Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe that doesn't go away no matter what I do!


  • This topic is locked This topic is locked
19 replies to this topic

#1 KirovReporting

KirovReporting

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 03 January 2013 - 10:24 AM

Hey guys!

New here, came here straight from good ol' Google, this seems the most professional place I could find answers to my issue:

Found today that I got a trojan/s that's called svchost.exe (I know the real svchost is not this one).
It's placed @ C:\Users\UserName\AppData\Local\Temp\ folder.
Found when I noticed after a computer restart, that my GPU usage is almost @ 100% for no reason, and via the Process Explorer program I found it's that svchost thingy, and I closed it from the program and bang! it's gone till the next restart.

No matter what I tried - ESET online scanner, MBAR, MBAM, SUPERAntiSpyware, they all found the trojan (some reported 2 trojans under the same filename, they all tried to quarantine or delete the file - IT'S STILL THERE.
GPU usage keeps cranking up tp ~100% after each restart, and till I close the service with Process Explorer.

What can I do?

THANKS!

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 03 January 2013 - 11:05 AM

Hello KirovReporting and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Do you have a USB Flash Drive you can use?

Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 04:20 AM

Hey, so these are the logs from dds:

dds:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16453
Run by Snooch at 11:03:30 on 2013-01-04
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.2057.18.4095.2994 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
"C:\Users\Snooch\AppData\Local\Temp\svchost.exe" -o http://02v403.chickenkiller.com -O v403:v403 -l 1
C:\Windows\system32\msiexec.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:home
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Google Update] "C:\Users\Snooch\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe] C:\ProgramData\Adobe\14FECD5A.vbe
StartupFolder: C:\Users\Snooch\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: &????? ?? Microsoft Excel - <no file>
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{3116E2D6-5BA5-4F77-90DD-5622F32A09B2} : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2012-11-2 208736]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2012-11-28 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-18 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-8-21 91648]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-23 683664]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-01-03 17:14:24 -------- d-----w- C:\Users\Snooch\AppData\Local\Diagnostics
2013-01-03 14:27:13 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-03 13:48:26 -------- d-----w- C:\Users\Snooch\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 13:48:10 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-01-03 13:48:10 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-01-03 13:38:24 -------- d-----w- C:\Users\Snooch\AppData\Roaming\Malwarebytes
2013-01-03 13:38:19 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-03 13:38:19 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-03 13:38:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 13:38:11 -------- d-----w- C:\Users\Snooch\AppData\Local\Programs
2013-01-03 13:06:37 -------- d-----w- C:\Temp
2013-01-03 10:05:42 -------- d-----w- C:\Users\Snooch\AppData\Local\My Games
2013-01-03 10:03:38 -------- d-----w- C:\ProgramData\Orbit
2013-01-03 09:59:24 -------- d-----w- C:\Users\Snooch\AppData\Local\Ubisoft Game Launcher
2013-01-02 18:36:14 -------- d-----w- C:\Users\Snooch\AppData\Roaming\Tropico 4
2013-01-02 18:36:04 -------- d-----w- C:\Users\Snooch\AppData\Roaming\Kalypso Media
2012-12-27 18:06:35 -------- d-----w- C:\Users\Snooch\AppData\Local\WinZip
2012-12-27 18:00:31 -------- d-----w- C:\Users\Snooch\AppData\Local\FalloutNV
2012-12-24 15:29:49 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
2012-12-20 22:13:21 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-20 22:13:21 362496 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-20 22:13:21 35328 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-20 22:13:21 300032 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-15 00:01:40 -------- d-----w- C:\Users\Snooch\AppData\Local\Downloaded Installations
2012-12-15 00:01:40 -------- d-----w- C:\Program Files (x86)\AMD
2012-12-15 00:01:07 -------- d-----w- C:\Windows\SysWow64\xlive
2012-12-15 00:01:05 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-14 21:48:19 -------- d-----w- C:\Users\Snooch\AppData\Local\Deployment
2012-12-14 21:48:19 -------- d-----w- C:\Users\Snooch\AppData\Local\Apps
2012-12-13 17:04:41 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-12-13 17:04:41 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2012-12-13 17:01:42 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll
.
==================== Find3M ====================
.
2013-01-03 18:55:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-03 18:55:30 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-03 11:01:26 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-01-03 09:57:23 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-29 23:06:06 80736 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-29 23:06:06 695648 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-28 14:59:35 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-11-28 04:21:17 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2012-11-28 04:20:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2012-11-23 05:03:06 0 ----a-w- C:\Windows\ativpsrm.bin
2012-11-20 08:00:23 6971624 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-11-20 05:24:19 1164800 ----a-w- C:\Windows\SysWow64\Display.dll
2012-11-20 05:24:17 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll
2012-11-20 05:17:23 1184256 ----a-w- C:\Windows\System32\Display.dll
2012-11-20 05:17:20 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll
2012-11-20 05:02:46 6656 ----a-w- C:\Windows\SysWow64\KBDKURD.DLL
2012-11-20 04:59:26 7168 ----a-w- C:\Windows\System32\KBDKURD.DLL
2012-11-20 04:56:27 27136 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-11-20 04:56:11 83456 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2012-11-20 04:54:31 39936 ----a-w- C:\Windows\System32\drivers\hidi2c.sys
2012-11-15 06:08:41 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-15 06:06:34 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-13 04:20:30 1120768 ----a-w- C:\Windows\System32\msctf.dll
2012-11-13 04:19:23 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2012-11-13 04:19:14 707584 ----a-w- C:\Windows\System32\AppXDeploymentExtensions.dll
2012-11-13 04:19:14 1131520 ----a-w- C:\Windows\System32\AppXDeploymentServer.dll
2012-11-10 04:23:25 132608 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-10 04:23:18 148480 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-10 04:22:40 122880 ----a-w- C:\Windows\System32\VmHostAI.dll
2012-11-10 04:22:35 144384 ----a-w- C:\Windows\System32\tssdisai.dll
2012-11-10 04:22:14 126976 ----a-w- C:\Windows\System32\RDWebAI.dll
2012-11-10 04:20:20 135680 ----a-w- C:\Windows\System32\appserverai.dll
2012-11-09 04:49:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:03:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 04:25:36 523776 ----a-w- C:\Windows\SysWow64\WSShared.dll
2012-11-08 04:25:36 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2012-11-08 04:25:36 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:25:35 1775104 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-08 04:24:27 2881536 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-08 04:24:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-11-08 04:24:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-11-08 04:24:19 75776 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-11-08 04:24:06 10752 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-11-08 04:22:21 641536 ----a-w- C:\Windows\System32\WSShared.dll
2012-11-08 04:22:20 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-11-08 04:22:20 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-11-08 04:22:19 2246656 ----a-w- C:\Windows\System32\wininet.dll
2012-11-08 04:22:12 907776 ----a-w- C:\Windows\System32\uxtheme.dll
2012-11-08 04:21:00 3966464 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-08 04:20:56 67072 ----a-w- C:\Windows\System32\iesetup.dll
2012-11-08 04:20:56 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2012-11-08 04:20:50 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-11-08 04:20:37 14336 ----a-w- C:\Windows\System32\dciman32.dll
2012-11-08 04:02:16 3072 ----a-w- C:\Windows\System32\lpk.dll
2012-11-08 04:01:40 3072 ----a-w- C:\Windows\SysWow64\lpk.dll
2012-11-08 03:59:49 4056576 ----a-w- C:\Windows\System32\win32k.sys
2012-11-08 01:56:52 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2012-11-06 07:52:07 445160 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2012-11-06 07:52:04 277736 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2012-11-06 07:36:23 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys
2012-11-06 07:36:14 96488 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2012-11-06 07:35:34 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-11-06 07:35:31 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2012-11-06 07:33:46 522640 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2012-11-06 07:33:46 253512 ----a-w- C:\Windows\System32\audiodg.exe
2012-11-06 07:33:45 490064 ----a-w- C:\Windows\System32\AudioEng.dll
2012-11-06 07:33:45 447792 ----a-w- C:\Windows\System32\AudioSes.dll
2012-11-06 07:33:30 1566432 ----a-w- C:\Windows\System32\ole32.dll
2012-11-06 05:00:06 463768 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2012-11-06 05:00:06 427568 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2012-11-06 05:00:06 324344 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2012-11-06 04:54:13 2205696 ----a-w- C:\Windows\SysWow64\PrintConfig.dll
2012-11-06 04:48:27 1150160 ----a-w- C:\Windows\SysWow64\ole32.dll
2012-11-06 04:19:59 470016 ----a-w- C:\Windows\System32\wlanmsm.dll
2012-11-06 04:18:58 84992 ----a-w- C:\Windows\SysWow64\fdWCN.dll
2012-11-06 04:17:58 110080 ----a-w- C:\Windows\System32\dafWCN.dll
2012-11-06 04:17:44 718848 ----a-w- C:\Windows\System32\BFE.DLL
2012-11-06 04:17:43 2302464 ----a-w- C:\Windows\System32\authui.dll
2012-11-06 04:17:42 785920 ----a-w- C:\Windows\System32\audiosrv.dll
2012-11-06 04:17:41 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll
2012-11-06 04:17:35 2146816 ----a-w- C:\Windows\System32\actxprxy.dll
2012-11-06 04:17:33 322560 ----a-w- C:\Windows\System32\aaclient.dll
2012-11-06 04:17:32 212992 ----a-w- C:\Windows\System32\bthprops.cpl
2012-11-06 04:00:44 99328 ----a-w- C:\Windows\System32\wushareduxresources.dll
2012-11-06 04:00:17 16384 ----a-w- C:\Windows\System32\iscsilog.dll
2012-11-06 03:58:53 9728 ----a-w- C:\Windows\System32\wlanhlp.dll
2012-11-06 03:56:35 9728 ----a-w- C:\Windows\SysWow64\wlanhlp.dll
2012-11-06 03:55:44 22528 ----a-w- C:\Windows\System32\drivers\fxppm.sys
2012-11-06 03:55:09 212992 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-11-06 03:55:02 90624 ----a-w- C:\Windows\System32\drivers\amdk8.sys
2012-11-06 03:55:02 89088 ----a-w- C:\Windows\System32\drivers\intelppm.sys
2012-11-06 03:55:02 88064 ----a-w- C:\Windows\System32\drivers\amdppm.sys
2012-11-06 03:55:02 87552 ----a-w- C:\Windows\System32\drivers\processr.sys
2012-11-06 03:54:09 859136 ----a-w- C:\Windows\System32\drivers\http.sys
2012-11-06 03:53:44 560640 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-11-06 03:52:49 366080 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-11-06 03:51:47 665600 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-03 05:26:59 132096 ----a-w- C:\Windows\System32\sysreset.exe
2012-11-03 05:26:40 34816 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-03 05:26:12 32256 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
.
============= FINISH: 11:03:39.22 ===============

attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume4
Install Date: 11/22/2012 9:06:57 PM
System Uptime: 1/4/2013 11:02:30 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A88TD-V EVO/USB3
Processor: AMD Phenom™ II X4 B55 Processor | AM3 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 68.924 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.058 GiB free.
E: is FIXED (NTFS) - 298 GiB total, 111.87 GiB free.
F: is FIXED (NTFS) - 699 GiB total, 223.278 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: USB Camera-B4.09.24.1
Device ID: USB\VID_1415&PID_2000&MI_00\6&1FEFA288&0&0000
Manufacturer:
Name: USB Camera-B4.09.24.1
PNP Device ID: USB\VID_1415&PID_2000&MI_00\6&1FEFA288&0&0000
Service:
.
==== System Restore Points ===================
.
RP8: 12/14/2012 7:06:18 PM - Windows Update
RP9: 12/21/2012 1:23:55 AM - Windows Update
RP10: 12/24/2012 5:29:50 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP11: 12/27/2012 8:06:14 PM - Installed WinZip 17.0
RP12: 1/2/2013 8:32:29 PM - Installed DirectX
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader XI
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Auslogics Disk Defrag
Auslogics Registry Cleaner
AVG 2013
Batman: Arkham City GOTY
Battlefield 3™
Battlelog Web Plugins
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Company of Heroes
Company of Heroes: Tales of Valor
Counter-Strike
CPUID CPU-Z 1.62
D3DX10
DAEMON Tools Pro
Darksiders
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dual-Core Optimizer
ESET Online Scanner v3
ESN Sonar
Far Cry 3
Google Chrome
Google Contact Sync
Heroes of Newerth
Left 4 Dead 2
MagicTunePremium
Malwarebytes Anti-Malware version 1.70.0.1100
Max Payne 3
Metro 2033
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Hebrew) 2010
Microsoft Office Excel MUI (Hebrew) 2010
Microsoft Office Groove MUI (Hebrew) 2010
Microsoft Office InfoPath MUI (Hebrew) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Hebrew) 2010
Microsoft Office Outlook MUI (Hebrew) 2010
Microsoft Office PowerPoint MUI (Hebrew) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proofing (Hebrew) 2010
Microsoft Office Publisher MUI (Hebrew) 2010
Microsoft Office Shared 64-bit MUI (Hebrew) 2010
Microsoft Office Shared MUI (Hebrew) 2010
Microsoft Office Word MUI (Hebrew) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI Afterburner 2.3.0
MSVCRT
MSVCRT110
MSVCRT110_amd64
Origin
Photo Common
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Red Faction: Armageddon
Rockstar Games Social Club
Saints Row: The Third
Samsung SSD Magician
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.0
SSDlife Pro
Steam
SUPERAntiSpyware
Tropico 4 1.00
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Uplay
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.4
WinAce Archiver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
1/4/2013 11:02:43 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/3/2013 7:13:02 PM, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Cache Hierarchy Error Processor APIC ID: 2 The details view of this entry contains further information.
1/3/2013 7:13:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xfffffa800515e8f8, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\010313-11793-01.dmp. Report Id: 010313-11793-01.
1/3/2013 3:33:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/3/2013 3:33:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
1/3/2013 3:31:09 PM, Error: Service Control Manager [7031] - The Network Connected Devices Auto-Setup service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/3/2013 3:31:09 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/3/2013 3:31:09 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Microsoft Account Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:31:05 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2013 3:26:54 PM, Error: Service Control Manager [7031] - The Network Connected Devices Auto-Setup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:26:54 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:26:54 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2013 3:24:28 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with the following service-specific error: There are no more endpoints available from the endpoint mapper.
.
==== End Of File ===========================

Obviously this seems bad: ""C:\Users\Snooch\AppData\Local\Temp\svchost.exe" -o http://02v403.chickenkiller.com -O v403:v403 -l 1" lol...

When I ran aswMBR it kept crashing, saying "avast! Antirootkit has stopped working", even when I tried running it in compatibility mode (Win7/WinXP), I'm using Windows 8 / 64bit.

What can I do more?

for now I'm just disabling the process with Process Explorer, and deleting it after (and it comes back after restart, ofcourse).

Thanks!

Attached Files


Edited by KirovReporting, 04 January 2013 - 04:22 AM.


#4 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 04:53 AM

Oh, saw somewhere online that if aswMBR crashes I could maybe show you a log from tdsskiller... here it is (even though, suspiciously it didn't find anything wrong):

tdsskiller

edit - bah, says the post is too long.
the logfile is attached...

Thanks again!

Attached Files



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 04 January 2013 - 11:13 AM

Do you have a USB Flash Drive You can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 12:15 PM

Do you have a USB Flash Drive You can use?

Yes!
Sorry, that question totally slipped out of my sight when I read the first reply :)

Thanks for all the help in advance!

Edited by KirovReporting, 04 January 2013 - 12:17 PM.


