok
22:16:20.0612 2608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:16:20.0627 2608 SensrSvc - ok
22:16:20.0659 2608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:16:20.0659 2608 Serenum - ok
22:16:20.0659 2608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:16:20.0659 2608 Serial - ok
22:16:20.0674 2608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:16:20.0674 2608 sermouse - ok
22:16:20.0690 2608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:16:20.0705 2608 SessionEnv - ok
22:16:20.0705 2608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:16:20.0721 2608 sffdisk - ok
22:16:20.0721 2608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:16:20.0721 2608 sffp_mmc - ok
22:16:20.0737 2608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:16:20.0737 2608 sffp_sd - ok
22:16:20.0752 2608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:16:20.0752 2608 sfloppy - ok
22:16:20.0799 2608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:16:20.0799 2608 SharedAccess - ok
22:16:20.0830 2608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:16:20.0830 2608 ShellHWDetection - ok
22:16:20.0846 2608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:16:20.0846 2608 SiSRaid2 - ok
22:16:20.0861 2608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:16:20.0877 2608 SiSRaid4 - ok
22:16:20.0893 2608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:16:20.0893 2608 Smb - ok
22:16:20.0908 2608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:16:20.0924 2608 SNMPTRAP - ok
22:16:20.0924 2608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:16:20.0924 2608 spldr - ok
22:16:20.0986 2608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:16:21.0002 2608 Spooler - ok
22:16:21.0127 2608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:16:21.0142 2608 sppsvc - ok
22:16:21.0158 2608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:16:21.0173 2608 sppuinotify - ok
22:16:21.0189 2608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:16:21.0189 2608 srv - ok
22:16:21.0205 2608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:16:21.0220 2608 srv2 - ok
22:16:21.0220 2608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:16:21.0220 2608 srvnet - ok
22:16:21.0251 2608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:16:21.0251 2608 SSDPSRV - ok
22:16:21.0267 2608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:16:21.0267 2608 SstpSvc - ok
22:16:21.0345 2608 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:16:21.0345 2608 Stereo Service - ok
22:16:21.0361 2608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:16:21.0361 2608 stexstor - ok
22:16:21.0407 2608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:16:21.0423 2608 stisvc - ok
22:16:21.0454 2608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:16:21.0454 2608 swenum - ok
22:16:21.0470 2608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:16:21.0485 2608 swprv - ok
22:16:21.0532 2608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:16:21.0548 2608 SysMain - ok
22:16:21.0563 2608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:16:21.0563 2608 TabletInputService - ok
22:16:21.0610 2608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:16:21.0626 2608 TapiSrv - ok
22:16:21.0641 2608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:16:21.0641 2608 TBS - ok
22:16:21.0751 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:16:21.0751 2608 Tcpip - ok
22:16:21.0844 2608 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:16:21.0875 2608 TCPIP6 - ok
22:16:21.0922 2608 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:16:21.0922 2608 tcpipreg - ok
22:16:21.0938 2608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:16:21.0938 2608 TDPIPE - ok
22:16:21.0969 2608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:16:21.0969 2608 TDTCP - ok
22:16:22.0000 2608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:16:22.0016 2608 tdx - ok
22:16:22.0031 2608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:16:22.0031 2608 TermDD - ok
22:16:22.0063 2608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:16:22.0063 2608 TermService - ok
22:16:22.0109 2608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:16:22.0109 2608 Themes - ok
22:16:22.0125 2608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:16:22.0125 2608 THREADORDER - ok
22:16:22.0141 2608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:16:22.0141 2608 TrkWks - ok
22:16:22.0203 2608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:16:22.0219 2608 TrustedInstaller - ok
22:16:22.0234 2608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:22.0234 2608 tssecsrv - ok
