Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST, BITCOIN MINER


  • This topic is locked This topic is locked
16 replies to this topic

#1 dispak

dispak

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 24 January 2014 - 06:05 PM

hello .ive been trying to get rid of this virus for a while now . my avg anti virus(free) sends me a warning evertime i start my pc.

 

Threat: IDP.program.D1B0A5C0

object name: c:\windows\temp\svchost.exe

 

i click on protect me and it deletes the files but it keeps coming back at bootup. i have malwarebytes anti-malware.i scan and if i dont click on AVG anti virus Protect me option the scan results in 6 founds. and when i click on remove , malwarebytes says i have to restart but the svchost.exe will apear again . if i click protect me option then malwarebytes only finds 5 threats.. i remove all and i even delete in the quarantine tab. but it always comes back.. this is what malwarebytes says.

 

C:\Users\DisPak\Downloads\New_Super_Mario_Forever.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Windows\temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully

 

this is my DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750
Run by DisPak at 17:45:58 on 2014-01-24
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8136.5145 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\MSI\Super RAID\SuperRAIDSvc.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\DisPak\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
"C:\Windows\temp\svchost.exe" -o
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\Cobian Backup 8\Cobian.exe
C:\Program Files (x86)\Cobian Backup 8\cbInterface.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [BitTorrent] "C:\Users\DisPak\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [MediaFire Tray] "C:\Users\DisPak\AppData\Local\MediaFire Desktop\mf_watch.exe" --boot-start
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Corsair M65 Mouse] C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
mRun: [Cobian Backup 8] "C:\Program Files (x86)\Cobian Backup 8\Cobian.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{12C177C8-3B5B-4773-B523-16E6951DDC70} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E1D42A4D-6C41-4F31-AC43-3FAAD215108C} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [THX2Cf64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THX2Cf64.dll,RunDLLEntry THXCfg64
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MBCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: 2013-12-10 19:16; ascsurfingprotection@iobit.com; C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-12-10 19:34; adsremoval@adsremoval.net; C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\extensions\adsremoval@adsremoval.net
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-7-18 49048]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-19 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-20 46368]
R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-13 67888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-18 283200]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-12-22 135824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2013-1-7 25448]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-8-1 198120]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-14 169432]
R2 mfmonitor;mfmonitor;C:\Windows\System32\drivers\mfmonitor_x64.sys [2014-1-23 20696]
R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2013-8-15 103992]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2014-1-13 161776]
R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2013-8-14 29728]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-18 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-18 15129376]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-8-8 343040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R2 SuperRAIDSvc;SuperRAIDSvc;C:\MSI\Super RAID\SuperRAIDSvc.exe [2013-12-18 16384]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2013-10-31 2148664]
R2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2013-4-1 15888]
R3 AcpiCtlDrv;AcpiCtlDrv;C:\Windows\System32\drivers\AcpiCtlDrv.sys [2012-7-17 25880]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-10-30 131968]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-12-3 1342848]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-8-6 68136]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-14 171632]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-1-23 27608]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-8-1 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-8-1 21920]
R3 INETMON;INETMON;C:\Windows\System32\drivers\INETMON.sys [2014-1-13 29088]
R3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2014-1-13 19952]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-2-13 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-19 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-19 786416]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-3-20 154320]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-1-14 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;C:\MSI\Super RAID\NTIOLib_X64.sys [2013-11-24 14136]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2014-1-13 13368]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-11-22 14136]
R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2013-8-15 13368]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-18 39200]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2014-1-2 13480]
R3 SnakeEyes;Corsair M65 Gaming Mouse;C:\Windows\System32\drivers\SnakeEyes.sys [2013-12-29 25600]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-9-11 49152]
S3 CorsairAudioFilter;Corsair Audio Filtering Service;C:\Windows\System32\drivers\corsveng2kamd64.sys [2013-11-11 109144]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2013-11-21 520416]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7818v160\NTIOLib_X64.sys [2011-1-6 11888]
S3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2013-8-15 7908664]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-29 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-21 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-29 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-16 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-12-13 1120784]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-12-3 1361856]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-12-3 1148864]
S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2013-9-22 18360]
.
=============== Created Last 30 ================
.
2014-01-24 22:27:42    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 8
2014-01-24 22:24:36    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2014-01-24 07:41:38    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3894026-5422-4DC1-83CB-F0E9E08722E0}\mpengine.dll
2014-01-24 04:38:36    --------    d-----w-    C:\Program Files (x86)\MediaFire Desktop
2014-01-24 04:38:25    20696    ----a-w-    C:\Windows\System32\drivers\mfmonitor_x64.sys
2014-01-23 22:29:09    --------    d-----w-    C:\Users\DisPak\AppData\Roaming\OBS
2014-01-23 22:29:04    --------    d-----w-    C:\Program Files\OBS
2014-01-23 22:29:04    --------    d-----w-    C:\Program Files (x86)\OBS
2014-01-23 07:19:11    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-23 07:19:11    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28CDE612-AB75-4CFB-84BF-F33B9EF82309}\gapaengine.dll
2014-01-23 07:19:05    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-21 04:49:51    --------    d-----w-    C:\Users\DisPak\AppData\Local\Intel_Corporation
2014-01-15 16:37:33    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 16:37:33    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 16:37:33    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 16:37:33    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 16:37:33    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 16:37:33    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 16:37:33    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 16:37:33    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 16:37:32    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-15 05:10:20    90112    ------w-    C:\Windows\Updreg.EXE
2014-01-15 05:10:17    40576    ------w-    C:\Windows\System32\MBCfg64.dll
2014-01-15 05:10:17    36992    ------w-    C:\Windows\SysWow64\MBCfg32.dll
2014-01-15 05:10:17    332928    ------w-    C:\Windows\System32\ChezSC64.DLL
2014-01-15 05:10:17    288896    ------w-    C:\Windows\SysWow64\ChezSC32.DLL
2014-01-15 05:10:17    15488    ------w-    C:\Windows\SysWow64\ResDefA.exe