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 04 January 2013 - 12:28 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 01:24 PM

There you go:

FRST64:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-12-2012
Ran by SYSTEM at 04-01-2013 20:19:17
Running from F:\
Windows 8 Pro (X64) OS Language: English(UK)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6827664 2012-08-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe] C:\ProgramData\Adobe\14FECD5A.vbe [7300 2012-11-11] ()
HKU\Snooch\...\Run: [Google Update] "C:\Users\Snooch\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-22] (Google Inc.)
HKU\Snooch\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
HKU\Snooch\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3108480 2012-10-23] (DT Soft Ltd)
HKU\Snooch\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5629312 2012-11-01] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Startup: C:\Users\All Users\Start Menu\Programs\Startup\GammaTray.exe.lnk
ShortcutTarget: GammaTray.exe.lnk -> C:\Program Files\MagicTune Premium\GammaTray.exe ()

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
3 AllUserInstallAgent; C:\Windows\System32\AUInstallAgent.dll [122368 2012-07-26] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [169472 2012-11-06] (Microsoft Corporation)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [179712 2012-09-20] (Microsoft Corporation)
2 DeviceAssociationService; C:\Windows\System32\das.dll [342016 2012-07-26] (Microsoft Corporation)
3 DeviceInstall; C:\Windows\System32\umpnpmgr.dll [107008 2012-09-20] (Microsoft Corporation)
3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [207872 2012-07-26] (Microsoft Corporation)
3 EFS; C:\Windows\System32\efssvc.dll [37376 2012-07-26] (Microsoft Corporation)
3 fhsvc; C:\Windows\System32\fhsvc.dll [116736 2012-09-20] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\keyiso.dll [59904 2012-07-26] (Microsoft Corporation)
3 KeyIso; C:\Windows\SysWow64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
2 LSM; C:\Windows\System32\lsm.dll [438272 2012-07-26] (Microsoft Corporation)
3 NcaSvc; C:\Windows\System32\ncasvc.dll [161792 2012-07-26] (Microsoft Corporation)
3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [73728 2012-07-26] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\netlogon.dll [743936 2012-07-26] (Microsoft Corporation)
3 Netlogon; C:\Windows\SysWow64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofmsvc.dll [463872 2012-07-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-01-03] ()
3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2675712 2012-11-06] (Microsoft Corporation)
3 StorSvc; C:\Windows\SysWow64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
3 svsvc; C:\Windows\System32\svsvc.dll [12800 2012-07-26] (Microsoft Corporation)
3 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [178176 2012-09-20] (Microsoft Corporation)
3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [169984 2012-09-20] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\vaultsvc.dll [283648 2012-07-26] (Microsoft Corporation)
3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicrdv; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicshutdown; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmictimesync; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
3 vmicvss; C:\Windows\System32\ICSvc.dll [336384 2012-07-26] (Microsoft Corporation)
2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [263680 2012-07-26] (Microsoft Corporation)
3 WiaRpc; C:\Windows\System32\wiarpc.dll [65536 2012-07-26] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\SysWow64\winhttp.dll [516608 2012-11-06] (Microsoft Corporation)
3 wlidsvc; C:\Windows\System32\wlidsvc.dll [1968128 2012-07-26] (Microsoft Corporation)
3 WSService; C:\Windows\System32\WSService.dll [2367528 2012-09-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

0 3ware; C:\Windows\System32\Drivers\3ware.sys [106736 2012-07-26] (LSI)
0 acpiex; C:\Windows\System32\Drivers\acpiex.sys [77040 2012-07-26] (Microsoft Corporation)
3 acpipagr; C:\Windows\System32\Drivers\acpipagr.sys [10240 2012-07-26] (Microsoft Corporation)
3 acpitime; C:\Windows\System32\Drivers\acpitime.sys [10752 2012-07-26] (Microsoft Corporation)
0 arc; C:\Windows\System32\Drivers\arc.sys [104688 2012-07-26] (PMC-Sierra, Inc.)
0 arcsas; C:\Windows\System32\Drivers\arcsas.sys [108272 2012-07-26] (PMC-Sierra, Inc.)
1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
0 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [208736 2012-11-01] (AVG Technologies CZ, s.r.o.)
1 BasicDisplay; C:\Windows\System32\Drivers\BasicDisplay.sys [48640 2012-07-26] (Microsoft Corporation)
1 BasicRender; C:\Windows\System32\Drivers\BasicRender.sys [29696 2012-07-26] (Microsoft Corporation)
3 BthAvrcpTg; C:\Windows\System32\Drivers\BthAvrcpTg.sys [31104 2012-09-20] (Microsoft Corporation)
3 BthHFEnum; C:\Windows\System32\Drivers\BthHFEnum.sys [51200 2012-07-26] (Microsoft Corporation)
3 bthhfhid; C:\Windows\System32\Drivers\bthhfhid.sys [29952 2012-09-20] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\Drivers\CLFS.sys [361200 2012-07-26] (Microsoft Corporation)
3 condrv; C:\Windows\System32\Drivers\condrv.sys [33792 2012-07-26] (Microsoft Corporation)
1 dam; C:\Windows\System32\Drivers\dam.sys [58088 2012-10-11] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-11-28] (DT Soft Ltd)
0 EhStorClass; C:\Windows\System32\Drivers\EhStorClass.sys [81136 2012-07-26] (Microsoft Corporation)
0 EhStorTcgDrv; C:\Windows\System32\Drivers\EhStorTcgDrv.sys [113904 2012-07-26] (Microsoft Corporation)
3 FxPPM; C:\Windows\System32\Drivers\FxPPM.sys [22528 2012-11-06] (Microsoft Corporation)
3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [12288 2012-07-26] (Microsoft Corporation)
3 GPIOClx0101; C:\Windows\System32\Drivers\msgpioclx.sys [120040 2012-09-20] (Microsoft Corporation)
3 hidi2c; C:\Windows\System32\Drivers\hidi2c.sys [39936 2012-11-20] (Microsoft Corporation)
3 hyperkbd; C:\Windows\System32\Drivers\hyperkbd.sys [11776 2012-07-26] (Microsoft Corporation)
3 HyperVideo; C:\Windows\System32\Drivers\HyperVideo.sys [24576 2012-07-26] (Microsoft Corporation)
3 kdnic; C:\Windows\System32\Drivers\kdnic.sys [18432 2012-07-26] (Microsoft Corporation)
0 LSI_SSS; C:\Windows\System32\Drivers\LSI_SSS.sys [81136 2012-07-26] (LSI Corporation)
1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. )
3 MsBridge; C:\Windows\system32\DRIVERS\bridge.sys [129536 2012-07-26] (Microsoft Corporation)
3 msgpiowin32; C:\Windows\System32\Drivers\msgpiowin32.sys [28392 2012-09-20] (Microsoft Corporation)
3 mshidumdf; C:\Windows\System32\Drivers\mshidumdf.sys [10752 2012-07-26] (Microsoft Corporation)
3 MsLldp; C:\Windows\System32\Drivers\MsLldp.sys [68608 2012-07-26] (Microsoft Corporation)
3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
0 mvumis; C:\Windows\System32\Drivers\mvumis.sys [64240 2012-07-26] (Marvell Semiconductor, Inc.)
3 NdisImPlatform; C:\Windows\System32\Drivers\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
3 NDISWANLEGACY; C:\Windows\system32\DRIVERS\ndiswan.sys [174080 2012-07-26] (Microsoft Corporation)
2 Ndu; C:\Windows\System32\Drivers\Ndu.sys [97792 2012-07-26] (Microsoft Corporation)
1 npsvctrig; C:\Windows\System32\Drivers\npsvctrig.sys [23552 2012-07-26] (Microsoft Corporation)
0 pdc; C:\Windows\System32\Drivers\pdc.sys [69864 2012-11-06] (Microsoft Corporation)
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2012-11-19] ()
3 RTL8168; C:\Windows\system32\DRIVERS\Rt630x64.sys [683664 2012-06-13] (Realtek )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 sdstor; C:\Windows\System32\Drivers\sdstor.sys [56552 2012-10-11] (Microsoft Corporation)
3 SerCx; C:\Windows\System32\Drivers\SerCx.sys [62976 2012-07-26] (Microsoft Corporation)
0 spaceport; C:\Windows\System32\Drivers\spaceport.sys [283888 2012-07-26] (Microsoft Corporation)
3 SpbCx; C:\Windows\System32\Drivers\SpbCx.sys [59392 2012-07-26] (Microsoft Corporation)
0 storahci; C:\Windows\System32\Drivers\storahci.sys [77552 2012-07-26] (Microsoft Corporation)
3 storvsp; C:\Windows\System32\Drivers\storvsp.sys [67584 2012-07-26] (Microsoft Corporation)
3 UASPStor; C:\Windows\System32\Drivers\UASPStor.sys [97008 2012-07-26] (Microsoft Corporation)
3 UCX01000; C:\Windows\System32\Drivers\UCX01000.sys [212200 2012-09-20] (Microsoft Corporation)
3 USBHUB3; C:\Windows\System32\Drivers\USBHUB3.sys [445160 2012-11-06] (Microsoft Corporation)
3 USBXHCI; C:\Windows\System32\Drivers\USBXHCI.sys [337128 2012-09-20] (Microsoft Corporation)
3 VerifierExt; C:\Windows\System32\Drivers\VerifierExt.sys [106224 2012-07-26] (Microsoft Corporation)
3 Vid; C:\Windows\System32\Drivers\Vid.sys [203776 2012-07-26] (Microsoft Corporation)
3 vmbusr; C:\Windows\System32\Drivers\vmbusr.sys [117248 2012-07-26] (Microsoft Corporation)
3 vpci; C:\Windows\System32\Drivers\vpci.sys [67824 2012-07-26] (Microsoft Corporation)
3 vpcivsp; C:\Windows\System32\Drivers\vpcivsp.sys [66048 2012-07-26] (Microsoft Corporation)
0 VSTXRAID; C:\Windows\System32\Drivers\VSTXRAID.sys [322800 2012-07-26] (VIA Corporation)
3 WdBoot; C:\Windows\System32\Drivers\WdBoot.sys [34216 2012-07-26] (Microsoft Corporation)
3 WdFilter; C:\Windows\System32\Drivers\WdFilter.sys [258288 2012-07-26] (Microsoft Corporation)
0 WFPLWFS; C:\Windows\System32\Drivers\WFPLWFS.sys [96488 2012-11-06] (Microsoft Corporation)
3 wpcfltr; C:\Windows\System32\Drivers\wpcfltr.sys [45056 2012-07-26] (Microsoft Corporation)
3 WpdUpFltr; C:\Windows\System32\Drivers\WpdUpFltr.sys [19968 2012-07-26] (Microsoft Corporation)
3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-01-04 20:19 - 2013-01-04 20:19 - 00000000 ____D C:\FRST
2013-01-04 18:07 - 2013-01-04 18:07 - 01464235 ____A (Farbar) C:\Users\Snooch\Desktop\FRST64.exe
2013-01-04 09:24 - 2013-01-04 09:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Snooch\Desktop\tdsskiller.exe
2013-01-04 09:24 - 2013-01-04 09:24 - 00000000 ____D C:\Users\Snooch\Desktop\Offensive wallpapers
2013-01-04 09:03 - 2013-01-04 09:03 - 00018795 ____A C:\Users\Snooch\Desktop\dds.txt
2013-01-04 09:03 - 2013-01-04 09:03 - 00013403 ____A C:\Users\Snooch\Desktop\attach.txt
2013-01-04 09:00 - 2013-01-04 09:01 - 04732416 ____A (AVAST Software) C:\Users\Snooch\Desktop\aswMBR.exe
2013-01-04 08:58 - 2013-01-04 08:59 - 00688992 ____R (Swearware) C:\Users\Snooch\Desktop\dds.scr
2013-01-03 17:13 - 2013-01-03 17:13 - 00000000 ____D C:\Windows\Minidump
2013-01-03 17:12 - 2013-01-03 17:12 - 00262144 ____N C:\Windows\Minidump\010313-11793-01.dmp
2013-01-03 14:50 - 2013-01-03 14:50 - 00000336 ____A C:\Windows\PFRO.log
2013-01-03 14:46 - 2013-01-03 14:54 - 00000000 ____D C:\Users\Snooch\Desktop\mbar
2013-01-03 14:41 - 2013-01-03 14:41 - 00001441 ____A C:\scu.dat
2013-01-03 14:27 - 2013-01-03 14:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Malwarebytes
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 13:38 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-01-03 13:28 - 2013-01-03 13:36 - 00000000 ____D C:\Users\Snooch\Desktop\New folder
2013-01-03 10:05 - 2013-01-03 10:05 - 00000000 ____D C:\Users\Snooch\AppData\Local\My Games
2013-01-03 10:03 - 2013-01-03 10:03 - 00000000 ____D C:\Users\All Users\Orbit
2013-01-03 09:59 - 2013-01-03 09:59 - 00000000 ____D C:\Users\Snooch\AppData\Local\Ubisoft Game Launcher
2013-01-03 09:57 - 2013-01-03 09:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-01-02 18:36 - 2013-01-02 18:43 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Tropico 4
2013-01-02 18:36 - 2013-01-02 18:36 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Kalypso Media
2012-12-30 11:16 - 2012-12-30 11:16 - 00385040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Users\Snooch\AppData\Local\WinZip
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Users\All Users\WinZip
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Program Files\WinZip
2012-12-27 18:00 - 2012-12-27 18:00 - 00000000 ____D C:\Users\Snooch\AppData\Local\FalloutNV
2012-12-25 08:37 - 2012-12-25 08:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-12-24 15:29 - 2012-12-24 15:50 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-12-20 22:13 - 2012-12-16 08:28 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-20 22:13 - 2012-12-16 08:20 - 00035328 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-20 22:13 - 2012-12-16 08:08 - 00362496 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-20 22:13 - 2012-12-16 07:57 - 00300032 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Users\Snooch\AppData\Local\Downloaded Installations
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Program Files (x86)\AMD
2012-12-14 21:48 - 2012-12-25 08:33 - 00000000 ____D C:\Users\Snooch\AppData\Local\Deployment
2012-12-14 21:48 - 2012-12-14 21:48 - 00000000 ____D C:\Users\Snooch\AppData\Local\Apps\2.0
2012-12-14 15:56 - 2012-11-20 08:00 - 06971624 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-12-14 15:56 - 2012-11-20 05:24 - 01164800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2012-12-14 15:56 - 2012-11-20 05:24 - 00036352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevDispItemProvider.dll
2012-12-14 15:56 - 2012-11-20 05:17 - 01184256 ____A (Microsoft Corporation) C:\Windows\System32\Display.dll
2012-12-14 15:56 - 2012-11-20 05:17 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\DevDispItemProvider.dll
2012-12-14 15:56 - 2012-11-20 05:02 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDKURD.DLL
2012-12-14 15:56 - 2012-11-20 04:59 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDKURD.DLL
2012-12-14 15:56 - 2012-11-20 04:56 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2012-12-14 15:56 - 2012-11-20 04:56 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-12-14 15:56 - 2012-11-20 04:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidi2c.sys
2012-12-14 15:56 - 2012-11-13 04:20 - 01120768 ____A (Microsoft Corporation) C:\Windows\System32\msctf.dll
2012-12-14 15:56 - 2012-11-13 04:19 - 01131520 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2012-12-14 15:56 - 2012-11-13 04:19 - 00890880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2012-12-14 15:56 - 2012-11-13 04:19 - 00707584 ____A (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2012-12-14 15:56 - 2012-11-08 04:25 - 00523776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2012-12-14 15:56 - 2012-11-08 04:25 - 00143872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2012-12-14 15:56 - 2012-11-08 04:25 - 00124928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2012-12-14 15:56 - 2012-11-08 04:22 - 00641536 ____A (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2012-12-14 15:56 - 2012-11-08 04:22 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2012-12-14 15:56 - 2012-11-08 04:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2012-12-14 15:56 - 2012-11-06 07:52 - 00445160 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2012-12-14 15:56 - 2012-11-06 07:52 - 00277736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2012-12-14 15:56 - 2012-11-06 07:36 - 00096488 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2012-12-14 15:56 - 2012-11-06 07:36 - 00069864 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2012-12-14 15:56 - 2012-11-06 07:35 - 00194280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2012-12-14 15:56 - 2012-11-06 07:35 - 00124648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys
2012-12-14 15:56 - 2012-11-06 07:33 - 01566432 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
2012-12-14 15:56 - 2012-11-06 07:33 - 00522640 ____A (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2012-12-14 15:56 - 2012-11-06 07:33 - 00490064 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2012-12-14 15:56 - 2012-11-06 07:33 - 00447792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2012-12-14 15:56 - 2012-11-06 07:33 - 00253512 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2012-12-14 15:56 - 2012-11-06 07:16 - 00058288 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-12-14 15:56 - 2012-11-06 05:00 - 00463768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2012-12-14 15:56 - 2012-11-06 05:00 - 00427568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2012-12-14 15:56 - 2012-11-06 05:00 - 00324344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2012-12-14 15:56 - 2012-11-06 04:48 - 01150160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 17560576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 08856576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 03342848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 01619968 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00883712 ____A (Microsoft Corporation) C:\Windows\HelpPane.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00767488 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00621056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00516608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00386560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00375296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00314880 ____A (Microsoft Corporation) C:\Windows\System32\rdpclip.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00251904 ____A (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00246784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00195072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00141824 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00125952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00093696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00083968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00077824 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00072192 ____A (Microsoft Corporation) C:\Windows\System32\taskhostex.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00034304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-12-14 15:56 - 2012-11-06 04:20 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00018432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-12-14 15:56 - 2012-11-06 04:20 - 00017408 ____A (Microsoft Corporation) C:\Windows\System32\wuaext.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 19789824 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 10096640 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 08552448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 05087744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 01451520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 01386496 ____A (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00888832 ____A (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00710656 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00702464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00470016 ____A (Microsoft Corporation) C:\Windows\System32\wlanmsm.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00466944 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00446464 ____A (Microsoft Corporation) C:\Windows\System32\wlansec.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00318464 ____A (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00291328 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\wlanapi.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00245248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2012-12-14 15:56 - 2012-11-06 04:19 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\WcnApi.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00126464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00044544 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\wfdprov.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00027136 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapPeerProxy.dll
2012-12-14 15:56 - 2012-11-06 04:19 - 00026624 ____A (Microsoft Corporation) C:\Windows\System32\WcnEapAuthProxy.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 11459584 ____A (Microsoft Corporation) C:\Windows\System32\glcndFilter.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 05973504 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 02033664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 01526784 ____A (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 01071104 ____A (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2012-12-14 15:56 - 2012-11-06 04:18 - 01037312 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00976384 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00753664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00703488 ____A (Microsoft Corporation) C:\Windows\System32\drvstore.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00549376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvstore.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00501760 ____A (Microsoft Corporation) C:\Windows\System32\DevicePairing.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00449536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00378880 ____A (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2012-12-14 15:56 - 2012-11-06 04:18 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00267264 ____A (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00189440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2012-12-14 15:56 - 2012-11-06 04:18 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00102400 ____A (Microsoft Corporation) C:\Windows\System32\fdWCN.dll
2012-12-14 15:56 - 2012-11-06 04:18 - 00084992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 02302464 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 02146816 ____A (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 00785920 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 00718848 ____A (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2012-12-14 15:56 - 2012-11-06 04:17 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2012-12-14 15:56 - 2012-11-06 04:17 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2012-12-14 15:56 - 2012-11-06 04:17 - 00110080 ____A (Microsoft Corporation) C:\Windows\System32\dafWCN.dll
2012-12-14 15:56 - 2012-11-06 04:00 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\wushareduxresources.dll
2012-12-14 15:56 - 2012-11-06 04:00 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\iscsilog.dll
2012-12-14 15:56 - 2012-11-06 03:58 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\wlanhlp.dll
2012-12-14 15:56 - 2012-11-06 03:56 - 00009728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2012-12-14 15:56 - 2012-11-06 03:55 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-12-14 15:56 - 2012-11-06 03:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2012-12-14 15:56 - 2012-11-06 03:55 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2012-12-14 15:56 - 2012-11-06 03:55 - 00088064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2012-12-14 15:56 - 2012-11-06 03:55 - 00087552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2012-12-14 15:56 - 2012-11-06 03:55 - 00022528 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fxppm.sys
2012-12-14 15:56 - 2012-11-06 03:54 - 00859136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2012-12-14 15:56 - 2012-11-06 03:53 - 00560640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-12-14 15:56 - 2012-11-06 03:52 - 00366080 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-12-14 15:56 - 2012-11-06 03:51 - 00665600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-14 15:56 - 2012-11-03 00:05 - 00385604 ____A C:\Windows\System32\ApnDatabase.xml
2012-12-13 18:20 - 2013-01-04 18:15 - 01087860 ____A C:\Windows\WindowsUpdate.log
2012-12-13 17:03 - 2012-11-28 13:58 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-13 17:02 - 2012-11-10 04:23 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2012-12-13 17:02 - 2012-11-10 04:23 - 00132608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2012-12-13 17:02 - 2012-11-10 04:22 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\tssdisai.dll
2012-12-13 17:02 - 2012-11-10 04:22 - 00126976 ____A (Microsoft Corporation) C:\Windows\System32\RDWebAI.dll
2012-12-13 17:02 - 2012-11-10 04:22 - 00122880 ____A (Microsoft Corporation) C:\Windows\System32\VmHostAI.dll
2012-12-13 17:02 - 2012-11-10 04:20 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\appserverai.dll
2012-12-13 17:02 - 2012-11-09 04:49 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 17:02 - 2012-11-09 04:03 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 17:02 - 2012-11-08 04:24 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-12-13 17:02 - 2012-11-08 04:24 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2012-12-13 17:02 - 2012-11-08 04:20 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-12-13 17:02 - 2012-11-08 04:20 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2012-12-13 17:02 - 2012-11-08 04:02 - 00003072 ____A (Microsoft Corporation) C:\Windows\System32\lpk.dll
2012-12-13 17:02 - 2012-11-08 04:01 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2012-12-13 17:02 - 2012-11-08 03:59 - 04056576 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 17:02 - 2012-11-03 05:26 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\sysreset.exe
2012-12-13 17:02 - 2012-11-03 05:25 - 01009664 ____A (Microsoft Corporation) C:\Windows\System32\reseteng.dll
2012-12-13 17:02 - 2012-11-03 05:25 - 00945152 ____A (Microsoft Corporation) C:\Windows\System32\resetengmig.dll
2012-12-13 17:02 - 2012-11-03 05:25 - 00443392 ____A (Microsoft Corporation) C:\Windows\System32\ReAgent.dll
2012-12-13 17:02 - 2012-11-03 05:25 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2012-12-13 17:01 - 2012-11-28 04:21 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2012-12-13 17:01 - 2012-11-28 04:20 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2012-12-13 17:01 - 2012-11-15 06:26 - 19439616 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 17:01 - 2012-11-15 06:26 - 14324224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 17:01 - 2012-11-15 06:08 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 17:01 - 2012-11-15 06:06 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 17:01 - 2012-11-08 04:25 - 01775104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 17:01 - 2012-11-08 04:25 - 01138688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 13740032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 02881536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 01684992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 17:01 - 2012-11-08 04:24 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-12-13 17:01 - 2012-11-08 04:22 - 02246656 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 17:01 - 2012-11-08 04:22 - 01352704 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 17:01 - 2012-11-08 04:22 - 00907776 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2012-12-13 17:01 - 2012-11-08 04:22 - 00050688 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-12-13 17:01 - 2012-11-08 04:21 - 03966464 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 17:01 - 2012-11-08 04:21 - 00854528 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 17:01 - 2012-11-08 04:21 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 17:01 - 2012-11-08 04:21 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 17:01 - 2012-11-08 04:20 - 15416832 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 17:01 - 2012-11-08 04:20 - 02162176 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 17:01 - 2012-11-08 04:20 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-12-13 17:01 - 2012-11-08 04:20 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-12-13 17:01 - 2012-11-08 04:20 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-12-13 17:01 - 2012-11-08 01:56 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2012-12-13 17:01 - 2012-11-03 05:26 - 00034816 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2012-12-13 17:01 - 2012-11-03 05:26 - 00032256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2012-12-13 17:01 - 2012-11-03 05:24 - 00463872 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00375808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\dpnathlp.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00058880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhupnp.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\dpnhpast.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2012-12-13 17:01 - 2012-11-03 05:24 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2012-12-13 17:01 - 2012-11-03 05:04 - 00004096 ____A (Microsoft Corporation) C:\Windows\System32\dpnlobby.dll
2012-12-13 17:01 - 2012-11-03 05:04 - 00003584 ____A (Microsoft Corporation) C:\Windows\System32\dpnaddr.dll
2012-12-13 17:01 - 2012-11-03 05:00 - 00003072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2012-12-13 17:01 - 2012-11-03 05:00 - 00002560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2012-12-09 15:30 - 2012-12-09 15:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-12-09 15:30 - 2012-12-09 15:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software