22:16:22.0297 2608 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:16:22.0297 2608 TsUsbFlt - ok
22:16:22.0343 2608 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:16:22.0359 2608 TsUsbGD - ok
22:16:22.0390 2608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:16:22.0390 2608 tunnel - ok
22:16:22.0406 2608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:16:22.0406 2608 uagp35 - ok
22:16:22.0437 2608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:16:22.0437 2608 udfs - ok
22:16:22.0453 2608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:16:22.0453 2608 UI0Detect - ok
22:16:22.0484 2608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:16:22.0484 2608 uliagpkx - ok
22:16:22.0515 2608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:16:22.0515 2608 umbus - ok
22:16:22.0531 2608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:16:22.0531 2608 UmPass - ok
22:16:22.0562 2608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:16:22.0562 2608 upnphost - ok
22:16:22.0609 2608 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
22:16:22.0609 2608 usbccgp - ok
22:16:22.0640 2608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:16:22.0640 2608 usbcir - ok
22:16:22.0687 2608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:16:22.0687 2608 usbehci - ok
22:16:22.0702 2608 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:16:22.0718 2608 usbfilter - ok
22:16:22.0733 2608 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:16:22.0749 2608 usbhub - ok
22:16:22.0749 2608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:16:22.0765 2608 usbohci - ok
22:16:22.0765 2608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:16:22.0765 2608 usbprint - ok
22:16:22.0811 2608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:22.0811 2608 USBSTOR - ok
22:16:22.0827 2608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:16:22.0843 2608 usbuhci - ok
22:16:22.0858 2608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:16:22.0874 2608 UxSms - ok
22:16:22.0874 2608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:16:22.0874 2608 VaultSvc - ok
22:16:22.0936 2608 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
22:16:22.0936 2608 VClone - ok
22:16:22.0967 2608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:16:22.0967 2608 vdrvroot - ok
22:16:23.0014 2608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:16:23.0030 2608 vds - ok
22:16:23.0045 2608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:23.0045 2608 vga - ok
22:16:23.0061 2608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:16:23.0061 2608 VgaSave - ok
22:16:23.0077 2608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:16:23.0077 2608 vhdmp - ok
22:16:23.0092 2608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:16:23.0092 2608 viaide - ok
22:16:23.0092 2608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:16:23.0092 2608 volmgr - ok
22:16:23.0123 2608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:16:23.0123 2608 volmgrx - ok
22:16:23.0139 2608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:16:23.0139 2608 volsnap - ok
22:16:23.0155 2608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:16:23.0155 2608 vsmraid - ok
22:16:23.0217 2608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:16:23.0233 2608 VSS - ok
22:16:23.0248 2608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:16:23.0248 2608 vwifibus - ok
22:16:23.0279 2608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:16:23.0279 2608 vwififlt - ok
22:16:23.0311 2608 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:16:23.0311 2608 vwifimp - ok
22:16:23.0342 2608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:16:23.0357 2608 W32Time - ok
22:16:23.0373 2608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:16:23.0373 2608 WacomPen - ok
22:16:23.0404 2608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:16:23.0420 2608 WANARP - ok
22:16:23.0435 2608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:16:23.0435 2608 Wanarpv6 - ok
22:16:23.0513 2608 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:16:23.0529 2608 WatAdminSvc - ok
22:16:23.0607 2608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:16:23.0623 2608 wbengine - ok
22:16:23.0638 2608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:16:23.0654 2608 WbioSrvc - ok
22:16:23.0669 2608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:16:23.0669 2608 wcncsvc - ok
22:16:23.0685 2608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:16:23.0685 2608 WcsPlugInService - ok
22:16:23.0701 2608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:16:23.0701 2608 Wd - ok
22:16:23.0779 2608 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:16:23.0794 2608 Wdf01000 - ok