2014-01-15 05:10:17    148096    ------w-    C:\Windows\System32\MBCfg64.exe
2014-01-15 05:10:17    138880    ------w-    C:\Windows\SysWow64\MBCfg32.exe
2014-01-15 05:10:16    89600    ----a-w-    C:\Windows\System32\CmdRtr64.DLL
2014-01-15 05:10:16    74240    ----a-w-    C:\Windows\SysWow64\CmdRtr.DLL
2014-01-15 05:10:16    325120    ----a-w-    C:\Windows\System32\APOMgr64.DLL
2014-01-15 05:10:16    246272    ----a-w-    C:\Windows\SysWow64\APOMngr.DLL
2014-01-15 04:30:48    --------    d-----w-    C:\ProgramData\Qualcomm
2014-01-15 04:30:36    --------    d-----w-    C:\Program Files\Qualcomm Atheros
2014-01-15 04:30:32    --------    d-----w-    C:\ProgramData\Downloaded Installations
2014-01-14 04:59:26    29088    ----a-w-    C:\Windows\System32\drivers\INETMON.sys
2014-01-14 04:51:45    --------    d--h--w-    C:\SuperChargerProfile
2014-01-14 04:41:40    99288    ----a-w-    C:\Windows\System32\drivers\TeeDriverx64.sys
2014-01-14 04:41:40    1795952    ----a-w-    C:\Windows\System32\WdfCoInstaller01011.dll
2014-01-10 22:17:40    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-08 22:16:25    --------    d-----w-    C:\Temp
2014-01-08 22:15:29    --------    d-----w-    C:\Users\DisPak\AppData\Local\Futuremark
2014-01-08 22:13:58    --------    d-----w-    C:\Program Files (x86)\Futuremark
2014-01-08 21:35:53    --------    d-----w-    C:\Users\DisPak\Heaven
2014-01-08 21:34:25    --------    d-----w-    C:\Program Files (x86)\Unigine
2014-01-08 06:14:49    --------    d-----w-    C:\Program Files (x86)\Geeks3D
2014-01-07 22:35:52    --------    d-----w-    C:\Program Files\MSI Kombustor 3.0
2014-01-07 22:19:56    --------    d-----w-    C:\Program Files (x86)\GPU-Z
2014-01-06 02:19:45    --------    d-----w-    C:\Users\DisPak\AppData\Roaming\openvr
2014-01-04 22:55:09    --------    d-----w-    C:\Users\DisPak\AppData\Roaming\MAXON
2014-01-04 22:53:32    --------    d-----w-    C:\Users\DisPak\cinebench
2013-12-29 08:56:45    1199831    ----a-w-    C:\Windows\unins001.exe
2013-12-29 08:56:20    25600    ----a-w-    C:\Windows\System32\drivers\SnakeEyes.sys
2013-12-29 08:56:20    1193175    ----a-w-    C:\Windows\unins000.exe
.
==================== Find3M  ====================
.
2014-01-24 07:14:29    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2014-01-24 04:49:32    214392    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-17 04:24:58    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 04:24:58    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-10 22:17:20    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-19 18:53:46    6671648    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46    3490080    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44    386336    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22    590112    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48    3539040    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-12-19 04:42:25    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-19 04:42:22    29696    ----a-w-    C:\Windows\System32\THX2Cf64.dll
2013-12-11 05:41:37    885520    ----a-w-    C:\Windows\System32\Netwcw00.dll
2013-12-11 05:41:37    3381008    ----a-w-    C:\Windows\System32\Netwrw00.dll
2013-12-11 05:41:37    11530992    ----a-w-    C:\Windows\System32\drivers\NETwsw00.sys
2013-12-11 00:01:02    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 02:15:06    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-05 08:42:30    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-04 01:29:52    3760344    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2013-12-03 21:05:20    154840    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2013-12-03 20:32:06    1998104    ----a-w-    C:\Windows\System32\MBAPO264.dll
2013-12-03 20:31:54    1727256    ----a-w-    C:\Windows\SysWow64\MBAPO232.dll
2013-11-28 13:38:22    31520    ----a-w-    C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18    197408    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 22:26:24    618200    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2013-11-25 22:20:14    2080472    ----a-w-    C:\Windows\RtlExUpd.dll
2013-11-25 20:59:58    2810072    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2013-11-25 20:59:58    2588888    ----a-w-    C:\Windows\System32\RtkAPO64.dll
2013-11-23 19:26:48    1884448    ----a-w-    C:\Windows\System32\nvdispco6433193.dll
2013-11-23 19:26:48    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433193.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08    1515296    ----a-w-    C:\Windows\System32\nvhdagenco6420103.dll
2013-11-21 22:52:25    46368    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-11-14 20:49:06    1286872    ----a-w-    C:\Windows\System32\RTCOM64.dll
2013-11-14 11:55:24    1884448    ----a-w-    C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:55:24    1511712    ----a-w-    C:\Windows\System32\nvdispgenco6433182.dll
2013-11-13 23:52:56    1013504    ----a-w-    C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-11-13 23:10:20    2103040    ----a-w-    C:\Windows\System32\WavesGUILib64.dll
2013-11-13 23:07:56    2036992    ----a-w-    C:\Windows\System32\MaxxAudioEQ64.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-11 06:36:58    133336    ----a-w-    C:\Windows\System32\corsveng2kcinstamd64.dll
2013-11-11 06:36:58    109144    ----a-w-    C:\Windows\System32\drivers\corsveng2kamd64.sys
2013-11-06 02:55:48    150808    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2013-11-05 19:38:54    274432    ----a-w-    C:\Windows\SysWow64\ssleay32.dll
2013-11-05 19:38:54    1122304    ----a-w-    C:\Windows\SysWow64\libeay32.dll
2013-11-05 02:52:42    240920    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-11-01 04:00:18    212280    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-11-01 03:49:46    294712    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-10-31 16:24:40    35640    ----a-w-    C:\Windows\System32\TURegOpt.exe
2013-10-31 16:24:26    36664    ----a-w-    C:\Windows\System32\uxtuneup.dll
2013-10-31 16:24:26    30008    ----a-w-    C:\Windows\SysWow64\uxtuneup.dll
2013-10-31 16:24:26    26936    ----a-w-    C:\Windows\System32\authuitu.dll
2013-10-31 16:24:26    22328    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-29 05:24:11    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-28 22:29:50    1021656    ----a-w-    C:\Windows\System32\RtkApi64.dll
.
============= FINISH: 17:46:12.77 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 25 January 2014 - 12:49 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 01:14 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by DisPak (administrator) on DISPAK-PC on 26-01-2014 01:08:07
Running from C:\Users\DisPak\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\MSI\Super RAID\SuperRAIDSvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(MSI) C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BitTorrent Inc.) C:\Users\DisPak\AppData\Roaming\BitTorrent\BitTorrent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M65 Mouse\CorsTra.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Luis Cobian) C:\Program Files (x86)\Cobian Backup 8\Cobian.exe
(Luis Cobian) C:\Program Files (x86)\Cobian Backup 8\cbInterface.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
() C:\Windows\temp\svchost.exe
(Micro-Star International) C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [THX2Cf64] - C:\Windows\system32\THX2Cf64.dll [29696 2013-12-18] (Creative Technology Ltd.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-18] (NVIDIA Corporation)
HKLM\...\Run: [MBCfg64] - C:\Windows\system32\MBCfg64.dll [40576 2013-08-29] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Fast Boot] - C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [764472 2012-09-19] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Corsair M65 Mouse] - C:\Program Files (x86)\Corsair\M65 Mouse\M65Hid.exe [1766912 2013-08-15] (Corsair Components  Inc)
HKLM-x32\...\Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-08-13] (MSI)
HKLM-x32\...\Run: [Sound Blaster Cinema] - C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Cobian Backup 8] - C:\Program Files (x86)\Cobian Backup 8\Cobian.exe [501248 2007-09-27] (Luis Cobian)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [BitTorrent] - C:\Users\DisPak\AppData\Roaming\BitTorrent\BitTorrent.exe [899160 2013-11-20] (BitTorrent Inc.)
HKCU\...\Run: [MediaFire Tray] - "C:\Users\DisPak\AppData\Local\MediaFire Desktop\mf_watch.exe" --boot-start
HKCU\...\Policies\system: [DisableLockWorkstation] 0
AppInit_DLLs: => File Not Found