==================== One Month Modified Files and Folders =======

2013-01-04 20:19 - 2013-01-04 20:19 - 00000000 ____D C:\FRST
2013-01-04 18:16 - 2012-07-26 07:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-04 18:15 - 2012-12-13 18:20 - 01087860 ____A C:\Windows\WindowsUpdate.log
2013-01-04 18:07 - 2013-01-04 18:07 - 01464235 ____A (Farbar) C:\Users\Snooch\Desktop\FRST64.exe
2013-01-04 18:05 - 2012-11-24 23:59 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Skype
2013-01-04 18:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\sru
2013-01-04 17:23 - 2012-11-22 19:18 - 00000958 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157641856-1247415985-3996898223-1001UA.job
2013-01-04 15:57 - 2012-11-23 11:08 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-01-04 15:57 - 2012-11-23 04:15 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-01-04 15:31 - 2012-11-25 00:26 - 00000000 ____D C:\Users\All Users\MFAData
2013-01-04 09:47 - 2012-11-22 23:47 - 00007606 ____A C:\Users\Snooch\AppData\Local\Resmon.ResmonCfg
2013-01-04 09:34 - 2012-07-26 07:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-04 09:24 - 2013-01-04 09:24 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Snooch\Desktop\tdsskiller.exe
2013-01-04 09:24 - 2013-01-04 09:24 - 00000000 ____D C:\Users\Snooch\Desktop\Offensive wallpapers
2013-01-04 09:14 - 2012-11-24 14:45 - 00574976 __ASH C:\Users\Snooch\Desktop\Thumbs.db
2013-01-04 09:03 - 2013-01-04 09:03 - 00018795 ____A C:\Users\Snooch\Desktop\dds.txt
2013-01-04 09:03 - 2013-01-04 09:03 - 00013403 ____A C:\Users\Snooch\Desktop\attach.txt
2013-01-04 09:01 - 2013-01-04 09:00 - 04732416 ____A (AVAST Software) C:\Users\Snooch\Desktop\aswMBR.exe
2013-01-04 08:59 - 2013-01-04 08:58 - 00688992 ____R (Swearware) C:\Users\Snooch\Desktop\dds.scr
2013-01-04 08:56 - 2012-11-24 14:55 - 00000000 ____D C:\Users\Snooch\AppData\Local\Windows Live
2013-01-03 19:23 - 2012-11-22 19:18 - 00000906 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3157641856-1247415985-3996898223-1001Core.job
2013-01-03 18:55 - 2012-11-23 04:15 - 00281688 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-01-03 17:14 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\NDF
2013-01-03 17:13 - 2013-01-03 17:13 - 00000000 ____D C:\Windows\Minidump
2013-01-03 17:12 - 2013-01-03 17:12 - 00262144 ____N C:\Windows\Minidump\010313-11793-01.dmp
2013-01-03 14:54 - 2013-01-03 14:46 - 00000000 ____D C:\Users\Snooch\Desktop\mbar
2013-01-03 14:50 - 2013-01-03 14:50 - 00000336 ____A C:\Windows\PFRO.log
2013-01-03 14:41 - 2013-01-03 14:41 - 00001441 ____A C:\scu.dat
2013-01-03 14:27 - 2013-01-03 14:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-01-03 14:07 - 2012-11-22 19:06 - 00000000 ____D C:\users\Snooch
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\SUPERAntiSpyware.com
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2013-01-03 13:48 - 2013-01-03 13:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-01-03 13:48 - 2012-11-22 19:35 - 00000000 ____D C:\Users\Snooch\Desktop\Stuff
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Malwarebytes
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Users\All Users\Malwarebytes
2013-01-03 13:38 - 2013-01-03 13:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-03 13:36 - 2013-01-03 13:28 - 00000000 ____D C:\Users\Snooch\Desktop\New folder
2013-01-03 13:34 - 2012-11-28 14:59 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\DAEMON Tools Pro
2013-01-03 13:34 - 2012-11-24 18:51 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\uTorrent
2013-01-03 13:23 - 2012-11-22 19:35 - 00000000 ____D C:\Users\Snooch\Desktop\Games
2013-01-03 13:20 - 2012-11-22 19:07 - 00000000 ____D C:\Users\Snooch\AppData\Local\VirtualStore
2013-01-03 13:10 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-01-03 13:06 - 2012-11-22 23:07 - 00000000 ___HD C:\Users\All Users\Adobe
2013-01-03 10:05 - 2013-01-03 10:05 - 00000000 ____D C:\Users\Snooch\AppData\Local\My Games
2013-01-03 10:03 - 2013-01-03 10:03 - 00000000 ____D C:\Users\All Users\Orbit
2013-01-03 10:03 - 2012-11-23 11:08 - 00000000 ____D C:\Users\Snooch\AppData\Local\PunkBuster
2013-01-03 09:59 - 2013-01-03 09:59 - 00000000 ____D C:\Users\Snooch\AppData\Local\Ubisoft Game Launcher
2013-01-03 09:57 - 2013-01-03 09:57 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-01-03 09:57 - 2012-11-23 04:15 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-03 09:50 - 2012-11-22 19:43 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-02 18:43 - 2013-01-02 18:36 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Tropico 4
2013-01-02 18:36 - 2013-01-02 18:36 - 00000000 ____D C:\Users\Snooch\AppData\Roaming\Kalypso Media
2013-01-02 12:29 - 2012-07-26 05:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2012-12-30 11:16 - 2012-12-30 11:16 - 00385040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-30 02:29 - 2012-11-22 19:38 - 00000000 ____D C:\Program Files (x86)\Auslogics
2012-12-30 02:28 - 2012-11-22 19:36 - 00000000 ____D C:\Program Files\CCleaner
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Users\Snooch\AppData\Local\WinZip
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Users\All Users\WinZip
2012-12-27 18:06 - 2012-12-27 18:06 - 00000000 ____D C:\Program Files\WinZip
2012-12-27 18:00 - 2012-12-27 18:00 - 00000000 ____D C:\Users\Snooch\AppData\Local\FalloutNV
2012-12-25 08:37 - 2012-12-25 08:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2012-12-25 08:33 - 2012-12-14 21:48 - 00000000 ____D C:\Users\Snooch\AppData\Local\Deployment
2012-12-24 15:50 - 2012-12-24 15:29 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2012-12-18 10:29 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\AUInstallAgent
2012-12-16 19:50 - 2012-11-22 21:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2012-12-16 08:28 - 2012-12-20 22:13 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 08:20 - 2012-12-20 22:13 - 00035328 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-16 08:08 - 2012-12-20 22:13 - 00362496 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 07:57 - 2012-12-20 22:13 - 00300032 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 03:00 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\rescache
2012-12-16 02:18 - 2012-07-26 08:12 - 00000000 ___RD C:\Windows\ToastData
2012-12-16 02:18 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\WinStore
2012-12-16 02:18 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2012-12-16 02:18 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\System32\en-GB
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Users\Snooch\AppData\Local\Downloaded Installations
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-15 00:01 - 2012-12-15 00:01 - 00000000 ____D C:\Program Files (x86)\AMD
2012-12-14 21:48 - 2012-12-14 21:48 - 00000000 ____D C:\Users\Snooch\AppData\Local\Apps\2.0
2012-12-14 14:49 - 2013-01-03 13:38 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-13 17:25 - 2012-11-22 19:18 - 00002491 ____A C:\Users\Snooch\Desktop\Google Chrome.lnk
2012-12-13 17:12 - 2012-11-22 22:36 - 00001769 ____A C:\Windows\Language_trs.ini
2012-12-13 17:04 - 2012-11-22 23:43 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-09 15:30 - 2012-12-09 15:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-12-09 15:30 - 2012-12-09 15:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-12-06 17:48 - 2012-07-26 08:12 - 00000000 ____D C:\Windows\LiveKernelReports

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2012-11-22 19:28] - [2012-10-11 05:46] - 0517120 ____A (Microsoft Corporation) BCF2036A0DD579E47C008C133550283E