22:16:23.0794 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:16:23.0810 2608 WdiServiceHost - ok
22:16:23.0810 2608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:16:23.0810 2608 WdiSystemHost - ok
22:16:23.0825 2608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:16:23.0841 2608 WebClient - ok
22:16:23.0841 2608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:16:23.0857 2608 Wecsvc - ok
22:16:23.0872 2608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:16:23.0872 2608 wercplsupport - ok
22:16:23.0888 2608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:16:23.0903 2608 WerSvc - ok
22:16:23.0903 2608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:16:23.0903 2608 WfpLwf - ok
22:16:23.0919 2608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:16:23.0919 2608 WIMMount - ok
22:16:23.0919 2608 WinDefend - ok
22:16:23.0935 2608 WinHttpAutoProxySvc - ok
22:16:23.0950 2608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:16:23.0950 2608 Winmgmt - ok
22:16:24.0044 2608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:16:24.0059 2608 WinRM - ok
22:16:24.0106 2608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:16:24.0122 2608 Wlansvc - ok
22:16:24.0137 2608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:16:24.0137 2608 WmiAcpi - ok
22:16:24.0153 2608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:16:24.0153 2608 wmiApSrv - ok
22:16:24.0184 2608 WMPNetworkSvc - ok
22:16:24.0200 2608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:16:24.0215 2608 WPCSvc - ok
22:16:24.0215 2608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:16:24.0231 2608 WPDBusEnum - ok
22:16:24.0247 2608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:16:24.0247 2608 ws2ifsl - ok
22:16:24.0262 2608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:16:24.0262 2608 wscsvc - ok
22:16:24.0262 2608 WSearch - ok
22:16:24.0387 2608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:16:24.0418 2608 wuauserv - ok
22:16:24.0449 2608 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:16:24.0465 2608 WudfPf - ok
22:16:24.0496 2608 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:24.0496 2608 WUDFRd - ok
22:16:24.0543 2608 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:16:24.0559 2608 wudfsvc - ok
22:16:24.0590 2608 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:16:24.0605 2608 WwanSvc - ok
22:16:24.0668 2608 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:16:24.0668 2608 xusb21 - ok
22:16:24.0683 2608 ================ Scan global ===============================
22:16:24.0715 2608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:16:24.0761 2608 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:16:24.0777 2608 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:16:24.0808 2608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:16:24.0839 2608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:16:24.0839 2608 [Global] - ok
22:16:24.0839 2608 ================ Scan MBR ==================================
22:16:24.0839 2608 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:24.0839 2608 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:16:24.0902 2608 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
22:16:24.0902 2608 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
22:16:24.0917 2608 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
22:16:25.0307 2608 \Device\Harddisk1\DR1 - ok
22:16:25.0307 2608 ================ Scan VBR ==================================
22:16:25.0307 2608 [ 0171049F9FCFD63183C4F24E9642AF83 ] \Device\Harddisk0\DR0\Partition1
22:16:25.0323 2608 \Device\Harddisk0\DR0\Partition1 - ok
22:16:25.0323 2608 [ CFD0E3A00BBF0113E1DB08337CA07BD5 ] \Device\Harddisk1\DR1\Partition1
22:16:25.0323 2608 \Device\Harddisk1\DR1\Partition1 - ok
22:16:25.0323 2608 ============================================================
22:16:25.0323 2608 Scan finished
22:16:25.0323 2608 ============================================================
22:16:25.0323 4628 Detected object count: 1
22:16:25.0323 4628 Actual detected object count: 1
22:16:28.0583 4628 \Device\Harddisk0\DR0\# - copied to quarantine
22:16:28.0583 4628 \Device\Harddisk0\DR0 - copied to quarantine
22:16:28.0677 4628 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:16:28.0677 4628 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:16:28.0693 4628 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:16:28.0708 4628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
22:16:28.0708 4628 \Device\Harddisk0\DR0 - ok
22:16:28.0724 4628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
22:16:34.0901 0504 Deinitialize success
 