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1A09771403D5CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
SearchScopes: HKCU - {542E9BDF-1736-4DA2-A7D9-C8FE57604347} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=586383&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default
FF user.js: detected! => C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\user.js
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ads Removal - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\Extensions\adsremoval@adsremoval.net [2013-12-11]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\Extensions\ascsurfingprotection@iobit.com [2013-12-11]
FF Extension: MaskMe - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\Extensions\idme@abine.com [2014-01-16]
FF Extension: Download Panel Tweaker - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\Extensions\downloadPanelTweaker@infocatcher.xpi [2013-08-15]
FF Extension: Adblock Plus - C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-17]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09]
CHR Extension: (YouTube) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-14]
CHR Extension: (Google Search) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-14]
CHR Extension: (Google Wallet) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\BrowerProtect\ASC_GhromePlugin.crx [2013-08-14]

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-11] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [103992 2012-10-26] (MSI)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-08-19] (MSI)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 OnlineStorageService; C:\Program Files\Trend Micro SafeSync\hrfscore.exe [7908664 2012-07-12] (Trend Micro Inc.)
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-29] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros)
R2 SuperRAIDSvc; C:\MSI\Super RAID\SuperRAIDSvc.exe [16384 2013-12-18] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148664 2013-10-31] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36664 2013-10-31] (AVG)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-04-01] (Intel® Corporation)
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-21] (AVG Technologies)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
S3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109144 2013-11-11] (Corsair)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-18] (DT Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [19952 2013-02-01] (Windows ® Win 7 DDK provider)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2013-12-06] (Windows ® Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 NTIOLib_1_0_1; C:\MSI\Super RAID\NTIOLib_X64.sys [14136 2012-06-11] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files (x86)\Setup Files\Ms7818v160\NTIOLib_X64.sys [11888 2011-01-06] (MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13480 2014-01-02] ()
R3 SnakeEyes; C:\Windows\System32\drivers\SnakeEyes.sys [25600 2012-09-05] ( )
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-02-21] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [x]
S3 MSICDSetup; \??\E:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIClock_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [x]
S3 NTIOLib_MSICOMM_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [x]
S3 NTIOLib_MSICPU_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIDDR_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIFrequency_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIRatio_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [x]
S3 NTIOLib_MSISMB_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [x]
S3 NTIOLib_MSISuperIO_CC; \??\C:\Program Files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 00:59 - 2014-01-26 01:08 - 00023049 _____ C:\Users\DisPak\Downloads\FRST.txt
2014-01-26 00:59 - 2014-01-26 01:01 - 00030855 _____ C:\Users\DisPak\Downloads\Addition.txt
2014-01-26 00:59 - 2014-01-26 00:59 - 00000000 ____D C:\FRST
2014-01-26 00:57 - 2014-01-26 00:57 - 02078208 _____ (Farbar) C:\Users\DisPak\Downloads\FRST64.exe
2014-01-25 03:08 - 2014-01-25 03:08 - 00298592 _____ C:\Windows\Minidump\012514-15475-01.dmp
2014-01-25 03:02 - 2014-01-25 03:02 - 00294168 _____ C:\Windows\Minidump\012514-15459-01.dmp
2014-01-25 02:26 - 2014-01-25 02:26 - 886046720 _____ C:\Users\DisPak\Desktop\test3 (13).mp4
2014-01-25 02:26 - 2014-01-25 02:26 - 05798437 _____ C:\Users\DisPak\Desktop\test3 (12).mp4
2014-01-25 02:21 - 2014-01-25 02:21 - 00262144 ____N C:\Windows\Minidump\012514-16224-01.dmp
2014-01-25 02:20 - 2014-01-25 02:20 - 14680064 _____ C:\Users\DisPak\Desktop\test3 (11).mp4
2014-01-25 01:01 - 2014-01-25 01:01 - 00294168 _____ C:\Windows\Minidump\012514-15381-01.dmp
2014-01-24 18:10 - 2014-01-24 18:13 - 69753045 _____ C:\Users\DisPak\Desktop\test3 (10).mp4
2014-01-24 18:08 - 2014-01-24 18:09 - 10026484 _____ C:\Users\DisPak\Desktop\test3 (09).mp4
2014-01-24 17:46 - 2014-01-24 17:47 - 00031584 ____N C:\Users\DisPak\Desktop\dds.txt
2014-01-24 17:44 - 2014-01-24 17:44 - 00688992 ____R (Swearware) C:\Users\DisPak\Downloads\dds.com
2014-01-24 17:27 - 2014-01-24 17:27 - 08499200 ____N (Luis Cobian) C:\Users\DisPak\Downloads\cbSetup8.exe
2014-01-24 17:27 - 2014-01-24 17:27 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 8
2014-01-24 17:24 - 2014-01-24 17:27 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2014-01-24 17:21 - 2014-01-24 17:22 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\DisPak\Downloads\cbSetup.exe
2014-01-24 02:29 - 2014-01-24 02:29 - 00262144 ____N C:\Windows\Minidump\012414-13088-01.dmp
2014-01-24 02:27 - 2014-01-24 02:27 - 19922944 ____N C:\Users\DisPak\Desktop\test3 (08).mp4
2014-01-24 02:13 - 2014-01-24 02:13 - 28311552 ____N C:\Users\DisPak\Desktop\test3 (07).mp4
2014-01-24 02:12 - 2014-01-24 02:13 - 24043530 ____N C:\Users\DisPak\Desktop\test3 (06).mp4
2014-01-24 01:07 - 2014-01-24 01:13 - 149982131 ____N C:\Users\DisPak\Desktop\test3 (05).mp4
2014-01-24 01:06 - 2014-01-24 01:07 - 08807739 ____N C:\Users\DisPak\Desktop\test3 (04).mp4
2014-01-24 00:23 - 2014-01-24 00:30 - 161865226 ____N C:\Users\DisPak\Desktop\test3 (03).mp4
2014-01-24 00:21 - 2014-01-24 00:22 - 36434376 ____N C:\Users\DisPak\Desktop\test3 (02).mp4
2014-01-24 00:19 - 2014-01-24 00:19 - 00017464 ____N C:\Users\DisPak\Downloads\JTVPing.zip
2014-01-24 00:19 - 2014-01-24 00:19 - 00000000 ____D C:\Users\DisPak\Downloads\JTVPing
2014-01-24 00:18 - 2014-01-24 00:18 - 00001220 ____N C:\Users\DisPak\Desktop\OBS.exe - Shortcut.lnk
2014-01-23 23:51 - 2014-01-23 23:51 - 00222087 ____N C:\Users\DisPak\Desktop\test3 (01).mp4