C:\Windows\System32\wininit.exe
[2012-07-26 00:03] - [2012-07-26 03:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3

C:\Windows\explorer.exe
[2012-11-22 19:28] - [2012-10-11 07:35] - 2380944 ____A (Microsoft Corporation) E13A31D5254C25406A7946BDD9B06364

C:\Windows\SysWOW64\explorer.exe
[2012-11-22 19:28] - [2012-10-11 05:56] - 2115952 ____A (Microsoft Corporation) 953ADECFF08202A01EFC6110214FDE02

C:\Windows\System32\svchost.exe
[2012-11-22 19:29] - [2012-09-20 06:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0

C:\Windows\SysWOW64\svchost.exe
[2012-11-22 19:29] - [2012-09-20 05:55] - 0023040 ____A (Microsoft Corporation) A46DC432F81473F526E3994AA483E366

C:\Windows\System32\services.exe
[2012-11-22 19:29] - [2012-09-20 06:33] - 0410624 ____A (Microsoft Corporation) 8F226143046435C75C033B0C52E90FFE

C:\Windows\System32\User32.dll
[2012-11-22 19:29] - [2012-09-20 06:33] - 1342464 ____A (Microsoft Corporation) A99AD14F26BDA7D7F27F76BC91B7EED7

C:\Windows\SysWOW64\User32.dll
[2012-11-22 19:29] - [2012-09-20 04:10] - 1126912 ____A (Microsoft Corporation) BA1C3ACD929A71E88B49C2B6E38F92B3

C:\Windows\System32\userinit.exe
[2012-07-26 00:06] - [2012-07-26 03:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247

C:\Windows\SysWOW64\userinit.exe
[2012-07-26 00:08] - [2012-07-26 03:21] - 0021504 ____A (Microsoft Corporation) 9F6289D194A04A09671FEED4B6CB6EF7

C:\Windows\System32\Drivers\volsnap.sys
[2012-07-26 02:30] - [2012-07-26 04:57] - 0332016 ____A (Microsoft Corporation) 2FB3CDFD5EAF4CD9D4AFAF96877D13AE


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-14 17:06:24
Restore point made on: 2012-12-20 23:23:59
Restore point made on: 2012-12-24 15:29:53
Restore point made on: 2012-12-27 18:06:17
Restore point made on: 2013-01-02 18:32:33

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4095.16 MB
Available physical RAM: 3436.36 MB
Total Pagefile: 4095.16 MB
Available Pagefile: 3443.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:118.9 GB) (Free:68.61 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (LOLWTF) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
5 Drive g: (Old Windows and bleep) (Fixed) (Total:698.54 GB) (Free:223.29 GB) NTFS
6 Drive i: () (CDROM) (Total:0.95 GB) (Free:0 GB) CDFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (Games and bleep) (Fixed) (Total:298.08 GB) (Free:115.73 GB) NTFS


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 9 MB
Disk 1 Online 698 GB 0 B
Disk 2 Online 119 GB 0 B
Disk 3 Online 7667 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Games and s NTFS Partition 298 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 698 GB 101 MB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G Old Windows NTFS Partition 698 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 350 MB 1024 KB
Partition 2 Primary 118 GB 351 MB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E System Rese NTFS Partition 350 MB Healthy

=========================================================

Disk: 2
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 118 GB Healthy

=========================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F LOLWTF FAT32 Removable 7655 MB Healthy

=========================================================

Last Boot: 2013-01-02 14:16

==================== End Of Log =============================

Weird that it doesn't say anything special about that svchost thingy...

What next? knowing that thing is sitting on my computer is driving me crazy!

Thanks!

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 04 January 2013 - 01:40 PM

Hello,

Windows 8 is realatively new. So alot of the tools and things we use have not yet benn updated to use on Windows8.

1.
Running GMER on 32 and 64 bit Systems

--------------------

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning


2.Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\System32\svchost.exe
C:\Windows\SysWOW64\svchost.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


3.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things to include in your next reply:;
Gmer log
Jotti relusts on those two files
TdssKiller log
How is your machine running now?

Edited by fireman4it, 04 January 2013 - 01:41 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 02:02 PM

GMER:
GMER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-04 20:54:42
Windows 6.2.9200 x64 \Device\Harddisk2\DR2 -> \Device\00000034 SAMSUNG_SSD_830_Series rev.CXM03B1Q 119.24GB
Running: yh5wbhsd.exe; Driver: C:\Users\Snooch\AppData\Local\Temp\pwtoypog.sys


---- System - GMER 2.0 ----

SSDT ZwAcceptConnectPort fffff80280031ee4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheck fffff8027fc58310 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckAndAuditAlarm fffff8028000ba24 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByType fffff8027fc5e398 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckByTypeAndAuditAlarm fffff80280014f88 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByTypeResultList fffff8027fdb2938 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwAccessCheckByTypeResultListAndAuditAlarm fffff802801a7024 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAccessCheckByTypeResultListAndAuditAlarmByHandle fffff802801a6f74 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddAtom fffff802801c43c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddAtomEx fffff8027ffff664 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddBootEntry fffff802801c2e98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAddDriverEntry fffff802801c1ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAdjustGroupsToken fffff8027ffc9080 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAdjustPrivilegesToken fffff80280017028 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAdjustTokenClaimsAndDeviceGroups fffff80280154ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlertResumeThread fffff80280196cd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlertThread fffff802800dab98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlertThreadByThreadId fffff8028002be74 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateLocallyUniqueId fffff80280076ae0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateReserveObject fffff80280195324 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateUserPhysicalPages fffff80280184124 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateUuids fffff8027ff952f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAllocateVirtualMemory fffff80280080050 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcAcceptConnectPort fffff802800071d4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCancelMessage fffff802800b9d54 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcConnectPort fffff8028000cd80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcConnectPortEx fffff802800186a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreatePort fffff8028001a214 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreatePortSection fffff8027ffcbf34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateResourceReserve fffff8027ffa2e20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateSectionView fffff8027ffcc114 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcCreateSecurityContext fffff802800165d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeletePortSection fffff8027ffcb48c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteResourceReserve fffff8028017e59c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteSectionView fffff8028002ce14 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDeleteSecurityContext fffff802800167f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcDisconnectPort fffff8028002cf98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcImpersonateClientOfPort fffff80280009010 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcOpenSenderProcess fffff8027ffff204 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcOpenSenderThread fffff8028002f610 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcQueryInformation fffff8028000cbf8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcQueryInformationMessage fffff8027ffbe7e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcRevokeSecurityContext fffff8028017e6c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcSendWaitReceivePort fffff80280048910 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAlpcSetInformation fffff8028000f4b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwApphelpCacheControl fffff80280081458 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAreMappedFilesTheSame fffff8027ff93d68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAssignProcessToJobObject fffff8028000fa54 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwAssociateWaitCompletionPacket fffff8027fc778cc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCallbackReturn fffff8027fc85af0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCancelIoFile fffff8027ff945c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelIoFileEx fffff8027ffb3620 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelSynchronousIoFile fffff802800aafac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCancelTimer fffff8027fc39950 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCancelWaitCompletionPacket fffff8027fc39e70 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwClearEvent fffff80280057f80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwClose fffff80280055370 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCloseObjectAuditAlarm fffff8028000ada8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCommitComplete fffff8027fd62bc0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCommitEnlistment fffff8027fd62bcc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCommitTransaction fffff8027fc1a550 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCompactKeys fffff8028013ad70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompareTokens fffff802800df55c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompleteConnectPort fffff80280031f90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCompressKey fffff8028013ac70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwConnectPort fffff8028002775c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwContinue fffff8027fc87450 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateDebugObject fffff80280150134 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateDirectoryObject fffff8028007c1b8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateDirectoryObjectEx fffff802800dc530 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateEnlistment fffff8027fc1a55c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateEvent fffff8028006a630 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateEventPair fffff802801c6480 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateFile fffff8028006a530 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateIRTimer fffff8028011bb80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateIoCompletion fffff8028001e3f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateJobObject fffff802800325c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateJobSet fffff80280154ab0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKey fffff80280018678 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKeyTransacted fffff8027ff971cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateKeyedEvent fffff802800f18a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateLowBoxToken fffff802800dba20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateMailslotFile fffff8027ffd1ad0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateMutant fffff8028007d15c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateNamedPipeFile fffff8027ffea380 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePagingFile fffff802801120fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePort fffff802800ac76c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreatePrivateNamespace fffff8027ffbf170 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProcess fffff802801949a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProcessEx fffff8028019491c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProfile fffff802801c58f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateProfileEx fffff802801c59d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateResourceManager fffff8027fc16210 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateSection fffff80280082d60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateSemaphore fffff8028001f8f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateSymbolicLinkObject fffff8027ffd7348 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateThread fffff80280194a10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateThreadEx fffff8028003dc00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTimer fffff8028000ca6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateToken fffff802801a771c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTokenEx fffff8027ffd5e68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateTransaction fffff8027fc1a57c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateTransactionManager fffff8027fc16220 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwCreateUserProcess fffff80280027910 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWaitCompletionPacket fffff80280020220 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWaitablePort fffff8028012c430 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWnfStateName fffff8027ff9f2f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwCreateWorkerFactory fffff8028001e0f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDebugActiveProcess fffff8028014ebdc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDebugContinue fffff8028014e298 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDelayExecution fffff80280051060 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteAtom fffff802800de880 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteBootEntry fffff802801c2cac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteDriverEntry fffff802801c18cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteFile fffff80280159cb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteKey fffff8027ffc9d10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteObjectAuditAlarm fffff80280087390 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeletePrivateNamespace fffff802800df168 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteValueKey fffff8027ffc75f4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteWnfStateData fffff802801187d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeleteWnfStateName fffff8027ffb2b84 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDeviceIoControlFile fffff8028006fd00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDisableLastKnownGood fffff802801dfc44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDisplayString fffff802801bac60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDrawText fffff8027fdce2e4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwDuplicateObject fffff80280013440 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwDuplicateToken fffff8027fff5e4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnableLastKnownGood fffff802801df9d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateBootEntries fffff802801c26e8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateDriverEntries fffff802801c1400 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateKey fffff8027ffe3130 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateSystemEnvironmentValuesEx fffff802801c2eb8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwEnumerateTransactionObject fffff8027fd62bd8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwEnumerateValueKey fffff80280018d00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwExtendSection fffff80280182080 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFilterBootOption fffff802801a7fbc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFilterToken fffff8027ffa02a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFilterTokenEx fffff80280154ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFindAtom fffff8027ffee610 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushBuffersFile fffff8027ffceb1c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushBuffersFileEx fffff8027ffce870 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushInstallUILanguage fffff80280117728 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushInstructionCache fffff80280031f90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushKey fffff8027ffa3600 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushProcessWriteBuffers fffff8027fc38b64 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFlushVirtualMemory fffff8027ff8cc78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFlushWriteBuffer fffff80280185cbc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFreeUserPhysicalPages fffff80280183c80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwFreeVirtualMemory fffff8027fcfb6a0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFreezeRegistry fffff8027fd6d180 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFreezeTransactions fffff8027fd62bf0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwFsControlFile fffff8027ffdcbe8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetCachedSigningLevel fffff802801a1f00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetContextThread fffff8027ffbe430 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetCurrentProcessorNumber fffff8027ffcc6a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetDevicePowerState fffff8028018f8e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetMUIRegistryInfo fffff80280023800 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNextProcess fffff80280129d40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNextThread fffff80280135f68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNlsSectionPtr fffff8027ff8bf10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwGetNotificationResourceManager fffff8027fd62bfc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwGetWriteWatch fffff8027fc33350 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwImpersonateAnonymousToken fffff8028000ee68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwImpersonateClientOfPort fffff8028017db6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwImpersonateThread fffff8028002dc10 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitializeNlsFiles fffff80280028f70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitializeRegistry fffff80280133ff8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwInitiatePowerAction fffff802800c2578 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsProcessInJob fffff802800dc670 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsSystemResumeAutomatic fffff802800c3cd8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwIsUILanguageComitted fffff8027ffec7cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwListenPort fffff80280113c68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadDriver fffff80280128a78 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKey fffff80280117a00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKey2 fffff80280134eac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLoadKeyEx fffff802800b1be8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockFile fffff8027ffcfba8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockProductActivationKeys fffff802800fb680 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockRegistryKey fffff80280103720 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwLockVirtualMemory fffff8027fd39230 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwMakePermanentObject fffff8027ffbca1c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMakeTemporaryObject fffff8027ffd46e4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapCMFModule fffff8028002958c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapUserPhysicalPages fffff80280184fc8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapUserPhysicalPagesScatter fffff80280184870 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwMapViewOfSection fffff80280078540 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwModifyBootEntry fffff802801c2c90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwModifyDriverEntry fffff802801c18b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeDirectoryFile fffff8027ffb4b44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeKey fffff8027ffde588 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeMultipleKeys fffff8027ffddb58 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwNotifyChangeSession fffff80280086e4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenDirectoryObject fffff8028008470c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenEnlistment fffff8027fd62c10 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwOpenEvent fffff8028000ab80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenEventPair fffff802801c63c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenFile fffff80280040194 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenIoCompletion fffff80280159be0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenJobObject fffff802801974b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKey fffff8028004a47c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyEx fffff802800077d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyTransacted fffff8028013cd90 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyTransactedEx fffff8027ff97340 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenKeyedEvent fffff802801c65a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenMutant fffff80280079ce8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenObjectAuditAlarm fffff802800c6290 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenPrivateNamespace fffff8028001c2e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcess fffff80280012d98 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcessToken fffff8027fff1590 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenProcessTokenEx fffff8027fff13b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenResourceManager fffff8027fc164b4 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwOpenSection fffff802800796b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSemaphore fffff8027ff8d4a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSession fffff802800b8bf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenSymbolicLinkObject fffff8028001b2c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThread fffff802800305f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThreadToken fffff80280009c44 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenThreadTokenEx fffff80280009780 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenTimer fffff802801c6060 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwOpenTransaction fffff8027fd62c20 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwOpenTransactionManager fffff8027fd62c2c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPlugPlayControl fffff8027ffc3ac0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPowerInformation fffff8028000fcc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrePrepareComplete fffff8027fd62c40 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPrePrepareEnlistment fffff8027fd62c4c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPrepareComplete fffff8027fd62c60 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPrepareEnlistment fffff8027fd62c6c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPrivilegeCheck fffff80280018acc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrivilegeObjectAuditAlarm fffff802801303f0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPrivilegedServiceAuditAlarm fffff8027ffa072c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPropagationComplete fffff8027fd62c80 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwPropagationFailed fffff8027fd62c8c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwProtectVirtualMemory fffff8028007ce60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwPulseEvent fffff8028007a100 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryAttributesFile fffff80280007da0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryBootEntryOrder fffff802801c2488 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryBootOptions fffff802801c1f6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDebugFilterState fffff8027fd080d0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryDefaultLocale fffff80280026560 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDefaultUILanguage fffff802800ba048 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDirectoryFile fffff80280040830 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDirectoryObject fffff8028007a890 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryDriverEntryOrder fffff802801c1ad8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryEaFile fffff8027ffd8c08 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryEvent fffff8027ffc1654 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryFullAttributesFile fffff8027ffdf8a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationAtom fffff802800de6f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationEnlistment fffff8027fd62ca0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInformationFile fffff8027fff5330 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationJobObject fffff802800dd2c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationPort fffff8028017dab0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationProcess fffff8028003e620 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationResourceManager fffff8027fd62cac \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInformationThread fffff80280034610 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationToken fffff80280001400 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryInformationTransaction fffff8027fd31af0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInformationTransactionManager fffff8027fc164c0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInformationWorkerFactory fffff8027fdcfd44 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryInstallUILanguage fffff8027ffeae80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryIntervalProfile fffff802800a9650 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryIoCompletion fffff80280159a94 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryKey fffff802800049e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryLicenseValue fffff8027ffeaecc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryMultipleValueKey fffff8027ffdc070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryMutant fffff80280135b6c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryObject fffff8027ffdcc50 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryOpenSubKeys fffff8028013b594 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryOpenSubKeysEx fffff8028012e690 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryPerformanceCounter fffff80280081b68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryPortInformationProcess fffff80280195480 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryQuotaInformationFile fffff8028015b4e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySection fffff80280083144 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySecurityAttributesToken fffff80280023094 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySecurityObject fffff8028000de4c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySemaphore fffff802801c4288 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySymbolicLinkObject fffff8028001b050 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemEnvironmentValue fffff802801c384c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemEnvironmentValueEx fffff802801c32c8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemInformation fffff80280081010 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemInformationEx fffff80280023594 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQuerySystemTime fffff8027fc718a8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwQueryTimer fffff802801c5f04 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryTimerResolution fffff8027ff8c300 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryValueKey fffff80280000720 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryVirtualMemory fffff80280007d34 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryVolumeInformationFile fffff80280072070 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryWnfStateData fffff8028001a278 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueryWnfStateNameInformation fffff802800d0e9c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueueApcThread fffff8027ffcc67c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwQueueApcThreadEx fffff8027ffcc514 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRaiseException fffff8027fc87690 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRaiseHardError fffff80280087524 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadFile fffff8027fff6580 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadFileScatter fffff8027ff93f40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadOnlyEnlistment fffff8027fd62cc0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwReadRequestData fffff8028017da2c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReadVirtualMemory fffff8028002b850 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRecoverEnlistment fffff8027fd62ccc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRecoverResourceManager fffff8027fd13c80 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRecoverTransactionManager fffff8027fc164a8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRegisterProtocolAddressInformation fffff8027fd62eb0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRegisterThreadTerminatePort fffff802800ac910 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseKeyedEvent fffff802800dd120 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseMutant fffff80280050f60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseSemaphore fffff8027ffdc790 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReleaseWorkerFactoryWorker fffff8027fcf2d10 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRemoveIoCompletion fffff80280036c60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRemoveIoCompletionEx fffff8027ffd7a7c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRemoveProcessDebug fffff8028014eaf0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRenameKey fffff8028013af88 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRenameTransactionManager fffff8027fd62ebc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwReplaceKey fffff8028013b7d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplacePartitionUnit fffff8027fdd4394 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwReplyPort fffff8028001bf64 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReceivePort fffff8028007a2c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReceivePortEx fffff8028007a35c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwReplyWaitReplyPort fffff8028017d810 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRequestPort fffff8027ffd44c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRequestWaitReplyPort fffff8028001ae7c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResetEvent fffff802800d338c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResetWriteWatch fffff8027fc339f0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRestoreKey fffff8028013c900 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResumeProcess fffff80280196db0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwResumeThread fffff80280038c18 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwRollbackComplete fffff8027fd62ce0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRollbackEnlistment fffff8027fd62cec \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRollbackTransaction fffff8027fd62d00 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwRollforwardTransactionManager fffff8027fd62ed0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSaveKey fffff8028013c510 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSaveKeyEx fffff8028013c080 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSaveMergedKeys fffff8028013bd04 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSecureConnectPort fffff8028000e4a4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSerializeBoot fffff80280110ad0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetBootEntryOrder fffff802801c225c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetBootOptions fffff802801c1d38 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetCachedSigningLevel fffff802800ca0bc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetContextThread fffff8027ff9a81c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDebugFilterState fffff802800f0d80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultHardErrorPort fffff8028011350c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultLocale fffff80280132e80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDefaultUILanguage fffff80280135044 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetDriverEntryOrder fffff802801c11cc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEaFile fffff8028015ad0c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEvent fffff80280057eb0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetEventBoostPriority fffff802801bd398 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetHighEventPair fffff802801c6104 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetHighWaitLowEventPair fffff802801c61e0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetIRTimer fffff8027fd33218 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetInformationDebugObject fffff8028014e0f8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationEnlistment fffff8027fd62d0c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetInformationFile fffff8027fff1f80 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationJobObject fffff8027ffd0454 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationKey fffff802800177d0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationObject fffff8027ffd6fe4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationProcess fffff80280037270 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationResourceManager fffff8027fd62d20 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetInformationThread fffff8027ffefc60 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationToken fffff8027ffd4808 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationTransaction fffff8027fd62d2c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetInformationTransactionManager fffff8027fd62edc \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetInformationVirtualMemory fffff802800e11a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetInformationWorkerFactory fffff8027fc77df0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetIntervalProfile fffff802800a97ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetIoCompletion fffff80280036df8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetIoCompletionEx fffff80280159964 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetLdtEntries fffff8027fda6a10 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetLowEventPair fffff802801c6170 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetLowWaitHighEventPair fffff802801c6250 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetQuotaInformationFile fffff8028015b4d8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSecurityObject fffff8027ffd860c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemEnvironmentValue fffff802801c34ec \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemEnvironmentValueEx fffff802801c309c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemInformation fffff80280020324 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetSystemPowerState fffff8027ff709b0 \SystemRoot\system32\ntoskrnl.exe [PAGELK]
SSDT ZwSetSystemTime fffff802801ba7fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetThreadExecutionState fffff802800b8f24 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetTimer fffff8027fd3b400 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetTimerEx fffff8027fc77530 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSetTimerResolution fffff8027ff8c74c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetUuidSeed fffff80280118d40 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetValueKey fffff8027ffe6fc0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSetVolumeInformationFile fffff8027ff90064 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwShutdownSystem fffff802801bae04 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwShutdownWorkerFactory fffff8027fc2ad88 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSignalAndWaitForSingleObject fffff8027fd1324c \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwSinglePhaseReject fffff8027fd62ef0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwStartProfile fffff802801c5690 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwStopProfile fffff802801c55a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSubscribeWnfStateChange fffff80280019ccc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSuspendProcess fffff80280196e18 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSuspendThread fffff8027ffbe25c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwSystemDebugControl fffff8027ffcb5a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateJobObject fffff8027ffcc9ac \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateProcess fffff8028002ee70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTerminateThread fffff802800365fc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTestAlert fffff8028003aad4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwThawRegistry fffff8027fd6d148 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwThawTransactions fffff8027fd62d40 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwTraceControl fffff8028000af54 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwTraceEvent fffff8027fc5a160 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwTranslateFilePath fffff802801c0ecc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUmsThreadYield fffff80280178c1c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadDriver fffff8028015c120 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKey fffff8027ff99e20 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKey2 fffff8027ff9983c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnloadKeyEx fffff80280092750 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnlockFile fffff8027ffd00c4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnlockVirtualMemory fffff8027fc27940 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwUnmapViewOfSection fffff8028000d3dc \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnmapViewOfSectionEx fffff80280079960 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUnsubscribeWnfStateChange fffff8027ffb4004 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwUpdateWnfStateData fffff8027ffc8110 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwVdmControl fffff80280154ab8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForAlertByThreadId fffff8028002bed4 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForDebugEvent fffff8028014e4a0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForKeyedEvent fffff802800dcf58 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForMultipleObjects fffff80280051700 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForMultipleObjects32 fffff8027ff8d760 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForSingleObject fffff80280050e00 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForWnfNotifications fffff8027ffb38b0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitForWorkViaWorkerFactory fffff8027fcca1b0 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwWaitHighEventPair fffff802801c62c0 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWaitLowEventPair fffff802801c6344 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWorkerFactoryWorkerReady fffff8027fc718a8 \SystemRoot\system32\ntoskrnl.exe [.text]
SSDT ZwWriteFile fffff80280070e70 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteFileGather fffff8027ff9dc68 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteRequestData fffff8028017d9a8 \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwWriteVirtualMemory fffff80280022f2c \SystemRoot\system32\ntoskrnl.exe [PAGE]
SSDT ZwYieldExecution fffff8027fc3768c \SystemRoot\system32\ntoskrnl.exe [.text]