Good :)

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

========================

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
You rock; thank you so much! My son is in bed now (the computer is in his room) so I will get to these tomorrow night.
 
RogueKiller V8.4.2 _x64_ [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jake [Admin rights]
Mode : Remove -- Date : 01/10/2013 20:59:38
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 ATA Device +++++
--- User ---
[MBR] 278d335bdf95059ec57630cc0e5eea1a
[BSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] 24a57655445401ac34048f5cf6c187f0
[BSP] 1f9e74af6e4afc63ac8b7b9e690327f4 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8064 | Size: 7624 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_01102013_02d2059.txt >>
RKreport[1]_S_01102013_02d2059.txt ; RKreport[2]_D_01102013_02d2059.txt
 
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.11.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jake :: JAKE-PC [administrator]
1/10/2013 9:36:29 PM
mbar-log-2013-01-10 (21-36-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28529
Time elapsed: 6 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-2042701295-3963762134-3223861041-1000\$RSFCS19.exe (Malware.Packer.Gen) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.11.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
jake :: JAKE-PC [administrator]
1/10/2013 10:12:49 PM
mbar-log-2013-01-10 (22-12-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28479
Time elapsed: 6 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.293000 GHz
Memory total: 4294238208, free: 3452522496
------------ Kernel report ------------
01/10/2013 21:00:36
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007158790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000071\
Lower Device Object: 0xfffffa800623d060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004897790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8004898060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.11.02
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004897790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048972c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004897790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004896520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004898060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a001e0fa10, 0xfffffa8004897790, 0xfffffa80058c1790
Lower DeviceData: 0xfffff8a01012d8e0, 0xfffffa8004898060, 0xfffffa8006603930
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 488392704
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007158790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006bb7580, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007158790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003ffdc00, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800623d060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00c3466e0, 0xfffffa8007158790, 0xfffffa8004929090
Lower DeviceData: 0xfffff8a009f3c590, 0xfffffa800623d060, 0xfffffa80071694d0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3AE63AE5
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 8064 Numsec = 15614080
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 7998537728 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: C:\$Recycle.Bin\S-1-5-21-2042701295-3963762134-3223861041-1000\$RSFCS19.exe --> [Malware.Packer.Gen]
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Done!
Scan finished
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Non-administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.293000 GHz
Memory total: 4294238208, free: 3315331072
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_27
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.293000 GHz
Memory total: 4294238208, free: 3234471936
------------ Kernel report ------------
01/10/2013 22:06:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8006240060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xfffffa800623d060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048ab060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa8004895680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048aba50, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048ab060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800486c770, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004895680, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a009ab6a40, 0xfffffa80048ab060, 0xfffffa8003e8c090
Lower DeviceData: 0xfffff8a00865b140, 0xfffffa8004895680, 0xfffffa8003e6b540
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CAB10BEE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 488392704
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8006240060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006241040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006240060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800623e040, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800623d060, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a008aa1750, 0xfffffa8006240060, 0xfffffa8003e6b790
Lower DeviceData: 0xfffff8a008b0fba0, 0xfffffa800623d060, 0xfffffa80070f3e40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3AE63AE5
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 8064 Numsec = 15614080
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 7998537728 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 13-01-12.01 - jake 01/12/2013 8:58.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2969 [GMT -6:00]
Running from: c:\users\jake\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 15:02 . 2013-01-12 15:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 15:02 . 2013-01-12 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 14:52 . 2013-01-12 14:52 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{431F5E9F-7A7B-4488-8EF2-CD1D093631C6}\offreg.dll
2013-01-11 23:36 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{431F5E9F-7A7B-4488-8EF2-CD1D093631C6}\mpengine.dll
2013-01-10 04:15 . 2013-01-10 04:16 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 23:25 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 23:25 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 23:25 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 23:25 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 23:25 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 23:25 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 23:25 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 23:25 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 23:25 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 23:25 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 23:23 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 23:22 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 23:22 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:42 . 2013-01-09 14:53 -------- d-----w- c:\program files\CCleaner
2013-01-06 06:46 . 2013-01-06 06:46 -------- d-----w- c:\program files (x86)\GUM646D.tmp
2013-01-06 06:46 . 2013-01-06 06:46 4096000 ----a-w- c:\program files (x86)\GUT646E.tmp
2013-01-06 06:45 . 2013-01-06 06:45 -------- d-----w- c:\program files\Google
2013-01-06 06:40 . 2013-01-06 22:08 -------- d-----w- c:\users\jake\AppData\Local\Google
2013-01-06 06:40 . 2013-01-06 06:45 -------- d-----w- c:\program files (x86)\Google
2013-01-06 06:40 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-06 06:40 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-06 06:40 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-06 06:40 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-06 06:40 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-06 06:40 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-06 06:40 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-06 06:39 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-06 06:39 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-06 06:39 . 2013-01-06 06:39 -------- d-----w- c:\programdata\AVAST Software