2014-01-23 23:44 - 2014-01-23 23:51 - 171436483 ____N C:\Users\DisPak\Desktop\test3.mp4
2014-01-23 23:38 - 2014-01-23 23:38 - 00001614 _____ C:\Windows\System32\Tasks\mf_launch_as_user_062c46
2014-01-23 23:38 - 2013-12-06 11:42 - 00020696 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\mfmonitor_x64.sys
2014-01-23 23:37 - 2014-01-23 23:38 - 69579768 ____N (MediaFire) C:\Users\DisPak\Downloads\MediaFireDesktop-0.10.16.9184-windows-PRODUCTION.exe
2014-01-23 18:03 - 2014-01-23 18:03 - 22985119 ____N C:\Users\DisPak\Desktop\test.rar
2014-01-23 18:02 - 2014-01-23 18:02 - 78214952 ____N C:\Users\DisPak\Desktop\test2 (01).rar
2014-01-23 17:45 - 2014-01-23 17:50 - 111496266 ____N C:\Users\DisPak\Desktop\test2 (01).mp4
2014-01-23 17:42 - 2014-01-23 17:44 - 27455820 ____N C:\Users\DisPak\Desktop\test2.mp4
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\OBS
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Program Files\OBS
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Program Files (x86)\OBS
2014-01-23 17:23 - 2014-01-23 17:24 - 24371916 ____N C:\Users\DisPak\Desktop\test.mp4
2014-01-23 17:11 - 2014-01-23 17:11 - 07660927 ____N C:\Users\DisPak\Downloads\OBS_0_592b_Installer.exe
2014-01-23 00:23 - 2014-01-23 00:23 - 00000212 ____N C:\Users\DisPak\Desktop\specs.txt
2014-01-21 00:19 - 2014-01-21 00:19 - 00000222 ____N C:\Users\DisPak\Desktop\Awesomenauts.url
2014-01-20 23:49 - 2014-01-20 23:49 - 00000000 ____D C:\Users\DisPak\AppData\Local\Intel_Corporation
2014-01-19 00:56 - 2014-01-24 02:21 - 00005050 ____N C:\Windows\PFRO.log
2014-01-18 16:00 - 2014-01-26 01:04 - 00026684 _____ C:\Windows\setupact.log
2014-01-15 17:16 - 2014-01-15 17:16 - 00000000 ____N C:\Users\DisPak\Sti_Trace.log
2014-01-15 11:37 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:37 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:37 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:37 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 00:10 - 2014-01-15 00:10 - 00000159 ___RH C:\Windows\ctfile.rfc
2014-01-15 00:10 - 2013-08-29 11:18 - 00040576 ____N (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.dll
2014-01-15 00:10 - 2013-08-29 11:18 - 00036992 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.dll
2014-01-15 00:10 - 2013-07-03 15:20 - 00002835 ____N C:\Windows\MBCfg_SP_APOIM.ini
2014-01-15 00:10 - 2013-07-03 15:20 - 00002783 ____N C:\Windows\MBCfg_APOIM.ini
2014-01-15 00:10 - 2013-07-03 15:20 - 00002747 ____N C:\Windows\MBCfg_HP_APOIM.ini
2014-01-15 00:10 - 2013-04-23 10:54 - 00332928 ____N (Creative Technology Ltd.) C:\Windows\system32\ChezSC64.DLL
2014-01-15 00:10 - 2013-04-23 10:54 - 00288896 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\ChezSC32.DLL
2014-01-15 00:10 - 2013-04-23 10:54 - 00148096 ____N (Creative Technology Ltd.) C:\Windows\system32\MBCfg64.exe
2014-01-15 00:10 - 2013-04-23 10:53 - 00138880 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\MBCfg32.exe
2014-01-15 00:10 - 2013-04-23 10:53 - 00015488 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\ResDefA.exe
2014-01-15 00:10 - 2013-01-08 10:11 - 00008570 ____N C:\Windows\system32\MBCfg64.ini
2014-01-15 00:10 - 2013-01-08 10:11 - 00005856 ____N C:\Windows\system32\MBCfgUninstall64.ini
2014-01-15 00:10 - 2013-01-08 10:10 - 00008570 ____N C:\Windows\SysWOW64\MBCfg32.ini
2014-01-15 00:10 - 2013-01-08 10:10 - 00005856 ____N C:\Windows\SysWOW64\MBCfgUninstall32.ini
2014-01-15 00:10 - 2012-11-01 11:23 - 00089600 _____ C:\Windows\system32\CmdRtr64.DLL
2014-01-15 00:10 - 2012-11-01 11:22 - 00074240 ____N C:\Windows\SysWOW64\CmdRtr.DLL
2014-01-15 00:10 - 2012-11-01 11:21 - 00325120 _____ C:\Windows\system32\APOMgr64.DLL
2014-01-15 00:10 - 2012-11-01 11:19 - 00246272 ____N C:\Windows\SysWOW64\APOMngr.DLL
2014-01-15 00:10 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\Windows\Updreg.EXE
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Program Files\Realtek
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-14 23:42 - 2013-12-03 20:29 - 03760344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-01-14 23:42 - 2013-12-03 16:05 - 00154840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-01-14 23:42 - 2013-12-03 15:32 - 01998104 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2014-01-14 23:42 - 2013-12-03 15:31 - 01727256 ____N (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2014-01-14 23:42 - 2013-12-03 14:38 - 00693329 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-01-14 23:42 - 2013-11-26 17:26 - 00618200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-01-14 23:42 - 2013-11-25 15:59 - 02810072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-01-14 23:42 - 2013-11-25 15:59 - 02588888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-01-14 23:42 - 2013-11-14 15:49 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-01-14 23:42 - 2013-11-13 18:52 - 01013504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-01-14 23:42 - 2013-11-13 18:10 - 02103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-01-14 23:42 - 2013-11-13 18:07 - 02036992 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-01-14 23:42 - 2013-10-28 17:29 - 01021656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-01-14 23:42 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-01-14 23:42 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-01-14 23:42 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-01-14 23:42 - 2013-07-30 14:04 - 00397080 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2014-01-14 23:42 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-01-14 23:42 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-01-14 23:42 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-01-14 23:42 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-01-14 23:42 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-01-14 23:42 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-01-14 23:42 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-01-14 23:42 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-01-14 23:42 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-01-14 23:42 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-01-14 23:42 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-01-14 23:42 - 2009-11-18 07:12 - 00032344 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\MBfilt64.sys
2014-01-14 23:30 - 2014-01-14 23:30 - 00002783 ____N C:\Users\Public\Desktop\Killer Network Manager.lnk
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\ProgramData\Qualcomm
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\ProgramData\Downloaded Installations
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2014-01-14 18:05 - 2014-01-14 18:05 - 00000338 _____ C:\Users\DisPak\AppData\Local\killertool.log