---- User code sections - GMER 2.0 ----

.text C:\Windows\system32\atiesrxx.exe[732] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8684b177a 4 bytes [4B, 68, F8, 07]
.text C:\Windows\system32\atieclxx.exe[1308] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8684b177a 4 bytes [4B, 68, F8, 07]
.text C:\Windows\system32\atieclxx.exe[1308] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007f863701b32 4 bytes [70, 63, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3212] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f859cf1532 4 bytes [CF, 59, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3212] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f859cf165a 4 bytes [CF, 59, F8, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5796] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f863701b32 4 bytes [70, 63, F8, 07]
.text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8684b177a 4 bytes [4B, 68, F8, 07]

---- Trace I/O - GMER 2.0 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys fffff8027fc10000
Trace 1 nt!IofCallDriver -> \Device\Harddisk2\DR2[0xfffffa800517c060] fffffa800517c060
Trace 3 CLASSPNP.SYS[fffff880012fe8aa] -> nt!IofCallDriver -> \Device\00000034[0xfffffa8004f2c060] fffffa8004f2c060

---- Modules - GMER 2.0 ----

Module \SystemRoot\system32\ntoskrnl.exe fffff8027fc10000-fffff80280359000 (7639040 bytes)
Module \SystemRoot\system32\hal.dll fffff80280359000-fffff802803c5000 (442368 bytes)
Module \SystemRoot\system32\kd.dll fffff8027ef7f000-fffff8027ef88000 (36864 bytes)
Module \SystemRoot\system32\mcupdate_AuthenticAMD.dll fffff88000c57000-fffff88000c73000 (114688 bytes)
Module \SystemRoot\System32\drivers\CLFS.SYS fffff88000c73000-fffff88000ccf000 (376832 bytes)
Module \SystemRoot\System32\drivers\tm.sys fffff88000ccf000-fffff88000cf2000 (143360 bytes)
Module \SystemRoot\system32\PSHED.dll fffff88000cf2000-fffff88000d07000 (86016 bytes)
Module \SystemRoot\system32\BOOTVID.dll fffff88000d07000-fffff88000d11000 (40960 bytes)
Module \SystemRoot\system32\CI.dll fffff88000d11000-fffff88000d90000 (520192 bytes)
Module \SystemRoot\System32\drivers\msrpc.sys fffff88000d90000-fffff88000df3000 (405504 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys fffff8800107f000-fffff88001141000 (794624 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS fffff88001141000-fffff88001151000 (65536 bytes)
Module \SystemRoot\System32\Drivers\acpiex.sys fffff88001151000-fffff88001168000 (94208 bytes)
Module \SystemRoot\System32\Drivers\WppRecorder.sys fffff88001168000-fffff88001173000 (45056 bytes)
Module \SystemRoot\System32\drivers\ACPI.sys fffff88001173000-fffff880011e0000 (446464 bytes)
Module \SystemRoot\System32\drivers\WMILIB.SYS fffff880011e0000-fffff880011ea000 (40960 bytes)
Module \SystemRoot\System32\drivers\msisadrv.sys fffff880011ea000-fffff880011f4000 (40960 bytes)
Module \SystemRoot\System32\drivers\pci.sys fffff88001000000-fffff8800103d000 (249856 bytes)
Module \SystemRoot\System32\Drivers\cng.sys fffff88000e55000-fffff88000ee1000 (573440 bytes)
Module \SystemRoot\system32\drivers\tpm.sys fffff88000ee1000-fffff88000f09000 (163840 bytes)
Module \SystemRoot\System32\drivers\vdrvroot.sys fffff88000f12000-fffff88000f1f000 (53248 bytes)
Module \SystemRoot\system32\drivers\pdc.sys fffff88000f1f000-fffff88000f36000 (94208 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys fffff88000f36000-fffff88000f50000 (106496 bytes)
Module \SystemRoot\System32\drivers\spaceport.sys fffff88000f50000-fffff88000f99000 (299008 bytes)
Module \SystemRoot\System32\drivers\volmgr.sys fffff88000f99000-fffff88000fb1000 (98304 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys fffff88000ab5000-fffff88000b15000 (393216 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys fffff88000b15000-fffff88000b2f000 (106496 bytes)
Module \SystemRoot\System32\drivers\storahci.sys fffff88000b2f000-fffff88000b45000 (90112 bytes)
Module \SystemRoot\System32\drivers\storport.sys fffff88000b45000-fffff88000b9a000 (348160 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys fffff88000a00000-fffff88000a60000 (393216 bytes)
Module \SystemRoot\System32\drivers\fileinfo.sys fffff88000a60000-fffff88000a74000 (81920 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys fffff88001640000-fffff88001823000 (1978368 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys fffff88001823000-fffff8800183e000 (110592 bytes)
Module \SystemRoot\System32\drivers\pcw.sys fffff8800183e000-fffff8800184f000 (69632 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.sys fffff8800184f000-fffff88001859000 (40960 bytes)
Module \SystemRoot\system32\drivers\ndis.sys fffff88001859000-fffff88001954000 (1028096 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS fffff88001954000-fffff880019c3000 (454656 bytes)
Module \SystemRoot\System32\Drivers\ksecpkg.sys fffff880019c3000-fffff880019f2000 (192512 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys fffff88001a31000-fffff88001c67000 (2318336 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys fffff88001c67000-fffff88001ccf000 (425984 bytes)
Module \SystemRoot\system32\DRIVERS\wfplwfs.sys fffff88001ccf000-fffff88001cea000 (110592 bytes)
Module \SystemRoot\system32\DRIVERS\avgloga.sys fffff88001cea000-fffff88001d22000 (229376 bytes)
Module \SystemRoot\system32\DRIVERS\avgmfx64.sys fffff88001d22000-fffff88001d41000 (126976 bytes)
Module \SystemRoot\System32\DRIVERS\fvevol.sys fffff88001d41000-fffff88001db7000 (483328 bytes)
Module \SystemRoot\system32\DRIVERS\avgidsha.sys fffff88001db7000-fffff88001dca000 (77824 bytes)
Module \SystemRoot\System32\drivers\volsnap.sys fffff88000e00000-fffff88000e55000 (348160 bytes)
Module \SystemRoot\System32\drivers\rdyboost.sys fffff88001600000-fffff8800163b000 (241664 bytes)
Module \SystemRoot\System32\Drivers\mup.sys fffff88001dca000-fffff88001de1000 (94208 bytes)
Module \SystemRoot\System32\drivers\disk.sys fffff88001a00000-fffff88001a1c000 (114688 bytes)
Module \SystemRoot\System32\drivers\CLASSPNP.SYS fffff880012fc000-fffff88001352000 (352256 bytes)
Module \SystemRoot\system32\DRIVERS\avgrkx64.sys fffff88001352000-fffff8800135e000 (49152 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys fffff8800135e000-fffff88001372000 (81920 bytes)
Module \SystemRoot\System32\drivers\dtsoftbus01.sys fffff880013a9000-fffff880013f2000 (299008 bytes)
Module \SystemRoot\System32\drivers\cdrom.sys fffff88001200000-fffff88001231000 (200704 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS fffff88001231000-fffff8800123a000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS fffff8800123a000-fffff88001242000 (32768 bytes)
Module \SystemRoot\system32\drivers\MTiCtwl.sys fffff88001242000-fffff8800124b000 (36864 bytes)
Module \SystemRoot\System32\drivers\BasicRender.sys fffff8800124b000-fffff88001258000 (53248 bytes)
Module \SystemRoot\System32\drivers\dxgkrnl.sys fffff88009c3c000-fffff88009da3000 (1470464 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys fffff88009da3000-fffff88009db4000 (69632 bytes)
Module \SystemRoot\System32\drivers\dxgmms1.sys fffff88001258000-fffff880012a6000 (319488 bytes)
Module \SystemRoot\System32\drivers\BasicDisplay.sys fffff88009db4000-fffff88009dc5000 (69632 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS fffff88009dc5000-fffff88009dd7000 (73728 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS fffff88009dd7000-fffff88009de3000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\avgwfpa.sys fffff88009c00000-fffff88009c35000 (217088 bytes)
Module \SystemRoot\system32\DRIVERS\tdx.sys fffff880012a6000-fffff880012c8000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS fffff88009de3000-fffff88009df1000 (57344 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys fffff8800a041000-fffff8800a099000 (360448 bytes)
Module \SystemRoot\system32\drivers\afd.sys fffff8800a099000-fffff8800a12b000 (598016 bytes)
Module \SystemRoot\system32\DRIVERS\pacer.sys fffff8800a12b000-fffff8800a155000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys fffff8800a155000-fffff8800a165000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\avgldx64.sys fffff8800a165000-fffff8800a196000 (200704 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys fffff88009efc000-fffff88009f6e000 (466944 bytes)
Module \SystemRoot\system32\drivers\csc.sys fffff88009f6e000-fffff88009fff000 (593920 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys fffff88009e00000-fffff88009e1a000 (106496 bytes)
Module \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS fffff88009e1a000-fffff88009e24000 (40960 bytes)
Module \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS fffff88009e24000-fffff88009e2e000 (40960 bytes)
Module \SystemRoot\system32\drivers\nsiproxy.sys fffff88009e2e000-fffff88009e3c000 (57344 bytes)
Module \SystemRoot\System32\drivers\npsvctrig.sys fffff88009e3c000-fffff88009e48000 (49152 bytes)
Module \SystemRoot\System32\drivers\mssmbios.sys fffff88009e48000-fffff88009e54000 (49152 bytes)
Module \SystemRoot\System32\drivers\discache.sys fffff88009e54000-fffff88009e65000 (69632 bytes)
Module \SystemRoot\System32\Drivers\dfsc.sys fffff88009e65000-fffff88009e86000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\avgidsdrivera.sys fffff88009e98000-fffff88009ecc000 (212992 bytes)
Module \SystemRoot\SysWow64\drivers\AsIO.sys fffff88009ecc000-fffff88009ed2000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys fffff88009ed2000-fffff88009ede000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys fffff8800a196000-fffff8800a1c5000 (192512 bytes)
Module \SystemRoot\system32\DRIVERS\rassstp.sys fffff88009ede000-fffff88009efc000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\AgileVpn.sys fffff8800a1c5000-fffff8800a1dd000 (98304 bytes)
Module \SystemRoot\system32\DRIVERS\tunnel.sys fffff8800a000000-fffff8800a02c000 (180224 bytes)
Module \SystemRoot\System32\drivers\CompositeBus.sys fffff88009e86000-fffff88009e95000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\kdnic.sys fffff8800a02c000-fffff8800a037000 (45056 bytes)
Module \SystemRoot\System32\drivers\umbus.sys fffff8800a1dd000-fffff8800a1ef000 (73728 bytes)
Module \SystemRoot\System32\drivers\amdppm.sys fffff880012c8000-fffff880012e4000 (114688 bytes)
Module \SystemRoot\system32\DRIVERS\atikmpag.sys fffff8800a208000-fffff8800a27e000 (483328 bytes)
Module \SystemRoot\system32\DRIVERS\atikmdag.sys fffff8800a457000-fffff8800aee0000 (11046912 bytes)
Module \SystemRoot\System32\drivers\HDAudBus.sys fffff8800aee0000-fffff8800aef6000 (90112 bytes)
Module \SystemRoot\System32\drivers\USBXHCI.SYS fffff8800aef6000-fffff8800af4d000 (356352 bytes)
Module \SystemRoot\System32\drivers\ucx01000.sys fffff8800af4d000-fffff8800af85000 (229376 bytes)
Module \SystemRoot\System32\drivers\usbohci.sys fffff8800af85000-fffff8800af92000 (53248 bytes)
Module \SystemRoot\System32\drivers\USBPORT.SYS fffff8800a27e000-fffff8800a2f9000 (503808 bytes)
Module \SystemRoot\System32\drivers\usbehci.sys fffff8800af92000-fffff8800afa8000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\ASACPI.sys fffff8800afa8000-fffff8800afb0000 (32768 bytes)
Module \SystemRoot\System32\drivers\serial.sys fffff8800afb0000-fffff8800afc8000 (98304 bytes)
Module \SystemRoot\System32\drivers\serenum.sys fffff8800afc8000-fffff8800afd5000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\Rt630x64.sys fffff8800a2f9000-fffff8800a3a2000 (692224 bytes)
Module \SystemRoot\System32\drivers\wmiacpi.sys fffff8800afd5000-fffff8800afdf000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys fffff8800afdf000-fffff8800b000000 (135168 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys fffff8800a400000-fffff8800a425000 (151552 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys fffff8800a425000-fffff8800a43f000 (106496 bytes)
Module \SystemRoot\System32\drivers\swenum.sys fffff8800a43f000-fffff8800a441000 (8192 bytes)
Module \SystemRoot\System32\drivers\ks.sys fffff8800a3a2000-fffff8800a3f1000 (323584 bytes)
Module \SystemRoot\System32\drivers\rdpbus.sys fffff8800a441000-fffff8800a44c000 (45056 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS fffff880012e4000-fffff880012f8000 (81920 bytes)
Module \SystemRoot\System32\drivers\usbhub.sys fffff8800b233000-fffff8800b2b1000 (516096 bytes)
Module \SystemRoot\System32\drivers\USBD.SYS fffff8800b2b1000-fffff8800b2bc000 (45056 bytes)
Module \SystemRoot\system32\drivers\AtihdW86.sys fffff8800b2bc000-fffff8800b2d7000 (110592 bytes)
Module \SystemRoot\system32\drivers\portcls.sys fffff8800b2d7000-fffff8800b322000 (307200 bytes)
Module \SystemRoot\system32\drivers\drmk.sys fffff8800b322000-fffff8800b344000 (139264 bytes)
Module \SystemRoot\system32\drivers\ksthunk.sys fffff8800b344000-fffff8800b34a000 (24576 bytes)
Module \SystemRoot\System32\drivers\UsbHub3.sys fffff8800b34a000-fffff8800b3bd000 (471040 bytes)
Module \SystemRoot\system32\drivers\RTKVHD64.sys fffff8800c2c0000-fffff8800c6a9000 (4100096 bytes)
Module \SystemRoot\System32\drivers\USBSTOR.SYS fffff8800c6a9000-fffff8800c6c8000 (126976 bytes)
Module \SystemRoot\System32\drivers\usbccgp.sys fffff8800c6c8000-fffff8800c6eb000 (143360 bytes)
Module \SystemRoot\System32\drivers\hidusb.sys fffff8800c6eb000-fffff8800c6f8000 (53248 bytes)
Module \SystemRoot\System32\drivers\HIDCLASS.SYS fffff8800c6f8000-fffff8800c713000 (110592 bytes)
Module \SystemRoot\System32\drivers\HIDPARSE.SYS fffff8800c713000-fffff8800c71b000 (32768 bytes)
Module \SystemRoot\System32\drivers\mouhid.sys fffff8800c71b000-fffff8800c727000 (49152 bytes)
Module \SystemRoot\System32\drivers\mouclass.sys fffff8800c727000-fffff8800c736000 (61440 bytes)
Module \SystemRoot\system32\drivers\usbaudio.sys fffff8800c736000-fffff8800c754000 (122880 bytes)
Module \SystemRoot\System32\Drivers\fastfat.SYS fffff8800c754000-fffff8800c78b000 (225280 bytes)
Module \SystemRoot\System32\drivers\kbdhid.sys fffff8800c78b000-fffff8800c798000 (53248 bytes)
Module \SystemRoot\System32\drivers\kbdclass.sys fffff8800c798000-fffff8800c7a7000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys fffff8800c7a7000-fffff8800c7c7000 (131072 bytes)
Module \SystemRoot\System32\win32k.sys fffff96000037000-fffff9600042c000 (4149248 bytes)
Module \SystemRoot\System32\Drivers\dump_diskdump.sys fffff8800c7c7000-fffff8800c7d4000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_storahci.sys fffff8800c7d4000-fffff8800c7ea000 (90112 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpfve.sys fffff8800c7ea000-fffff8800c7fe000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\monitor.sys fffff8800c200000-fffff8800c20e000 (57344 bytes)
Module \SystemRoot\System32\TSDDD.dll fffff96000618000-fffff96000621000 (36864 bytes)
Module \SystemRoot\System32\cdd.dll fffff96000859000-fffff9600088f000 (221184 bytes)
Module \SystemRoot\system32\drivers\luafv.sys fffff8800c20e000-fffff8800c236000 (163840 bytes)
Module \SystemRoot\system32\DRIVERS\lltdio.sys fffff8800c236000-fffff8800c24a000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\rspndr.sys fffff8800c24a000-fffff8800c262000 (98304 bytes)
Module \SystemRoot\system32\drivers\HTTP.sys fffff8801de2e000-fffff8801df0a000 (901120 bytes)
Module \SystemRoot\system32\DRIVERS\bowser.sys fffff8801df0a000-fffff8801df2a000 (131072 bytes)
Module \SystemRoot\System32\drivers\mpsdrv.sys fffff8801df2a000-fffff8801df41000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys fffff8801df41000-fffff8801dfa3000 (401408 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb10.sys fffff8801dfa3000-fffff8801dfee000 (307200 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb20.sys fffff8800c262000-fffff8800c29c000 (237568 bytes)
Module \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys fffff8800b3bd000-fffff8800b3ef000 (204800 bytes)
Module \SystemRoot\System32\drivers\condrv.sys fffff8801dfee000-fffff8801dffb000 (53248 bytes)
Module \SystemRoot\system32\drivers\Ndu.sys fffff8801de00000-fffff8801de1c000 (114688 bytes)
Module \SystemRoot\system32\drivers\peauth.sys fffff8801f8b1000-fffff8801f97c000 (831488 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS fffff8801f97c000-fffff8801f987000 (45056 bytes)
Module \SystemRoot\System32\DRIVERS\srvnet.sys fffff8801f987000-fffff8801f9cb000 (278528 bytes)
Module \SystemRoot\System32\drivers\tcpipreg.sys fffff8801f9cb000-fffff8801f9dd000 (73728 bytes)
Module \SystemRoot\System32\DRIVERS\srv2.sys fffff8801f800000-fffff8801f89f000 (651264 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys fffff8801fa55000-fffff8801fae2000 (577536 bytes)
Module \SystemRoot\system32\DRIVERS\mslldp.sys fffff8801fae2000-fffff8801faf9000 (94208 bytes)
Module \SystemRoot\system32\drivers\WudfPf.sys fffff8801fb2f000-fffff8801fb48000 (102400 bytes)
Module \SystemRoot\system32\DRIVERS\WUDFRd.sys fffff8801fb48000-fffff8801fb7e000 (221184 bytes)
Module \SystemRoot\System32\drivers\WpdUpFltr.sys fffff8801fb7e000-fffff8801fb89000 (45056 bytes)
Module \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys fffff8801fb89000-fffff8801fb8f000 (24576 bytes)
Module \??\C:\Users\Snooch\AppData\Local\Temp\pwtoypog.sys fffff8801fb8f000-fffff8801fb9f000 (65536 bytes)

---- Threads - GMER 2.0 ----

Thread C:\Windows\system32\csrss.exe [852:876] fffff9600085e5e8
Thread C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe [3580:3400] 0000000074073ffa
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4288] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4292] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4304] 0000000075054f62
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4320] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4492] 000000006eb49af7
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4504] 000000006eb49af7
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4508] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4512] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4516] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4524] 0000000075054f62
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4544] 00000000722edab5
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4568] 0000000073e574e5
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4584] 000000006ea6e008
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4596] 000000006e326d72
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4604] 000000007758255e
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4608] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4844] 000000007787f504
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:2788] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:5540] 000000007571fecd
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:200] 0000000075054f62
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:5656] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:4140] 0000000077896f00
Thread C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [4252:1132] 0000000077896f00
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:4836] 000007f868d91b90
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5864] 000007f84e11af70
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5940] 000007f84db7b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5944] 000007f84db7b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5948] 000007f84db7b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5952] 000007f84db7b9cc
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316:5972] 000007f84b666ac0
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [436] 000007f869b60000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe [3580] 0000000073a40000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4996] 000007f855830000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4316] 000007f855960000