2013-01-06 06:39 . 2013-01-06 06:39 -------- d-----w- c:\program files\AVAST Software
2013-01-06 04:52 . 2013-01-06 04:52 -------- d-----w- c:\users\jake\AppData\Local\Programs
2013-01-05 21:09 . 2013-01-06 22:02 -------- d-----w- c:\windows\Microsoft Antimalware
2013-01-01 06:54 . 2013-01-01 06:54 -------- d-----w- c:\users\jake\AppData\Local\Stronghold_LLC
2013-01-01 06:53 . 2013-01-06 04:47 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-01-01 06:52 . 2013-01-06 04:45 -------- d-----w- c:\program files\Babylon
2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\program files (x86)\Babylon
2013-01-01 06:52 . 2013-01-01 06:55 -------- d-----w- c:\users\jake\AppData\Roaming\Strongvault
2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\program files (x86)\Yontoo
2013-01-01 06:52 . 2013-01-01 06:52 -------- d-----w- c:\programdata\Tarma Installer
2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 01:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-21 01:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-21 01:35 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-21 01:35 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 04:56 . 2012-06-09 21:21 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-10 04:56 . 2012-03-31 23:27 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 01:58 . 2012-03-31 23:20 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-14 22:49 . 2012-10-28 16:47 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 23:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-30 02:52 . 2012-10-30 02:53 2604376 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-10-30 02:52 . 2012-10-30 02:53 65432 ----a-w- c:\windows\system32\tepeqapo64.dll
2012-10-30 02:52 . 2012-10-30 02:53 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2012-10-30 02:52 . 2012-10-30 02:53 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2012-10-30 02:52 . 2012-10-30 02:53 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2012-10-30 02:52 . 2012-10-30 02:53 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2012-10-30 02:52 . 2012-10-30 02:53 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
2012-10-30 02:52 . 2012-10-30 02:53 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2012-10-30 02:52 . 2012-10-30 02:53 78176 ----a-w- c:\windows\system32\SFAPO64.dll
2012-10-30 02:52 . 2012-10-30 02:53 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2012-10-30 02:52 . 2012-10-30 02:53 220512 ----a-w- c:\windows\system32\SFNHK64.dll
2012-10-30 02:52 . 2012-10-30 02:53 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-10-30 02:52 . 2012-10-30 02:53 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-10-30 02:52 . 2012-10-30 02:53 3053160 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-10-30 02:52 . 2012-10-30 02:53 2504296 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-10-30 02:52 . 2012-10-30 02:53 3198056 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-10-30 02:52 . 2012-10-30 02:53 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-10-30 02:52 . 2012-10-30 02:53 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 1827944 ----a-w- c:\windows\system32\RtkApi64.dll
2012-10-30 02:52 . 2012-10-30 02:53 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 93288 ----a-w- c:\windows\system32\RCoInst64.dll
2012-10-30 02:52 . 2012-10-30 02:53 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2012-10-30 02:52 . 2012-10-30 02:53 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2012-10-30 02:52 . 2012-10-30 02:53 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 1492480 ----a-w- c:\windows\system32\RCoRes64.dat
2012-10-30 02:52 . 2012-10-30 02:53 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
2012-10-30 02:52 . 2012-10-30 02:53 74072 ----a-w- c:\windows\system32\R4EEG64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 426328 ----a-w- c:\windows\system32\R4EED64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 3308376 ----a-w- c:\windows\system32\R4EEP64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 136024 ----a-w- c:\windows\system32\R4EEL64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 118104 ----a-w- c:\windows\system32\R4EEA64A.dll
2012-10-30 02:52 . 2012-10-30 02:53 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2012-10-30 02:52 . 2012-10-30 02:53 3768152 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2012-10-30 02:52 . 2012-10-30 02:53 2132824 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2012-10-30 02:52 . 2012-10-30 02:53 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2012-10-30 02:52 . 2012-10-30 02:53 341336 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2012-10-30 02:52 . 2012-10-30 02:53 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2012-10-30 02:52 . 2012-10-30 02:53 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 527872 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2012-10-30 02:52 . 2012-10-30 02:53 515584 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2012-10-30 02:52 . 2012-10-30 02:53 439808 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2012-10-30 02:52 . 2012-10-30 02:53 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
2012-10-30 02:52 . 2012-10-30 02:53 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2012-10-30 02:52 . 2012-10-30 02:53 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2012-10-30 02:52 . 2012-10-30 02:53 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2012-10-30 02:52 . 2012-10-30 02:53 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2012-10-30 02:52 . 2012-10-30 02:53 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-10-30 02:52 . 2012-10-30 02:53 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2012-10-30 02:52 . 2012-10-30 02:53 1698408 ----a-w- c:\windows\RtlExUpd.dll
2012-10-16 08:38 . 2012-12-02 19:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-02 19:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-02 19:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-03 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-05-05 124256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr6164.sys [2009-06-02 438784]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-26 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-06 1847296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AODDRIVER
*Deregistered* - AODDriver
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 04:56]
.
2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06 06:40]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-06 06:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-30 12666984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.0.1 76.7.255.188
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-52223635.sys
SafeBoot-81202784.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:47,d6,76,e9,9f,5d,d1,7d,28,eb,d6,e1,e2,9e,6f,15,31,b9,d5,c7,c2,07,94,
a0,8d,c8,e5,3d,ff,2b,81,7b,b7,29,8c,ab,77,99,ff,57,9d,4c,25,bf,48,22,9d,3a,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5d,99,de,6a,de,de,76,3e,11,56,4e,ee,93,80,7a,22,60,8f,97,96,9f,
99,b4,67,48,6b,83,03,39,83,a6,0e,80,5a,3c,4c,4b,4a,3f,81,09,e4,2e,95,70,35,\
"rkeysecu"=hex:3b,90,08,aa,56,8a,73,9c,26,68,2f,a5,96,b7,a6,55
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-12 09:03:55
ComboFix-quarantined-files.txt 2013-01-12 15:03
.
Pre-Run: 158,064,476,160 bytes free
Post-Run: 158,079,119,360 bytes free
.
- - End Of File - - 42ABE3163CFE80676D28E63AD27246F8
 