2014-01-13 23:59 - 2014-01-13 23:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2014-01-13 23:59 - 2013-08-01 17:01 - 00029088 _____ C:\Windows\system32\Drivers\INETMON.sys
2014-01-13 23:51 - 2014-01-13 23:51 - 00000000 ___HD C:\SuperChargerProfile
2014-01-13 23:41 - 2014-01-13 23:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-01-13 23:41 - 2013-09-17 03:20 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2014-01-13 23:41 - 2013-09-17 03:20 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2014-01-13 17:09 - 2014-01-13 17:09 - 00000222 ____N C:\Users\DisPak\Desktop\Nether.url
2014-01-10 17:24 - 2014-01-10 17:24 - 00000000 ____D C:\Users\DisPak\Documents\MGR
2014-01-10 17:17 - 2014-01-10 17:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 01:54 - 2014-01-10 01:54 - 00000222 ____N C:\Users\DisPak\Desktop\METAL GEAR RISING REVENGEANCE.url
2014-01-08 18:21 - 2014-01-08 18:21 - 00002835 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1821.html
2014-01-08 17:19 - 2014-01-08 17:19 - 00000000 ____D C:\Users\DisPak\Documents\PCMark 8
2014-01-08 17:16 - 2014-01-08 17:25 - 00000022 ____N C:\Windows\GPU-Z.INI
2014-01-08 17:15 - 2014-01-08 17:16 - 00000000 ____D C:\Users\DisPak\Documents\3DMark
2014-01-08 17:15 - 2014-01-08 17:15 - 00000000 ____D C:\Users\DisPak\AppData\Local\Futuremark
2014-01-08 17:13 - 2014-01-08 17:13 - 00000000 ____D C:\Program Files (x86)\Futuremark
2014-01-08 17:12 - 2013-12-03 07:12 - 00000000 ____D C:\Users\DisPak\Desktop\3DMark_v1-2_250
2014-01-08 17:07 - 2014-01-08 17:07 - 00002833 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1707.html
2014-01-08 16:51 - 2014-01-08 16:51 - 00002834 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1651.html
2014-01-08 16:35 - 2014-01-08 18:17 - 01065984 _____ C:\Users\DisPak\AppData\Local\file__0.localstorage
2014-01-08 16:35 - 2014-01-08 16:44 - 00000000 ____D C:\Users\DisPak\Heaven
2014-01-08 16:34 - 2014-01-08 16:43 - 1007522262 ____N C:\Users\DisPak\Downloads\3DMark-v1-2-250-[Guru3D.com].zip
2014-01-08 16:34 - 2014-01-08 16:34 - 00002081 ____N C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2014-01-08 16:34 - 2014-01-08 16:34 - 00000000 ____D C:\Program Files (x86)\Unigine
2014-01-08 16:30 - 2014-01-08 16:33 - 258726655 ____N (Unigine Corp.                                               ) C:\Users\DisPak\Downloads\Unigine_Heaven-4.0-[Guru3D.com].exe
2014-01-08 02:23 - 2013-12-19 15:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 22960416 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 17560352 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-08 02:23 - 2013-12-19 15:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 09700224 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 09657464 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 02947872 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 02747680 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 01242400 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00852768 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00847648 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00266984 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-08 02:23 - 2013-12-19 15:33 - 00141336 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-08 02:23 - 2013-11-28 08:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-01-08 02:23 - 2013-11-28 08:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-01-08 02:23 - 2013-11-22 03:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-01-08 01:14 - 2014-01-08 01:14 - 05032470 ____N (Geeks3D                                                     ) C:\Users\DisPak\Downloads\FurMark_1.12.0_Setup.exe
2014-01-08 01:14 - 2014-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2014-01-07 17:35 - 2014-01-07 17:35 - 00000862 ____N C:\Users\DisPak\Desktop\MSI Kombustor 3.0.lnk
2014-01-07 17:35 - 2014-01-07 17:35 - 00000000 ____D C:\Program Files\MSI Kombustor 3.0
2014-01-07 17:34 - 2014-01-02 01:12 - 32524696 ____N C:\Users\DisPak\Desktop\MSIAfterburnerSetup300Beta18.exe
2014-01-07 17:33 - 2014-01-07 17:33 - 32320342 ____N C:\Users\DisPak\Downloads\MSIAfterburnerSetup300Beta18-[Guru3D.com].zip
2014-01-07 17:32 - 2014-01-07 17:33 - 15936515 ____N (MSI Co., LTD                                                ) C:\Users\DisPak\Downloads\MSI_Kombustor_Setup_3.3.0_x64.exe
2014-01-07 17:19 - 2014-01-07 17:19 - 01350232 ____N (techPowerUp (www.techpowerup.com)) C:\Users\DisPak\Downloads\GPU-Z.0.7.5.exe
2014-01-07 17:19 - 2014-01-07 17:19 - 00000927 ____N C:\Users\DisPak\Desktop\TechPowerUp GPU-Z.lnk
2014-01-07 17:19 - 2014-01-07 17:19 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2014-01-05 21:19 - 2014-01-05 21:19 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\openvr
2014-01-04 17:55 - 2014-01-04 17:55 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\MAXON
2014-01-04 17:54 - 2014-01-04 17:54 - 00000000 ____D C:\Users\DisPak\Desktop\New Folder
2014-01-04 17:53 - 2014-01-04 17:54 - 00000000 ____D C:\Users\DisPak\cinebench
2014-01-04 17:53 - 2014-01-04 17:53 - 00000000 ____D C:\Users\DisPak\Downloads\CINEBENCH_R15
2014-01-04 17:52 - 2014-01-04 17:53 - 109047601 ____N C:\Users\DisPak\Downloads\CINEBENCH_R15.zip
2014-01-03 02:16 - 2014-01-22 02:45 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2014-01-01 18:15 - 2014-01-01 18:15 - 02326976 ____N (Beepa Pty Ltd) C:\Users\DisPak\Downloads\setup.exe
2014-01-01 18:15 - 2014-01-01 18:15 - 00000562 ____N C:\Users\Public\Desktop\Fraps.lnk
2013-12-29 17:06 - 2013-12-29 17:22 - 00000000 ____D C:\ProgramData\Adobe
2013-12-29 17:06 - 2013-12-29 17:06 - 00001979 ____N C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-29 03:56 - 2013-12-29 03:56 - 01199831 ____N C:\Windows\unins001.exe
2013-12-29 03:56 - 2013-12-29 03:56 - 01193175 ____N C:\Windows\unins000.exe
2013-12-29 03:56 - 2013-12-29 03:56 - 00042989 ____N C:\Windows\unins000.dat
2013-12-29 03:56 - 2013-12-29 03:56 - 00010813 ____N C:\Windows\unins001.dat
2013-12-29 03:56 - 2012-09-05 13:31 - 00025600 _____ ( ) C:\Windows\system32\Drivers\SnakeEyes.sys
2013-12-29 03:55 - 2013-12-29 03:55 - 00000000 ____D C:\Users\DisPak\Desktop\m65
2013-12-29 03:54 - 2013-12-29 03:55 - 32533629 ____N C:\Users\DisPak\Downloads\M65-setup-091913.zip
2013-12-28 02:31 - 2013-12-28 02:31 - 06446485 ____N C:\Users\DisPak\Downloads\7818v17.zip
2013-12-28 02:29 - 2013-12-28 02:31 - 00000000 ____D C:\Users\DisPak\Desktop\BIOS
2013-12-28 02:29 - 2013-12-28 02:29 - 06328405 ____N C:\Users\DisPak\Downloads\7815v16.zip
2013-12-27 00:01 - 2013-12-27 00:01 - 00000222 ____N C:\Users\DisPak\Desktop\Starbound.url