---- Services - GMER 2.0 ----

Service C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [AUTO] !SASCORE
Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NET Memory Cache 4.0
Service .NETFramework
Service C:\Windows\System32\drivers\1394ohci.sys [MANUAL] 1394ohci
Service C:\Windows\System32\drivers\3ware.sys [BOOT] 3ware
Service C:\Windows\System32\drivers\ACPI.sys [BOOT] ACPI
Service C:\Windows\System32\Drivers\acpiex.sys [BOOT] acpiex
Service C:\Windows\System32\drivers\acpipagr.sys [MANUAL] acpipagr
Service C:\Windows\System32\drivers\acpipmi.sys [MANUAL] AcpiPmi
Service C:\Windows\System32\drivers\acpitime.sys [MANUAL] acpitime
Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [AUTO] AdobeARMservice
Service C:\Windows\System32\drivers\adp94xx.sys [BOOT] adp94xx
Service C:\Windows\System32\drivers\adpahci.sys [BOOT] adpahci
Service C:\Windows\System32\drivers\adpu320.sys [BOOT] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe [MANUAL] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys [SYSTEM] AFD
Service C:\Windows\System32\drivers\agp440.sys [BOOT] agp440
Service C:\Windows\System32\alg.exe [MANUAL] ALG
Service C:\Windows\System32\svchost.exe [MANUAL] AllUserInstallAgent
Service C:\Windows\system32\atiesrxx.exe [AUTO] AMD External Events Utility
Service C:\Program [AUTO] AMD FUEL Service
Service C:\Windows\System32\drivers\amdk8.sys [MANUAL] AmdK8
Service C:\Windows\system32\DRIVERS\atikmdag.sys [MANUAL] amdkmdag
Service C:\Windows\system32\DRIVERS\atikmpag.sys [MANUAL] amdkmdap
Service C:\Windows\System32\drivers\amdppm.sys [MANUAL] AmdPPM
Service C:\Windows\System32\drivers\amdsata.sys [BOOT] amdsata
Service C:\Windows\System32\drivers\amdsbs.sys [BOOT] amdsbs
Service C:\Windows\System32\drivers\amdxata.sys [BOOT] amdxata
Service C:\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [AUTO] AODDriver4.2
Service C:\Windows\system32\drivers\appid.sys [MANUAL] AppID
Service C:\Windows\system32\svchost.exe [MANUAL] AppIDSvc
Service C:\Windows\system32\svchost.exe [MANUAL] Appinfo
Service C:\Windows\system32\svchost.exe [MANUAL] AppMgmt
Service C:\Windows\System32\drivers\arc.sys [BOOT] arc
Service C:\Windows\System32\drivers\arcsas.sys [BOOT] arcsas
Service C:\Windows\SysWow64\drivers\AsIO.sys [SYSTEM] AsIO
Service C:\Windows\system32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac
Service C:\Windows\System32\drivers\atapi.sys [BOOT] atapi
Service Atierecord
Service C:\Windows\system32\drivers\AtihdW86.sys [MANUAL] AtiHDAudioService
Service C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [MANUAL] atillk64
Service C:\Windows\System32\svchost.exe [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe [AUTO] Audiosrv
Service Avg
Service C:\Windows\system32\DRIVERS\avgboota.sys [BOOT] Avgboota
Service C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [AUTO] AVGIDSAgent
Service C:\Windows\system32\DRIVERS\avgidsdrivera.sys [SYSTEM] AVGIDSDriver
Service C:\Windows\system32\DRIVERS\avgidsha.sys [BOOT] AVGIDSHA
Service C:\Windows\system32\DRIVERS\avgldx64.sys [SYSTEM] Avgldx64
Service C:\Windows\system32\DRIVERS\avgloga.sys [BOOT] Avgloga
Service C:\Windows\system32\DRIVERS\avgmfx64.sys [BOOT] Avgmfx64
Service C:\Windows\system32\DRIVERS\avgrkx64.sys [BOOT] Avgrkx64
Service C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [AUTO] avgwd
Service C:\Windows\system32\DRIVERS\avgwfpa.sys [SYSTEM] Avgwfpa
Service C:\Windows\system32\svchost.exe [MANUAL] AxInstSV
Service C:\Windows\System32\drivers\bxvbda.sys [BOOT] b06bdrv
Service C:\Windows\System32\drivers\BasicDisplay.sys [SYSTEM] BasicDisplay
Service C:\Windows\System32\drivers\BasicRender.sys [SYSTEM] BasicRender
Service BattC
Service C:\Windows\System32\svchost.exe [MANUAL] BDESVC
Service [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe [AUTO] BFE
Service C:\Windows\System32\svchost.exe [MANUAL] BITS
Service C:\Windows\system32\DRIVERS\bowser.sys [MANUAL] bowser
Service C:\Windows\system32\svchost.exe [AUTO] BrokerInfrastructure
Service C:\Windows\System32\svchost.exe [MANUAL] Browser
Service C:\Windows\System32\drivers\BthAvrcpTg.sys [MANUAL] BthAvrcpTg
Service C:\Windows\System32\drivers\bthhfenum.sys [MANUAL] BthHFEnum
Service C:\Windows\System32\drivers\BthHFHid.sys [MANUAL] bthhfhid
Service C:\Windows\System32\drivers\bthmodem.sys [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\svchost.exe [MANUAL] bthserv
Service C:\Windows\system32\DRIVERS\cdfs.sys [DISABLED] cdfs
Service C:\Windows\System32\drivers\cdrom.sys [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe [MANUAL] CertPropSvc
Service C:\Windows\System32\drivers\circlass.sys [MANUAL] circlass
Service C:\Windows\System32\drivers\CLFS.sys [BOOT] CLFS
Service clr_optimization_v2.0.50727_32
Service clr_optimization_v2.0.50727_64
Service clr_optimization_v4.0.30319_32
Service clr_optimization_v4.0.30319_64
Service C:\Windows\System32\drivers\CmBatt.sys [MANUAL] CmBatt
Service C:\Windows\System32\Drivers\cng.sys [BOOT] CNG
Service CngHwAssist
Service C:\Windows\System32\drivers\CompositeBus.sys [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe [MANUAL] COMSysApp
Service C:\Windows\System32\drivers\condrv.sys [MANUAL] condrv
Service crypt32
Service C:\Windows\system32\svchost.exe [AUTO] CryptSvc
Service C:\Windows\system32\drivers\csc.sys [SYSTEM] CSC
Service C:\Windows\System32\svchost.exe [AUTO] CscService
Service C:\Windows\system32\drivers\dam.sys [SYSTEM] dam
Service DCLocator
Service C:\Windows\system32\svchost.exe [AUTO] DcomLaunch
Service C:\Windows\system32\svchost.exe [DISABLED] defragsvc
Service C:\Windows\system32\svchost.exe [AUTO] DeviceAssociationService
Service C:\Windows\system32\svchost.exe [MANUAL] DeviceInstall
Service C:\Windows\System32\Drivers\dfsc.sys [SYSTEM] Dfsc
Service C:\Windows\system32\DRIVERS\ssudbus.sys [MANUAL] dg_ssudbus
Service C:\Windows\system32\svchost.exe [AUTO] Dhcp
Service C:\Windows\System32\drivers\discache.sys [SYSTEM] discache
Service C:\Windows\System32\drivers\disk.sys [BOOT] disk
Service C:\Windows\System32\drivers\dmvsc.sys [MANUAL] dmvsc
Service C:\Windows\system32\svchost.exe [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys [MANUAL] drmkaud
Service C:\Windows\system32\svchost.exe [MANUAL] DsmSvc
Service C:\Windows\System32\drivers\dtsoftbus01.sys [SYSTEM] dtsoftbus01
Service C:\Windows\System32\drivers\dxgkrnl.sys [MANUAL] DXGKrnl
Service C:\Windows\System32\svchost.exe [MANUAL] Eaphost
Service C:\Windows\System32\drivers\evbda.sys [BOOT] ebdrv
Service C:\Windows\System32\lsass.exe [MANUAL] EFS
Service C:\Windows\System32\drivers\EhStorClass.sys [BOOT] EhStorClass
Service C:\Windows\System32\drivers\EhStorTcgDrv.sys [BOOT] EhStorTcgDrv
Service C:\Windows\System32\drivers\errdev.sys [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe [AUTO] EventLog
Service C:\Windows\system32\svchost.exe [AUTO] EventSystem
Service [MANUAL] exfat
Service [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe [MANUAL] Fax
Service C:\Windows\System32\drivers\fdc.sys [MANUAL] fdc
Service C:\Windows\system32\svchost.exe [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe [MANUAL] FDResPub
Service C:\Windows\system32\svchost.exe [MANUAL] fhsvc
Service C:\Windows\System32\drivers\fileinfo.sys [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys [MANUAL] Filetrace
Service C:\Windows\System32\drivers\flpydisk.sys [MANUAL] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [MANUAL] FontCache3.0.0.0
Service C:\Windows\System32\drivers\FsDepends.sys [MANUAL] FsDepends
Service [BOOT] Fs_Rec
Service C:\Windows\System32\DRIVERS\fvevol.sys [BOOT] fvevol
Service C:\Windows\System32\drivers\fxppm.sys [MANUAL] FxPPM
Service C:\Windows\System32\drivers\gagp30kx.sys [BOOT] gagp30kx
Service C:\Windows\System32\drivers\vmgencounter.sys [MANUAL] gencounter
Service C:\Windows\System32\Drivers\msgpioclx.sys [MANUAL] GPIOClx0101
Service C:\Windows\system32\svchost.exe [AUTO] gpsvc
Service C:\Windows\system32\drivers\HdAudio.sys [MANUAL] HdAudAddService
Service C:\Windows\System32\drivers\HDAudBus.sys [MANUAL] HDAudBus
Service C:\Windows\System32\drivers\HidBatt.sys [MANUAL] HidBatt
Service C:\Windows\System32\drivers\hidbth.sys [MANUAL] HidBth
Service C:\Windows\System32\drivers\hidi2c.sys [MANUAL] hidi2c
Service C:\Windows\System32\drivers\hidir.sys [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe [MANUAL] hidserv
Service C:\Windows\System32\drivers\hidusb.sys [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe [MANUAL] hkmsvc
Service C:\Windows\System32\svchost.exe [MANUAL] HomeGroupListener
Service C:\Windows\System32\svchost.exe [MANUAL] HomeGroupProvider
Service C:\Windows\System32\drivers\HpSAMD.sys [BOOT] HpSAMD
Service C:\Windows\system32\drivers\HTTP.sys [MANUAL] HTTP
Service C:\Windows\System32\drivers\hwpolicy.sys [BOOT] hwpolicy
Service C:\Windows\System32\drivers\hyperkbd.sys [MANUAL] hyperkbd
Service C:\Windows\system32\DRIVERS\HyperVideo.sys [MANUAL] HyperVideo
Service C:\Windows\System32\drivers\i8042prt.sys [MANUAL] i8042prt
Service C:\Windows\System32\drivers\iaStorV.sys [BOOT] iaStorV
Service C:\Windows\System32\drivers\iirsp.sys [BOOT] iirsp
Service C:\Windows\system32\svchost.exe [MANUAL] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHD64.sys [MANUAL] IntcAzAudAddService
Service C:\Windows\System32\drivers\intelide.sys [BOOT] intelide
Service C:\Windows\System32\drivers\intelppm.sys [MANUAL] intelppm
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe [AUTO] iphlpsvc
Service C:\Windows\System32\drivers\IPMIDrv.sys [MANUAL] IPMIDRV
Service C:\Windows\System32\drivers\ipnat.sys [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys [MANUAL] IRENUM
Service C:\Windows\System32\drivers\isapnp.sys [BOOT] isapnp
Service C:\Windows\System32\drivers\msiscsi.sys [MANUAL] iScsiPrt
Service C:\Windows\System32\drivers\kbdclass.sys [MANUAL] kbdclass
Service C:\Windows\System32\drivers\kbdhid.sys [MANUAL] kbdhid
Service C:\Windows\system32\DRIVERS\kdnic.sys [MANUAL] kdnic
Service C:\Windows\system32\lsass.exe [MANUAL] KeyIso
Service C:\Windows\System32\Drivers\ksecdd.sys [BOOT] KSecDD
Service C:\Windows\System32\Drivers\ksecpkg.sys [BOOT] KSecPkg
Service C:\Windows\system32\drivers\ksthunk.sys [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe [MANUAL] KtmRm
Service C:\Windows\system32\svchost.exe [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe [AUTO] LanmanWorkstation
Service ldap
Service C:\Windows\system32\DRIVERS\lltdio.sys [AUTO] lltdio
Service C:\Windows\System32\svchost.exe [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe [AUTO] lmhosts
Service Lsa
Service C:\Windows\System32\drivers\lsi_sas.sys [BOOT] LSI_SAS
Service C:\Windows\System32\drivers\lsi_sas2.sys [BOOT] LSI_SAS2
Service C:\Windows\System32\drivers\lsi_scsi.sys [BOOT] LSI_SCSI
Service C:\Windows\System32\drivers\lsi_sss.sys [BOOT] LSI_SSS
Service C:\Windows\system32\svchost.exe [AUTO] LSM
Service C:\Windows\system32\drivers\luafv.sys [AUTO] luafv
Service C:\Windows\system32\drivers\MTiCtwl.sys [SYSTEM] MagicTune
Service C:\Windows\System32\drivers\megasas.sys [BOOT] megasas
Service C:\Windows\System32\drivers\MegaSR.sys [BOOT] MegaSR
Service C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [MANUAL] Microsoft SharePoint Workspace Audit Service
Service C:\Windows\system32\svchost.exe [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys [MANUAL] monitor
Service C:\Windows\System32\drivers\mouclass.sys [MANUAL] mouclass
Service C:\Windows\System32\drivers\mouhid.sys [MANUAL] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys [BOOT] mountmgr
Service C:\Windows\System32\drivers\mpsdrv.sys [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mrxdav.sys [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys [MANUAL] mrxsmb20
Service C:\Windows\system32\DRIVERS\bridge.sys [MANUAL] MsBridge
Service C:\Windows\System32\msdtc.exe [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service [SYSTEM] Msfs
Service C:\Windows\System32\drivers\msgpiowin32.sys [MANUAL] msgpiowin32
Service C:\Windows\System32\drivers\mshidkmdf.sys [MANUAL] mshidkmdf
Service C:\Windows\System32\drivers\mshidumdf.sys [MANUAL] mshidumdf
Service C:\Windows\System32\drivers\msisadrv.sys [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe [MANUAL] msiserver
Service C:\Windows\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV
Service C:\Windows\system32\DRIVERS\mslldp.sys [MANUAL] MsLldp
Service C:\Windows\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK
Service C:\Windows\system32\drivers\MSPQM.sys [MANUAL] MSPQM
Service [MANUAL] MsRPC
Service MSSCNTRS
Service C:\Windows\System32\drivers\mssmbios.sys [SYSTEM] mssmbios
Service C:\Windows\system32\drivers\MSTEE.sys [MANUAL] MSTEE
Service C:\Windows\System32\drivers\MTConfig.sys [MANUAL] MTConfig
Service C:\Windows\system32\DRIVERS\ASACPI.sys [MANUAL] MTsensor
Service C:\Windows\System32\Drivers\mup.sys [BOOT] Mup
Service C:\Windows\System32\drivers\mvumis.sys [BOOT] mvumis
Service C:\Windows\System32\svchost.exe [MANUAL] napagent
Service C:\Windows\system32\DRIVERS\nwifi.sys [MANUAL] NativeWifiP
Service C:\Windows\System32\svchost.exe [MANUAL] NcaSvc
Service C:\Windows\System32\svchost.exe [MANUAL] NcdAutoSetup
Service C:\Windows\system32\drivers\ndis.sys [BOOT] NDIS
Service C:\Windows\system32\DRIVERS\ndiscap.sys [MANUAL] NdisCap
Service C:\Windows\system32\DRIVERS\NdisImPlatform.sys [MANUAL] NdisImPlatform
Service C:\Windows\system32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi
Service C:\Windows\system32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NdisWan