Looks good.

How is computer doing?

===================

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=======================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Doing better - no BSODs since I ran Combofix a few days ago! We havent used the machine much, it was sleeping most of the time.

===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.2 (01.08.2013:1)
OS: Windows 7 Home Premium x64
Ran by jake on Mon 01/14/2013 at 6:43:02.80
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_classes_root\appid\babyloniepi.dll
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\jake\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\jake\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\jake\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\yontoo"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/14/2013 at 6:49:31.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 1/14/2013 6:58:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.30% Memory free
8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 146.05 Gb Free Space | 62.71% Space Free | Partition Type: NTFS

Computer Name: JAKE-PC | User Name: jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 06:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 22:56:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/05 04:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/05 18:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 16:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/04 10:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/04/03 05:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 AD EA 14 D6 F0 CD 01 [binary data]
IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com

[2013/01/05 22:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.80.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 76.7.255.188
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B6E950-66FA-4FF0-AEB0-0D9CFDEF3DCA}: DhcpNameServer = 192.168.0.1 76.7.255.188
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 06:57:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
[2013/01/14 06:43:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/14 06:41:45 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/14 06:41:31 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\jake\Desktop\JRT.exe
[2013/01/12 09:07:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/12 09:02:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/12 08:57:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/12 08:57:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/12 08:57:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/12 08:57:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/12 08:57:20 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/09 22:15:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/08 22:41:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/08 20:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/06 00:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/01/06 00:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/01/06 00:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/06 00:40:24 | 000,000,000 | ---D | C] -- C:\Users\jake\AppData\Local\Google
[2013/01/06 00:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/06 00:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/06 00:40:21 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/06 00:40:21 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/06 00:40:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/06 00:40:13 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/06 00:40:11 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/06 00:40:02 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/06 00:40:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/06 00:39:40 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/06 00:39:39 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/06 00:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/06 00:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/05 22:52:04 | 000,000,000 | ---D | C] -- C:\Users\jake\AppData\Local\Programs
[2013/01/05 22:41:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/05 15:09:21 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/01/01 00:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 06:59:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 06:57:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jake\Desktop\OTL.exe
[2013/01/14 06:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 06:44:42 | 000,002,283 | ---- | M] () -- C:\Users\jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/14 06:41:44 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\jake\Desktop\JRT.exe
[2013/01/14 06:38:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 17:48:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/11 17:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 17:38:34 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 17:30:58 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/09 22:38:30 | 364,162,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/09 22:15:36 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/09 22:15:36 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/09 22:15:36 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/09 20:32:18 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 20:06:22 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 20:01:01 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2013/01/09 17:14:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/06 00:28:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/12 08:57:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/12 08:57:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/12 08:57:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/12 08:57:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/12 08:57:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/06 00:43:28 | 000,002,283 | ---- | C] () -- C:\Users\jake\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/06 00:40:35 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/06 00:40:31 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 00:40:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/12/21 03:04:25 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/08/11 07:31:25 | 000,000,043 | ---- | C] () -- C:\Users\jake\jagex_cl_runescape_LIVE.dat
[2012/08/11 07:31:25 | 000,000,024 | ---- | C] () -- C:\Users\jake\random.dat
[2012/06/23 12:33:54 | 000,000,257 | ---- | C] () -- C:\Windows\RomeTW Demo.ini
[2012/03/31 17:39:59 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/31 17:34:32 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/31 17:34:32 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/03/31 17:34:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/03/31 17:34:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/03/31 17:34:31 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/31 17:27:18 | 000,921,665 | ---- | C] () -- C:\Windows\SysWow64\msvcrt-ruby18.dll
[2012/03/31 17:27:18 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\vbrun100.dll
[2012/03/31 17:27:18 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2012/03/31 17:27:17 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\pythonw.exe
[2012/03/31 17:27:17 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\python.exe
[2012/03/31 17:27:17 | 000,020,537 | ---- | C] () -- C:\Windows\SysWow64\rubyw.exe
[2012/03/31 17:27:17 | 000,020,536 | ---- | C] () -- C:\Windows\SysWow64\ruby.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/22 19:37:18 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\BigHugeEngine
[2012/09/14 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2012/05/08 10:20:46 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/12/02 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Origin
[2012/09/16 13:25:30 | 000,000,000 | ---D | M] -- C:\Users\jake\AppData\Roaming\Sierra Entertainment