==================== One Month Modified Files and Folders =======

2014-01-26 01:08 - 2014-01-26 00:59 - 00023049 _____ C:\Users\DisPak\Downloads\FRST.txt
2014-01-26 01:05 - 2013-08-15 00:01 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\BitTorrent
2014-01-26 01:05 - 2013-08-14 17:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 01:04 - 2014-01-18 16:00 - 00026684 _____ C:\Windows\setupact.log
2014-01-26 01:04 - 2013-08-14 17:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-26 01:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-26 01:03 - 2013-08-14 16:54 - 01226325 _____ C:\Windows\WindowsUpdate.log
2014-01-26 01:01 - 2014-01-26 00:59 - 00030855 _____ C:\Users\DisPak\Downloads\Addition.txt
2014-01-26 01:01 - 2013-08-15 14:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 00:59 - 2014-01-26 00:59 - 00000000 ____D C:\FRST
2014-01-26 00:58 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-26 00:58 - 2009-07-13 23:45 - 00025920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-26 00:58 - 2009-07-13 23:45 - 00025920 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-26 00:57 - 2014-01-26 00:57 - 02078208 _____ (Farbar) C:\Users\DisPak\Downloads\FRST64.exe
2014-01-26 00:54 - 2013-08-14 23:08 - 00000000 ____D C:\ProgramData\MFAData
2014-01-25 12:24 - 2013-08-14 17:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 04:08 - 2013-08-25 20:48 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\TS3Client
2014-01-25 03:15 - 2013-09-18 16:06 - 00000000 ____D C:\Users\DisPak\AppData\Local\DayZ
2014-01-25 03:15 - 2013-08-26 22:57 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-25 03:08 - 2014-01-25 03:08 - 00298592 _____ C:\Windows\Minidump\012514-15475-01.dmp
2014-01-25 03:08 - 2013-08-25 13:57 - 00000000 ____D C:\Windows\Minidump
2014-01-25 03:02 - 2014-01-25 03:02 - 00294168 _____ C:\Windows\Minidump\012514-15459-01.dmp
2014-01-25 02:26 - 2014-01-25 02:26 - 886046720 _____ C:\Users\DisPak\Desktop\test3 (13).mp4
2014-01-25 02:26 - 2014-01-25 02:26 - 05798437 _____ C:\Users\DisPak\Desktop\test3 (12).mp4
2014-01-25 02:21 - 2014-01-25 02:21 - 00262144 ____N C:\Windows\Minidump\012514-16224-01.dmp
2014-01-25 02:20 - 2014-01-25 02:20 - 14680064 _____ C:\Users\DisPak\Desktop\test3 (11).mp4
2014-01-25 01:01 - 2014-01-25 01:01 - 00294168 _____ C:\Windows\Minidump\012514-15381-01.dmp
2014-01-25 00:55 - 2013-10-29 16:17 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2014-01-25 00:50 - 2013-08-15 00:06 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\vlc
2014-01-24 18:13 - 2014-01-24 18:10 - 69753045 _____ C:\Users\DisPak\Desktop\test3 (10).mp4
2014-01-24 18:09 - 2014-01-24 18:08 - 10026484 _____ C:\Users\DisPak\Desktop\test3 (09).mp4
2014-01-24 18:09 - 2013-08-17 10:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2014-01-24 17:47 - 2014-01-24 17:46 - 00031584 ____N C:\Users\DisPak\Desktop\dds.txt
2014-01-24 17:46 - 2013-12-08 14:36 - 00012234 ____N C:\Users\DisPak\Desktop\attach.txt
2014-01-24 17:44 - 2014-01-24 17:44 - 00688992 ____R (Swearware) C:\Users\DisPak\Downloads\dds.com
2014-01-24 17:27 - 2014-01-24 17:27 - 08499200 ____N (Luis Cobian) C:\Users\DisPak\Downloads\cbSetup8.exe
2014-01-24 17:27 - 2014-01-24 17:27 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 8
2014-01-24 17:27 - 2014-01-24 17:24 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2014-01-24 17:22 - 2014-01-24 17:21 - 19709440 ____N (Luis Cobian, CobianSoft) C:\Users\DisPak\Downloads\cbSetup.exe
2014-01-24 02:29 - 2014-01-24 02:29 - 00262144 ____N C:\Windows\Minidump\012414-13088-01.dmp
2014-01-24 02:27 - 2014-01-24 02:27 - 19922944 ____N C:\Users\DisPak\Desktop\test3 (08).mp4
2014-01-24 02:22 - 2013-12-08 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 02:21 - 2014-01-19 00:56 - 00005050 ____N C:\Windows\PFRO.log
2014-01-24 02:16 - 2009-07-13 23:45 - 00280168 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-24 02:14 - 2013-08-17 10:13 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2014-01-24 02:13 - 2014-01-24 02:13 - 28311552 ____N C:\Users\DisPak\Desktop\test3 (07).mp4
2014-01-24 02:13 - 2014-01-24 02:12 - 24043530 ____N C:\Users\DisPak\Desktop\test3 (06).mp4
2014-01-24 01:17 - 2013-11-21 17:56 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2014-01-24 01:13 - 2014-01-24 01:07 - 149982131 ____N C:\Users\DisPak\Desktop\test3 (05).mp4
2014-01-24 01:07 - 2014-01-24 01:06 - 08807739 ____N C:\Users\DisPak\Desktop\test3 (04).mp4
2014-01-24 01:04 - 2013-12-15 20:44 - 00000000 ____D C:\Users\DisPak\Documents\Madden NFL 08
2014-01-24 00:30 - 2014-01-24 00:23 - 161865226 ____N C:\Users\DisPak\Desktop\test3 (03).mp4
2014-01-24 00:22 - 2014-01-24 00:21 - 36434376 ____N C:\Users\DisPak\Desktop\test3 (02).mp4
2014-01-24 00:19 - 2014-01-24 00:19 - 00017464 ____N C:\Users\DisPak\Downloads\JTVPing.zip
2014-01-24 00:19 - 2014-01-24 00:19 - 00000000 ____D C:\Users\DisPak\Downloads\JTVPing
2014-01-24 00:18 - 2014-01-24 00:18 - 00001220 ____N C:\Users\DisPak\Desktop\OBS.exe - Shortcut.lnk
2014-01-23 23:51 - 2014-01-23 23:51 - 00222087 ____N C:\Users\DisPak\Desktop\test3 (01).mp4
2014-01-23 23:51 - 2014-01-23 23:44 - 171436483 ____N C:\Users\DisPak\Desktop\test3.mp4
2014-01-23 23:39 - 2013-08-14 17:14 - 00058896 _____ C:\Users\DisPak\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-23 23:38 - 2014-01-23 23:38 - 00001614 _____ C:\Windows\System32\Tasks\mf_launch_as_user_062c46
2014-01-23 23:38 - 2014-01-23 23:37 - 69579768 ____N (MediaFire) C:\Users\DisPak\Downloads\MediaFireDesktop-0.10.16.9184-windows-PRODUCTION.exe
2014-01-23 18:03 - 2014-01-23 18:03 - 22985119 ____N C:\Users\DisPak\Desktop\test.rar
2014-01-23 18:02 - 2014-01-23 18:02 - 78214952 ____N C:\Users\DisPak\Desktop\test2 (01).rar
2014-01-23 18:02 - 2013-08-17 00:45 - 00000000 ____D C:\Users\DisPak\AppData\Local\WinZip
2014-01-23 17:50 - 2014-01-23 17:45 - 111496266 ____N C:\Users\DisPak\Desktop\test2 (01).mp4
2014-01-23 17:44 - 2014-01-23 17:42 - 27455820 ____N C:\Users\DisPak\Desktop\test2.mp4
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\OBS
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Program Files\OBS
2014-01-23 17:29 - 2014-01-23 17:29 - 00000000 ____D C:\Program Files (x86)\OBS
2014-01-23 17:24 - 2014-01-23 17:23 - 24371916 ____N C:\Users\DisPak\Desktop\test.mp4
2014-01-23 17:11 - 2014-01-23 17:11 - 07660927 ____N C:\Users\DisPak\Downloads\OBS_0_592b_Installer.exe
2014-01-23 00:23 - 2014-01-23 00:23 - 00000212 ____N C:\Users\DisPak\Desktop\specs.txt
2014-01-22 17:24 - 2013-08-15 00:03 - 00000000 ____D C:\Users\DisPak\AppData\Local\CrashDumps
2014-01-22 02:45 - 2014-01-03 02:16 - 00003694 _____ C:\Windows\System32\Tasks\Adobe online update program
2014-01-22 00:39 - 2013-08-14 16:56 - 00000000 ____D C:\Program Files (x86)\MSI
2014-01-21 00:19 - 2014-01-21 00:19 - 00000222 ____N C:\Users\DisPak\Desktop\Awesomenauts.url
2014-01-20 23:49 - 2014-01-20 23:49 - 00000000 ____D C:\Users\DisPak\AppData\Local\Intel_Corporation
2014-01-19 14:42 - 2013-09-14 01:36 - 00000000 ____D C:\Users\DisPak\AppData\Local\Warframe
2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 23:30 - 2013-08-14 23:45 - 00000000 ____D C:\Users\DisPak\AppData\Local\Adobe
2014-01-16 23:24 - 2013-08-15 14:24 - 00692616 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-16 23:24 - 2013-08-15 14:24 - 00071048 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-16 23:24 - 2013-08-15 14:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-15 17:16 - 2014-01-15 17:16 - 00000000 ____N C:\Users\DisPak\Sti_Trace.log
2014-01-15 17:16 - 2013-08-14 16:54 - 00000000 ____D C:\Users\DisPak