Service C:\Windows\system32\DRIVERS\ndiswan.sys [MANUAL] NDISWANLEGACY
Service [MANUAL] NDProxy
Service C:\Windows\system32\drivers\Ndu.sys [AUTO] Ndu
Service C:\Windows\system32\DRIVERS\netbios.sys [SYSTEM] NetBIOS
Service C:\Windows\System32\DRIVERS\netbt.sys [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe [MANUAL] Netman
Service C:\Windows\System32\svchost.exe [MANUAL] netprofm
Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [DISABLED] NetTcpPortSharing
Service C:\Windows\System32\drivers\nfrd960.sys [BOOT] nfrd960
Service C:\Windows\System32\svchost.exe [AUTO] NlaSvc
Service [SYSTEM] Npfs
Service C:\Windows\System32\drivers\npsvctrig.sys [SYSTEM] npsvctrig
Service C:\Windows\system32\svchost.exe [AUTO] nsi
Service C:\Windows\system32\drivers\nsiproxy.sys [SYSTEM] nsiproxy
Service NTDS
Service [MANUAL] Ntfs
Service [SYSTEM] Null
Service C:\Windows\System32\drivers\nvraid.sys [BOOT] nvraid
Service C:\Windows\System32\drivers\nvstor.sys [BOOT] nvstor
Service C:\Windows\System32\drivers\nv_agp.sys [BOOT] nv_agp
Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [MANUAL] ose
Service C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [MANUAL] osppsvc
Service C:\Windows\System32\svchost.exe [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe [MANUAL] p2psvc
Service C:\Windows\System32\drivers\parport.sys [MANUAL] Parport
Service C:\Windows\System32\drivers\partmgr.sys [BOOT] partmgr
Service C:\Windows\system32\svchost.exe [AUTO] PcaSvc
Service C:\Windows\System32\drivers\pci.sys [BOOT] pci
Service C:\Windows\System32\drivers\pciide.sys [BOOT] pciide
Service C:\Windows\System32\drivers\pcmcia.sys [BOOT] pcmcia
Service C:\Windows\System32\drivers\pcw.sys [BOOT] pcw
Service C:\Windows\system32\drivers\pdc.sys [BOOT] pdc
Service C:\Windows\system32\drivers\peauth.sys [AUTO] PEAUTH
Service C:\Windows\System32\svchost.exe [MANUAL] PeerDistSvc
Service PerfDisk
Service C:\Windows\SysWow64\perfhost.exe [MANUAL] PerfHost
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe [MANUAL] pla
Service C:\Windows\system32\svchost.exe [MANUAL] PlugPlay
Service C:\Windows\system32\PnkBstrA.exe [AUTO] PnkBstrA
Service C:\Windows\System32\svchost.exe [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\svchost.exe [AUTO] Power
Service C:\Windows\system32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport
Service C:\Windows\system32\svchost.exe [MANUAL] PrintNotify
Service C:\Windows\System32\drivers\processr.sys [MANUAL] Processor
Service C:\Windows\system32\svchost.exe [AUTO] ProfSvc
Service C:\Windows\system32\DRIVERS\pacer.sys [SYSTEM] Psched
Service C:\Windows\system32\svchost.exe [MANUAL] QWAVE
Service C:\Windows\system32\drivers\qwavedrv.sys [MANUAL] QWAVEdrv
Service C:\Windows\System32\DRIVERS\rasacd.sys [MANUAL] RasAcd
Service C:\Windows\system32\DRIVERS\AgileVpn.sys [MANUAL] RasAgileVpn
Service C:\Windows\System32\svchost.exe [MANUAL] RasAuto
Service C:\Windows\system32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp
Service C:\Windows\System32\svchost.exe [MANUAL] RasMan
Service C:\Windows\system32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe
Service C:\Windows\system32\DRIVERS\rassstp.sys [MANUAL] RasSstp
Service C:\Windows\system32\DRIVERS\rdbss.sys [SYSTEM] rdbss
Service RDMANDK
Service C:\Windows\System32\drivers\rdpbus.sys [MANUAL] rdpbus
Service C:\Windows\System32\drivers\rdpdr.sys [MANUAL] RDPDR
Service RDPNP
Service RDPUDD
Service C:\Windows\System32\drivers\rdpvideominiport.sys [MANUAL] RdpVideoMiniport
Service [MANUAL] RDPWD
Service C:\Windows\System32\drivers\rdyboost.sys [BOOT] rdyboost
Service C:\Windows\System32\svchost.exe [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe [DISABLED] RemoteRegistry
Service C:\Windows\system32\svchost.exe [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys [AUTO] rspndr
Service C:\??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [MANUAL] RTCore64
Service C:\Windows\system32\DRIVERS\Rt630x64.sys [MANUAL] RTL8168
Service C:\Windows\System32\drivers\vms3cap.sys [MANUAL] s3cap
Service C:\Windows\system32\lsass.exe [AUTO] SamSs
Service C:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [SYSTEM] SASDIFSV
Service C:\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [SYSTEM] SASKUTIL
Service C:\Windows\System32\drivers\sbp2port.sys [BOOT] sbp2port
Service C:\Windows\system32\svchost.exe [DISABLED] SCardSvr
Service C:\Windows\System32\DRIVERS\scfilter.sys [MANUAL] scfilter
Service C:\Windows\system32\svchost.exe [AUTO] Schedule
Service C:\Windows\system32\svchost.exe [MANUAL] SCPolicySvc
Service C:\Windows\System32\drivers\sdbus.sys [MANUAL] sdbus
Service C:\Windows\system32\svchost.exe [MANUAL] SDRSVC
Service C:\Windows\System32\drivers\sdstor.sys [MANUAL] sdstor
Service [AUTO] secdrv
Service C:\Windows\system32\svchost.exe [MANUAL] seclogon
Service C:\Windows\system32\svchost.exe [AUTO] SENS
Service C:\Windows\system32\svchost.exe [MANUAL] SensrSvc
Service C:\Windows\system32\drivers\SerCx.sys [MANUAL] SerCx
Service C:\Windows\System32\drivers\serenum.sys [MANUAL] Serenum
Service C:\Windows\System32\drivers\serial.sys [MANUAL] Serial
Service C:\Windows\System32\drivers\sermouse.sys [MANUAL] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe [MANUAL] SessionEnv
Service C:\Windows\System32\drivers\sfloppy.sys [MANUAL] sfloppy
Service C:\Windows\System32\svchost.exe [DISABLED] SharedAccess
Service C:\Windows\System32\svchost.exe [AUTO] ShellHWDetection
Service C:\Windows\System32\drivers\SiSRaid2.sys [BOOT] SiSRaid2
Service C:\Windows\System32\drivers\sisraid4.sys [BOOT] SiSRaid4
Service C:\Program Files (x86)\Skype\Updater\Updater.exe [AUTO] SkypeUpdate
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe [MANUAL] SNMPTRAP
Service C:\Windows\System32\drivers\spaceport.sys [BOOT] spaceport
Service C:\Windows\system32\drivers\SpbCx.sys [MANUAL] SpbCx
Service C:\Windows\System32\spoolsv.exe [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe [AUTO] sppsvc
Service C:\Windows\System32\DRIVERS\srv.sys [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe [MANUAL] SstpSvc
Service C:\Windows\system32\DRIVERS\ssudmdm.sys [MANUAL] ssudmdm
Service C:\Program [MANUAL] Steam Client Service
Service C:\Windows\System32\drivers\stexstor.sys [BOOT] stexstor
Service C:\Windows\system32\svchost.exe [AUTO] stisvc
Service C:\Windows\System32\drivers\storahci.sys [BOOT] storahci
Service C:\Windows\system32\DRIVERS\vmstorfl.sys [BOOT] storflt
Service C:\Windows\System32\svchost.exe [MANUAL] StorSvc
Service C:\Windows\System32\drivers\storvsc.sys [BOOT] storvsc
Service C:\Windows\System32\drivers\storvsp.sys [MANUAL] storvsp
Service C:\Windows\system32\svchost.exe [MANUAL] svsvc
Service C:\Windows\System32\drivers\swenum.sys [MANUAL] swenum
Service C:\Windows\System32\svchost.exe [MANUAL] swprv
Service C:\Windows\system32\svchost.exe [DISABLED] SysMain
Service C:\Windows\system32\svchost.exe [MANUAL] SystemEventsBroker
Service C:\Windows\System32\svchost.exe [MANUAL] TabletInputService
Service C:\Windows\System32\svchost.exe [MANUAL] TapiSrv
Service C:\Windows\System32\drivers\tcpip.sys [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service C:\Windows\System32\drivers\tcpipreg.sys [AUTO] tcpipreg
Service TCPIPTUNNEL
Service C:\Windows\system32\DRIVERS\tdx.sys [SYSTEM] tdx
Service C:\Windows\System32\drivers\terminpt.sys [MANUAL] terminpt
Service C:\Windows\System32\svchost.exe [MANUAL] TermService
Service C:\Windows\System32\svchost.exe [AUTO] Themes
Service C:\Windows\system32\svchost.exe [MANUAL] THREADORDER
Service C:\Windows\system32\svchost.exe [MANUAL] TimeBroker
Service C:\Windows\system32\drivers\tpm.sys [MANUAL] TPM
Service C:\Windows\System32\svchost.exe [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\system32\drivers\tsusbflt.sys [MANUAL] TsUsbFlt
Service C:\Windows\System32\drivers\TsUsbGD.sys [MANUAL] TsUsbGD
Service C:\Windows\system32\DRIVERS\tunnel.sys [MANUAL] tunnel
Service C:\Windows\System32\drivers\uagp35.sys [BOOT] uagp35
Service C:\Windows\System32\drivers\uaspstor.sys [MANUAL] UASPStor
Service C:\Windows\System32\drivers\ucx01000.sys [MANUAL] UCX01000
Service C:\Windows\system32\DRIVERS\udfs.sys [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe [MANUAL] UI0Detect
Service C:\Windows\System32\drivers\uliagpkx.sys [BOOT] uliagpkx
Service C:\Windows\System32\drivers\umbus.sys [MANUAL] umbus
Service C:\Windows\System32\drivers\umpass.sys [MANUAL] UmPass
Service C:\Windows\System32\svchost.exe [MANUAL] UmRdpService
Service C:\Windows\system32\svchost.exe [MANUAL] upnphost
Service C:\Windows\system32\drivers\usbaudio.sys [MANUAL] usbaudio
Service C:\Windows\System32\drivers\usbccgp.sys [MANUAL] usbccgp
Service C:\Windows\System32\drivers\usbcir.sys [MANUAL] usbcir
Service C:\Windows\System32\drivers\usbehci.sys [MANUAL] usbehci
Service C:\Windows\System32\drivers\usbhub.sys [MANUAL] usbhub
Service C:\Windows\System32\drivers\UsbHub3.sys [MANUAL] USBHUB3
Service C:\Windows\System32\drivers\usbohci.sys [MANUAL] usbohci
Service C:\Windows\System32\drivers\usbprint.sys [MANUAL] usbprint
Service C:\Windows\System32\drivers\USBSTOR.SYS [MANUAL] USBSTOR
Service C:\Windows\System32\drivers\usbuhci.sys [MANUAL] usbuhci
Service C:\Windows\System32\drivers\USBXHCI.SYS [MANUAL] USBXHCI
Service C:\Windows\system32\lsass.exe [MANUAL] VaultSvc
Service C:\Windows\System32\drivers\vdrvroot.sys [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe [MANUAL] vds
Service C:\Windows\system32\drivers\VerifierExt.sys [MANUAL] VerifierExt
Service C:\Windows\System32\drivers\vhdmp.sys [MANUAL] vhdmp
Service C:\Windows\System32\drivers\viaide.sys [BOOT] viaide
Service C:\Windows\System32\drivers\Vid.sys [MANUAL] Vid
Service C:\Windows\System32\drivers\vmbus.sys [BOOT] vmbus
Service C:\Windows\System32\drivers\VMBusHID.sys [MANUAL] VMBusHID
Service C:\Windows\System32\drivers\vmbusr.sys [MANUAL] vmbusr
Service C:\Windows\system32\svchost.exe [MANUAL] vmicheartbeat
Service C:\Windows\system32\svchost.exe [MANUAL] vmickvpexchange
Service C:\Windows\system32\svchost.exe [MANUAL] vmicrdv
Service C:\Windows\system32\svchost.exe [MANUAL] vmicshutdown
Service C:\Windows\system32\svchost.exe [MANUAL] vmictimesync
Service C:\Windows\system32\svchost.exe [MANUAL] vmicvss
Service C:\Windows\System32\drivers\volmgr.sys [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys [BOOT] volmgrx
Service C:\Windows\System32\drivers\volsnap.sys [BOOT] volsnap
Service C:\Windows\System32\drivers\vpci.sys [MANUAL] vpci
Service C:\Windows\System32\drivers\vpcivsp.sys [MANUAL] vpcivsp
Service C:\Windows\System32\drivers\vsmraid.sys [BOOT] vsmraid
Service C:\Windows\system32\vssvc.exe [MANUAL] VSS
Service C:\Windows\System32\drivers\vstxraid.sys [BOOT] VSTXRAID
Service C:\Windows\System32\drivers\vwifibus.sys [MANUAL] vwifibus
Service C:\Windows\system32\svchost.exe [MANUAL] W32Time
Service C:\Windows\System32\drivers\wacompen.sys [MANUAL] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys [SYSTEM] Wanarpv6
Service C:\Windows\system32\wbengine.exe [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe [MANUAL] WbioSrvc
Service C:\Windows\system32\svchost.exe [AUTO] Wcmsvc
Service C:\Windows\System32\svchost.exe [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe [MANUAL] WcsPlugInService
Service C:\Windows\System32\drivers\wd.sys [BOOT] Wd
Service C:\Windows\system32\drivers\WdBoot.sys [MANUAL] WdBoot
Service C:\Windows\system32\drivers\Wdf01000.sys [BOOT] Wdf01000
Service C:\Windows\system32\drivers\WdFilter.sys [MANUAL] WdFilter
Service C:\Windows\System32\svchost.exe [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe [MANUAL] WerSvc
Service C:\Windows\system32\DRIVERS\wfplwfs.sys [BOOT] WFPLWFS
Service C:\Windows\system32\svchost.exe [MANUAL] WiaRpc
Service C:\Windows\system32\drivers\wimmount.sys [MANUAL] WIMMount
Service C:\Program Files (x86)\Windows [MANUAL] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service Windows Workflow Foundation 4.0.0.0
Service C:\Windows\system32\svchost.exe [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe [MANUAL] WinRM
Service Winsock
Service WinSock2
Service C:\Windows\system32\DRIVERS\WinUsb.sys [MANUAL] WinUsb
Service C:\Windows\system32\svchost.exe [MANUAL] WlanSvc
Service C:\Windows\system32\svchost.exe [MANUAL] wlidsvc
Service C:\Windows\System32\drivers\wmiacpi.sys [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
Service workerdd
Service C:\Windows\system32\DRIVERS\wpcfltr.sys [MANUAL] wpcfltr
Service C:\Windows\system32\svchost.exe [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe [MANUAL] WPDBusEnum
Service C:\Windows\System32\drivers\WpdUpFltr.sys [MANUAL] WpdUpFltr
Service C:\Windows\system32\drivers\ws2ifsl.sys [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe [DISABLED] wscsvc
Service C:\Windows\system32\SearchIndexer.exe [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\System32\svchost.exe [MANUAL] WSService
Service C:\Windows\system32\svchost.exe [MANUAL] wuauserv
Service C:\Windows\system32\drivers\WudfPf.sys [MANUAL] WudfPf
Service C:\Windows\System32\drivers\WUDFRd.sys [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe [MANUAL] wudfsvc
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFWpdFs
Service C:\Windows\system32\DRIVERS\WUDFRd.sys [MANUAL] WUDFWpdMtp
Service C:\Windows\system32\svchost.exe [MANUAL] WwanSvc
Service xmlprov
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Service {3116E2D6-5BA5-4F77-90DD-5622F32A09B2}
Service {C02CAB3E-C922-4371-A1DD-E72CF76EF979}