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 1/14/2013 6:58:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jake\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.30% Memory free
8.00 Gb Paging File | 6.49 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 146.05 Gb Free Space | 62.71% Space Free | Partition Type: NTFS

Computer Name: JAKE-PC | User Name: jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2042701295-3963762134-3223861041-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3900DD-2B0C-4049-84F9-FBE53D12C75C}" = rport=137 | protocol=17 | dir=out | app=system |
"{1D61A25E-0731-4712-97B4-0A89E70D3840}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D955CD5-DC6B-4376-9363-10E4B619A383}" = lport=138 | protocol=17 | dir=in | app=system |
"{26553D74-01E2-44A3-ADF8-A5430324722C}" = lport=445 | protocol=6 | dir=in | app=system |
"{28CA3B4B-D40C-4675-A2DE-25E67BF0B5F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{38D37173-38B1-472D-8B8D-47D476021A05}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CD088AB-1F1A-4AC5-9343-0F5B676096EA}" = rport=138 | protocol=17 | dir=out | app=system |
"{65FEE7FE-EAE7-4C55-8B8D-3649A54B6BEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81C38D34-AEC2-4E4D-B8F0-F359FB6DB373}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9096C403-D89A-4E41-949A-5A234421F69A}" = rport=139 | protocol=6 | dir=out | app=system |
"{9239AB14-3A99-4044-8CC1-8829D2369718}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4FA0F17-21B2-4902-B41D-4B56D1F2520C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5C11856-558A-4D9F-8B72-5DDCC4D79D9C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BCED9BED-F1D1-4304-8208-C8F28F51CCE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4460992-0F81-4293-81DB-262AB311CE40}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD86DDAF-DE52-4010-830B-EA7E6D967FDE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF8A688E-059C-4E32-B673-AEB7C6BD18AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D62859ED-0DB8-45DE-AEC9-58BE291C1C59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D848679B-B210-44D8-95D5-7EAD517BAB63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8CF6794-6B6A-4A1B-A12A-339EF73A0A65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F18DF755-CAEC-40D8-920E-040492FEC659}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC66A018-135D-4468-9CA3-E00D79648A22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AAA6E3-E0D9-4216-AB85-78811F0F5AAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{096222F1-2061-433A-9188-B6ED4DFF449F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0ACA2269-1C48-4650-B2AC-869B7B441083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{112AF7E1-228B-422C-AC3A-27B8AE362623}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{12C43CE6-BE91-4410-8066-F1F383273B80}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{20F3D4E9-04DC-4EB5-BD93-58C17CE00D9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{265BC49D-ED7B-4B03-B4D6-8B9D4771E121}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31B8F030-AE42-4C36-9599-F1852E05BDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{34FBB8C4-C297-4CF9-A0FF-9C4BF5448970}" = protocol=6 | dir=out | app=system |
"{3BBDD67E-E98B-4EC8-B4F4-5170CF41AB83}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3F3A9995-C260-4661-96B1-87904C20A054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E91778D-6777-4137-8D8E-89E6176EF6F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F96478B-DAE1-4B0E-9EE0-A52DC2E20C3A}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\empire earth iii\ee3.exe |
"{68490B1A-DEBF-45A1-90DB-CF056812F8EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77EF8319-2A7A-4C3D-8838-ED5A8F79263C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84D8B20C-A350-4DF7-8F9E-079A26C410B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D2BE6CC-AFB0-4BE4-BD54-982A98B1D17F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{A0538F3B-3C89-489E-A41A-6F5A2F084C1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4DFEC27-EC2F-4720-8D25-8B7B08C7E9A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB43D590-DD1C-46D0-AB83-8CDC67738FAE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAB88037-1F2E-404B-885E-A48A5269C29E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5D5397E-B3A6-4C19-A35E-A4B2C806E3D8}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\empire earth iii\ee3.exe |