2014-01-15 12:25 - 2013-08-15 11:55 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 12:24 - 2013-08-15 11:55 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 00:10 - 2014-01-15 00:10 - 00000159 ___RH C:\Windows\ctfile.rfc
2014-01-15 00:10 - 2013-08-15 00:02 - 00000000 ____D C:\ProgramData\Creative
2014-01-15 00:10 - 2013-08-15 00:02 - 00000000 ____D C:\Program Files (x86)\Creative
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Program Files\Realtek
2014-01-14 23:42 - 2014-01-14 23:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-14 23:42 - 2013-08-14 17:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-14 23:30 - 2014-01-14 23:30 - 00002783 ____N C:\Users\Public\Desktop\Killer Network Manager.lnk
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\ProgramData\Qualcomm
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\ProgramData\Downloaded Installations
2014-01-14 23:30 - 2014-01-14 23:30 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2014-01-14 23:29 - 2013-10-31 23:29 - 00000000 _____ C:\Users\DisPak\AppData\Local\Driver_LOM_8161Present.flag
2014-01-14 23:26 - 2013-08-14 17:03 - 00002143 ____N C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-14 18:07 - 2013-12-12 15:16 - 00000000 ____D C:\Program Files (x86)\Corsair
2014-01-14 18:05 - 2014-01-14 18:05 - 00000338 _____ C:\Users\DisPak\AppData\Local\killertool.log
2014-01-13 23:59 - 2014-01-13 23:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2014-01-13 23:58 - 2013-08-14 17:04 - 00000000 ____D C:\Program Files\Intel
2014-01-13 23:51 - 2014-01-13 23:51 - 00000000 ___HD C:\SuperChargerProfile
2014-01-13 23:51 - 2013-08-14 17:06 - 00002027 ____N C:\Users\Public\Desktop\Super-Charger.lnk
2014-01-13 23:49 - 2013-12-12 00:04 - 00000000 ____D C:\Program Files (x86)\Trojan Svchost Removal Tool
2014-01-13 23:46 - 2013-08-15 00:04 - 00000000 ____D C:\ProgramData\Package Cache
2014-01-13 23:41 - 2014-01-13 23:41 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-01-13 17:21 - 2013-08-15 14:56 - 00000000 ____D C:\Users\DisPak\Documents\My Games
2014-01-13 17:09 - 2014-01-13 17:09 - 00000222 ____N C:\Users\DisPak\Desktop\Nether.url
2014-01-10 17:24 - 2014-01-10 17:24 - 00000000 ____D C:\Users\DisPak\Documents\MGR
2014-01-10 17:23 - 2014-01-10 17:17 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 17:23 - 2013-12-11 23:44 - 00000000 ____D C:\Users\DisPak\Desktop\mbar
2014-01-10 17:17 - 2013-12-11 23:44 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-10 01:54 - 2014-01-10 01:54 - 00000222 ____N C:\Users\DisPak\Desktop\METAL GEAR RISING REVENGEANCE.url
2014-01-08 18:21 - 2014-01-08 18:21 - 00002835 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1821.html
2014-01-08 18:17 - 2014-01-08 16:35 - 01065984 _____ C:\Users\DisPak\AppData\Local\file__0.localstorage
2014-01-08 17:25 - 2014-01-08 17:16 - 00000022 ____N C:\Windows\GPU-Z.INI
2014-01-08 17:19 - 2014-01-08 17:19 - 00000000 ____D C:\Users\DisPak\Documents\PCMark 8
2014-01-08 17:16 - 2014-01-08 17:15 - 00000000 ____D C:\Users\DisPak\Documents\3DMark
2014-01-08 17:15 - 2014-01-08 17:15 - 00000000 ____D C:\Users\DisPak\AppData\Local\Futuremark
2014-01-08 17:13 - 2014-01-08 17:13 - 00000000 ____D C:\Program Files (x86)\Futuremark
2014-01-08 17:07 - 2014-01-08 17:07 - 00002833 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1707.html
2014-01-08 16:51 - 2014-01-08 16:51 - 00002834 ____N C:\Users\DisPak\Unigine_Heaven_Benchmark_4.0_20140108_1651.html
2014-01-08 16:44 - 2014-01-08 16:35 - 00000000 ____D C:\Users\DisPak\Heaven
2014-01-08 16:43 - 2014-01-08 16:34 - 1007522262 ____N C:\Users\DisPak\Downloads\3DMark-v1-2-250-[Guru3D.com].zip
2014-01-08 16:34 - 2014-01-08 16:34 - 00002081 ____N C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2014-01-08 16:34 - 2014-01-08 16:34 - 00000000 ____D C:\Program Files (x86)\Unigine
2014-01-08 16:33 - 2014-01-08 16:30 - 258726655 ____N (Unigine Corp.                                               ) C:\Users\DisPak\Downloads\Unigine_Heaven-4.0-[Guru3D.com].exe
2014-01-08 02:25 - 2013-08-14 17:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-08 01:14 - 2014-01-08 01:14 - 05032470 ____N (Geeks3D                                                     ) C:\Users\DisPak\Downloads\FurMark_1.12.0_Setup.exe
2014-01-08 01:14 - 2014-01-08 01:14 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2014-01-08 01:14 - 2013-08-14 16:54 - 00000000 ____D C:\Users\DisPak\AppData\Local\VirtualStore
2014-01-07 17:35 - 2014-01-07 17:35 - 00000862 ____N C:\Users\DisPak\Desktop\MSI Kombustor 3.0.lnk
2014-01-07 17:35 - 2014-01-07 17:35 - 00000000 ____D C:\Program Files\MSI Kombustor 3.0
2014-01-07 17:35 - 2013-10-29 16:17 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2014-01-07 17:34 - 2013-10-29 16:17 - 00001050 ____N C:\Users\DisPak\Desktop\MSI Afterburner.lnk
2014-01-07 17:33 - 2014-01-07 17:33 - 32320342 ____N C:\Users\DisPak\Downloads\MSIAfterburnerSetup300Beta18-[Guru3D.com].zip
2014-01-07 17:33 - 2014-01-07 17:32 - 15936515 ____N (MSI Co., LTD                                                ) C:\Users\DisPak\Downloads\MSI_Kombustor_Setup_3.3.0_x64.exe
2014-01-07 17:19 - 2014-01-07 17:19 - 01350232 ____N (techPowerUp (www.techpowerup.com)) C:\Users\DisPak\Downloads\GPU-Z.0.7.5.exe
2014-01-07 17:19 - 2014-01-07 17:19 - 00000927 ____N C:\Users\DisPak\Desktop\TechPowerUp GPU-Z.lnk
2014-01-07 17:19 - 2014-01-07 17:19 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2014-01-07 01:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-05 21:19 - 2014-01-05 21:19 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\openvr
2014-01-04 17:55 - 2014-01-04 17:55 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\MAXON
2014-01-04 17:54 - 2014-01-04 17:54 - 00000000 ____D C:\Users\DisPak\Desktop\New Folder
2014-01-04 17:54 - 2014-01-04 17:53 - 00000000 ____D C:\Users\DisPak\cinebench
2014-01-04 17:53 - 2014-01-04 17:53 - 00000000 ____D C:\Users\DisPak\Downloads\CINEBENCH_R15
2014-01-04 17:53 - 2014-01-04 17:52 - 109047601 ____N C:\Users\DisPak\Downloads\CINEBENCH_R15.zip
2014-01-02 01:12 - 2014-01-07 17:34 - 32524696 ____N C:\Users\DisPak\Desktop\MSIAfterburnerSetup300Beta18.exe
2014-01-02 01:01 - 2013-08-27 02:01 - 00000000 ____D C:\Users\DisPak\AppData\Local\ArmA 2 OA
2014-01-01 18:15 - 2014-01-01 18:15 - 02326976 ____N (Beepa Pty Ltd) C:\Users\DisPak\Downloads\setup.exe
2014-01-01 18:15 - 2014-01-01 18:15 - 00000562 ____N C:\Users\Public\Desktop\Fraps.lnk
2013-12-29 17:22 - 2013-12-29 17:06 - 00000000 ____D C:\ProgramData\Adobe
2013-12-29 17:20 - 2009-07-14 00:08 - 00032558 ____N C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-29 17:07 - 2013-08-14 23:52 - 00000000 ____D C:\Users\DisPak\AppData\Roaming\Adobe
2013-12-29 17:06 - 2013-12-29 17:06 - 00001979 ____N C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-29 17:06 - 2013-11-17 17:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-29 03:56 - 2013-12-29 03:56 - 01199831 ____N C:\Windows\unins001.exe
2013-12-29 03:56 - 2013-12-29 03:56 - 01193175 ____N C:\Windows\unins000.exe
2013-12-29 03:56 - 2013-12-29 03:56 - 00042989 ____N C:\Windows\unins000.dat
2013-12-29 03:56 - 2013-12-29 03:56 - 00010813 ____N C:\Windows\unins001.dat
2013-12-29 03:55 - 2013-12-29 03:55 - 00000000 ____D C:\Users\DisPak\Desktop\m65
2013-12-29 03:55 - 2013-12-29 03:54 - 32533629 ____N C:\Users\DisPak\Downloads\M65-setup-091913.zip
2013-12-28 02:31 - 2013-12-28 02:31 - 06446485 ____N C:\Users\DisPak\Downloads\7818v17.zip
2013-12-28 02:31 - 2013-12-28 02:29 - 00000000 ____D C:\Users\DisPak\Desktop\BIOS
2013-12-28 02:29 - 2013-12-28 02:29 - 06328405 ____N C:\Users\DisPak\Downloads\7815v16.zip
2013-12-27 00:01 - 2013-12-27 00:01 - 00000222 ____N C:\Users\DisPak\Desktop\Starbound.url