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 751999806

---- EOF - GMER 2.0 ----

#11 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 02:04 PM

Jotti:

Jotti said "Found nothing" on both svchost files,
but when I put the nasty "appdata\local\temp\svchost.exe" it says:


2012-11-01 Found nothing

2012-11-01 Gen:Variant.Graftor.45764

2012-10-31 Found nothing

2012-11-01 Gen:Variant.Graftor.45764

2012-10-31 Found nothing

2012-11-01 not-a-virus:RiskTool.Win32.BitCoinMiner

2012-11-01 Found nothing

2012-11-01 not-a-virus:RiskTool.Win32.BitCoinMiner.bxn

2012-11-01 Gen:Variant.Graftor.45764

2012-10-31 Found nothing

2012-10-31 Found nothing

2012-10-31 Found nothing

2012-11-01 RiskTool.W32.BitCoinMiner.bxn

2012-11-01 Found nothing

2012-11-01 Found nothing

2012-10-30 Found nothing

2012-10-31 Win32/BitCoinMiner.D

2012-10-31 RiskTool.BitCoinMiner!g0zK6UwJPc4

2012-10-31 Found nothing

#12 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 04 January 2013 - 02:07 PM

TDSSKiller log is attach to one of my previous posts:

http://www.bleepingcomputer.com/forums/topic480528.html/page__view__findpost__p__2938356

To be honest, after I close the nasty svchost.exe process from Process Exlorer, and delete it from the "Users\UserName\AppData\Local\Temp\" folder, the computer runs pretty much the same.
Thing is, I don't know if that thing is still malicious and/or does nasty things to my system after I close and delete it, but just the fact that it's there after each restart is driving me crazy.

Thanks!

edit- lol, still drives me insane that MBAR, MBAM, SUPERAntiSpyware finds this, quarantines/deletes this, and it's still popping up.
Not to mention that my installed AVG doesn't even find it... lol.

Tried running all of them under Safe Mode, finds nothing. the svchost.exe isn't even there :|

Edited by KirovReporting, 04 January 2013 - 02:29 PM.


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 04 January 2013 - 03:11 PM

I want you to download the following tool then restart you machine and then run the tool as it describes.


  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 KirovReporting

KirovReporting
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 05 January 2013 - 04:11 AM

I want you to download the following tool then restart you machine and then run the tool as it describes.


  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

I know I've been instructed to close all the running processes, but just for the sport I ran it twice - one with everything closed, and one straight after a restart.
The RK log (with all processes closed) doesn't show anything regarding that svchost (I think)

RK (processes closed):
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Snooch [Admin rights]
Mode : Scan -- Date : 01/05/2013 11:02:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\ProgramData\Adobe\14FECD5A.vbe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
-> F:\Users\Default User\NTUSER.DAT
-> F:\Users\Smoochy\NTUSER.DAT
-> F:\Documents and Settings\Default\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] ee5d6a2eab567b66dcc91425905cd250
[BSP] 2792cdf1de7b93b76cf9239dc06820ca : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7501AALS-00J7B0 +++++
--- User ---
[MBR] 821bbf920741c00f1016cdaa93522ed7
[BSP] 54befb790e8e4ac9499d891fceda96d4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SAMSUNG SSD 830 Series +++++
--- User ---
[MBR] 93289385f59df453d5a3a50522afcf5c
[BSP] 056504564badc68b65d07791eb11a1f3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 121752 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01052013_02d1102.txt >>
RKreport[1]_S_01052013_02d1102.txt


RK (all processes running, after reboot):
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Snooch [Admin rights]
Mode : Scan -- Date : 01/05/2013 11:05:11

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Users\Snooch\AppData\Local\Temp\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Adobe (C:\ProgramData\Adobe\14FECD5A.vbe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
-> F:\Users\Default User\NTUSER.DAT
-> F:\Users\Smoochy\NTUSER.DAT
-> F:\Documents and Settings\Default\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS +++++
--- User ---
[MBR] ee5d6a2eab567b66dcc91425905cd250
[BSP] 2792cdf1de7b93b76cf9239dc06820ca : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD7501AALS-00J7B0 +++++
--- User ---
[MBR] 821bbf920741c00f1016cdaa93522ed7
[BSP] 54befb790e8e4ac9499d891fceda96d4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: SAMSUNG SSD 830 Series +++++
--- User ---
[MBR] 93289385f59df453d5a3a50522afcf5c
[BSP] 056504564badc68b65d07791eb11a1f3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 121752 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01052013_02d1105.txt >>
RKreport[1]_S_01052013_02d1105.txt

--------------------------------------------------------------

Thanks again for now!

I really appreciate all the help I get here!

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:38 PM

Posted 05 January 2013 - 12:31 PM

  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Once you have done this post this log. Then restart your machine and do just a scan again and post that log.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users