"{C7B7E9A1-5B5A-4E6F-B3C6-4194605F4B3B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{D2DB8FE8-2E3E-4FBF-A70C-EDC3B2F66867}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA091A18-4C26-4DFE-A709-E31D91E05273}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{DBBD173C-9F01-4FEA-8C86-0E06A0847E0E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"{EC26EFDC-5209-4416-9B6A-E826F3431CC1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0194E54C-1A49-4149-8418-7B0DB816504A}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{1B75EEB9-BF04-4FA7-98DD-E260A7B1468D}C:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"TCP Query User{D0F80D8C-2863-4DDD-94F8-70F938465458}C:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe |
"TCP Query User{E701133F-F3FC-451E-B06B-2399EA2C189A}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{19290DA7-DCE3-43E7-8401-3BB3FA1F9DD3}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{7B942D6F-10A4-4D94-BCF0-C64956E93FF8}C:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe |
"UDP Query User{A2F81C1B-782B-4147-B600-28FECFEF653B}C:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\jake\appdata\local\temp\electronicarts_patcher_000.exe |
"UDP Query User{CEB10DE3-6655-4892-9CE9-DCC5F569B770}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17155770-D9E5-0AB3-F8CB-EA48CC605A79}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"16849D8BC55E28DE2C17CAD12590AA83D82B0717" = Windows Driver Package - Realtek (RTL8167) Net (05/22/2009 7.003.0522.2009)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War(TM) Demo
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}" = Wheelman
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{477AB6F3-0907-4E90-ABC2-9525CC6AA356}" = Beowulf TM
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.128
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Diablo II" = Diablo II
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{0900B4D5-B94A-4B08-9EB6-03C9D61D2975}" = Rome - Total War(TM) Demo
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Revo Uninstaller" = Revo Uninstaller 1.94
"VirtualCloneDrive" = VirtualCloneDrive
"Xfire" = Xfire (remove only)

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 1/14/2013 8:52:32 AM | Computer Name = jake-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 1/14/2013 9:01:30 AM | Computer Name = jake-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.


< End of report >
 
Oops, my bad! Had to run it again, but I think I did it wrong the first time anyway - forgot to use the delete key!
==========
# AdwCleaner v2.105 - Logfile created 01/14/2013 at 16:52:09
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : jake - JAKE-PC
# Boot Mode : Normal
# Running from : C:\Users\jake\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\jake\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2271 octets] - [14/01/2013 16:51:18]
AdwCleaner[S1].txt - [2242 octets] - [14/01/2013 16:52:09]

########## EOF - C:\AdwCleaner[S1].txt - [2302 octets] ##########
 
All looks good.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 6 Update 27
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 16-01-2013
Ran by jake (administrator) on 18-01-2013 at 08:41:37
Running from "C:\Users\jake\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzA4E7.tmp a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzAB3F.tmp Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzAB6E.tmp Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\trzABAE.tmp Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.14.05\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.RG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.01.2013_22.16.07\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
 
You must log in or register to reply here.

Similar threads

Daniel Sims
The FBI withheld a decryption key for weeks to run an operation on a ransomware gang before...
Replies
3
Views
1K
Danny101
Danny101
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
Ivan Franco
ProtonMail review: Is secure email really secure?
Replies
9
Views
5K
Dr Aggressive
D

Latest posts

Back