Files to move or delete:
====================
C:\Users\DisPak\AppData\Roaming\Origin\update.vbe


Some content of TEMP:
====================
C:\Users\DisPak\AppData\Local\Temp\Desinstalar.exe
C:\Users\DisPak\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\DisPak\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\DisPak\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\DisPak\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-23 02:34

==================== End Of Log ============================

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 26 January 2014 - 10:41 AM

Please do this next:

icon11.gif  You have more than one antivirus (AV) program running.  Your logs show both AVG and Microsoft Security Essentials running.  Running more than one AV program does not offer any more protection and often causes conflicts and slow downs with your computer.  Please remove one of the AV applications via Control Panel > Programs > Uninstall a program.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 12:15 PM

thank you for the repiles and advice

 

ComboFix 14-01-23.02 - DisPak 01/26/2014  12:10:02.3.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8006.5254 [GMT -5:00]
Running from: c:\users\DisPak\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-26 to 2014-01-26  )))))))))))))))))))))))))))))))
.
.
2014-01-26 17:13 . 2014-01-26 17:13    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-01-26 17:13 . 2014-01-26 17:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-26 17:07 . 2013-12-16 06:54    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC033B0E-6F33-4944-94E4-47009534EF12}\mpengine.dll
2014-01-26 05:59 . 2014-01-26 05:59    --------    d-----w-    C:\FRST
2014-01-24 22:27 . 2014-01-24 22:27    --------    d-----w-    c:\program files (x86)\Cobian Backup 8
2014-01-24 22:24 . 2014-01-24 22:27    --------    d-----w-    c:\program files (x86)\Cobian Backup 11
2014-01-24 04:38 . 2014-01-24 04:39    --------    d-----w-    c:\program files (x86)\MediaFire Desktop
2014-01-24 04:38 . 2013-12-06 16:42    20696    ----a-w-    c:\windows\system32\drivers\mfmonitor_x64.sys
2014-01-23 22:29 . 2014-01-23 22:29    --------    d-----w-    c:\users\DisPak\AppData\Roaming\OBS
2014-01-23 22:29 . 2014-01-23 22:29    --------    d-----w-    c:\program files\OBS
2014-01-23 22:29 . 2014-01-23 22:29    --------    d-----w-    c:\program files (x86)\OBS
2014-01-21 04:49 . 2014-01-21 04:49    --------    d-----w-    c:\users\DisPak\AppData\Local\Intel_Corporation
2014-01-15 16:37 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 16:37 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 16:37 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 16:37 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 16:37 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 16:37 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 16:37 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 16:37 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 16:37 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 05:10 . 2000-05-11 06:00    90112    ------w-    c:\windows\Updreg.EXE
2014-01-15 05:10 . 2013-08-29 16:18    40576    ------w-    c:\windows\system32\MBCfg64.dll
2014-01-15 05:10 . 2013-08-29 16:18    36992    ------w-    c:\windows\SysWow64\MBCfg32.dll
2014-01-15 05:10 . 2013-04-23 15:54    332928    ------w-    c:\windows\system32\ChezSC64.DLL
2014-01-15 05:10 . 2013-04-23 15:54    148096    ------w-    c:\windows\system32\MBCfg64.exe
2014-01-15 05:10 . 2013-04-23 15:54    288896    ------w-    c:\windows\SysWow64\ChezSC32.DLL
2014-01-15 05:10 . 2013-04-23 15:53    138880    ------w-    c:\windows\SysWow64\MBCfg32.exe
2014-01-15 05:10 . 2013-04-23 15:53    15488    ------w-    c:\windows\SysWow64\ResDefA.exe
2014-01-15 05:10 . 2012-11-01 16:23    89600    ----a-w-    c:\windows\system32\CmdRtr64.DLL
2014-01-15 05:10 . 2012-11-01 16:22    74240    ------w-    c:\windows\SysWow64\CmdRtr.DLL
2014-01-15 05:10 . 2012-11-01 16:21    325120    ----a-w-    c:\windows\system32\APOMgr64.DLL
2014-01-15 05:10 . 2012-11-01 16:19    246272    ------w-    c:\windows\SysWow64\APOMngr.DLL
2014-01-15 04:30 . 2014-01-15 04:30    --------    d-----w-    c:\programdata\Qualcomm
2014-01-15 04:30 . 2014-01-15 04:30    --------    d-----w-    c:\program files\Qualcomm Atheros
2014-01-15 04:30 . 2014-01-15 04:30    --------    d-----w-    c:\programdata\Downloaded Installations
2014-01-14 04:59 . 2013-08-01 22:01    29088    ----a-w-    c:\windows\system32\drivers\INETMON.sys
2014-01-14 04:51 . 2014-01-14 04:51    --------    d-----w-    C:\SuperChargerProfile
2014-01-14 04:41 . 2013-09-17 08:20    99288    ----a-w-    c:\windows\system32\drivers\TeeDriverx64.sys
2014-01-14 04:41 . 2013-09-17 08:20    1795952    ----a-w-    c:\windows\system32\WdfCoInstaller01011.dll
2014-01-10 22:17 . 2014-01-10 22:23    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-08 22:16 . 2014-01-08 22:16    --------    d-----w-    C:\Temp
2014-01-08 22:15 . 2014-01-08 22:15    --------    d-----w-    c:\users\DisPak\AppData\Local\Futuremark
2014-01-08 22:13 . 2014-01-08 22:13    --------    d-----w-    c:\program files (x86)\Futuremark
2014-01-08 21:35 . 2014-01-08 21:44    --------    d-----w-    c:\users\DisPak\Heaven
2014-01-08 21:34 . 2014-01-08 21:34    --------    d-----w-    c:\program files (x86)\Unigine
2014-01-08 06:14 . 2014-01-08 06:14    --------    d-----w-    c:\program files (x86)\Geeks3D
2014-01-07 22:35 . 2014-01-07 22:35    --------    d-----w-    c:\program files\MSI Kombustor 3.0
2014-01-07 22:19 . 2014-01-07 22:19    --------    d-----w-    c:\program files (x86)\GPU-Z
2014-01-06 02:19 . 2014-01-06 02:19    --------    d-----w-    c:\users\DisPak\AppData\Roaming\openvr
2014-01-04 22:55 . 2014-01-04 22:55    --------    d-----w-    c:\users\DisPak\AppData\Roaming\MAXON
2014-01-04 22:53 . 2014-01-04 22:54    --------    d-----w-    c:\users\DisPak\cinebench
2013-12-29 08:56 . 2013-12-29 08:56    1199831    ------w-    c:\windows\unins001.exe
2013-12-29 08:56 . 2013-12-29 08:56    1193175    ------w-    c:\windows\unins000.exe
2013-12-29 08:56 . 2012-09-05 18:31    25600    ----a-w-    c:\windows\system32\drivers\SnakeEyes.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 07:03 . 2013-08-17 15:13    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-01-26 06:55 . 2013-08-17 15:13    214392    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-01-24 04:38 . 2014-01-24 04:38    1409    ------w-    c:\windows\Fonts\OpenSans-Regular.fot
2014-01-24 04:38 . 2014-01-24 04:38    1409    ------w-    c:\windows\Fonts\OpenSans-Light.fot
2014-01-24 04:38 . 2014-01-24 04:38    1409    ------w-    c:\windows\Fonts\OpenSans-Bold.fot
2014-01-17 04:24 . 2013-08-15 19:24    71048    ------w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 04:24 . 2013-08-15 19:24    692616    ------w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-15 17:24 . 2013-08-15 16:55    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-10 22:17 . 2013-12-12 04:44    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-19 20:33 . 2013-08-14 22:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-12-19 20:33 . 2013-08-14 22:06    53024    ------w-    c:\windows\SysWow64\OpenCL.dll
2013-12-19 20:33 . 2013-02-26 04:32    2698272    ------w-    c:\windows\SysWow64\nvapi.dll
2013-12-19 20:33 . 2013-02-26 04:32    15230352    ------w-    c:\windows\SysWow64\nvd3dum.dll
2013-12-19 20:33 . 2013-02-26 04:32    3071656    ----a-w-    c:\windows\system32\nvapi64.dll
2013-12-19 20:33 . 2013-02-26 04:32    1436528    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-12-19 20:33 . 2013-02-26 04:32    18310112    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-12-19 20:33 . 2013-02-26 04:32    15877216    ------w-    c:\windows\SysWow64\nvwgf2um.dll
2013-12-19 18:53 . 2013-08-14 22:06    6671648    ----a-w-    c:\windows\system32\nvcpl.dll
2013-12-19 18:53 . 2013-08-14 22:06    3490080    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-12-19 18:53 . 2013-08-14 22:06    922912    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-12-19 18:53 . 2013-08-14 22:06    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-12-19 18:53 . 2013-08-14 22:06    386336    ----a-w-    c:\windows\system32\nvmctray.dll
2013-12-19 17:20 . 2013-12-19 17:20    590112    ------w-    c:\windows\SysWow64\nvStreaming.exe
2013-12-19 05:01 . 2013-08-14 22:06    3539040    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-12-19 04:42 . 2013-12-19 04:42    1100248    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-12-19 04:42 . 2013-12-19 04:42    29696    ----a-w-    c:\windows\system32\THX2Cf64.dll
2013-12-18 11:13 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-11 05:41 . 2013-12-11 05:41    3381008    ----a-w-    c:\windows\system32\Netwrw00.dll
2013-12-11 05:41 . 2013-12-11 05:41    11530992    ----a-w-    c:\windows\system32\drivers\NETwsw00.sys
2013-12-11 05:41 . 2013-12-11 05:41    885520    ----a-w-    c:\windows\system32\Netwcw00.dll
2013-12-11 00:01 . 2013-09-11 10:20    9272200    ------w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-10 02:15 . 2013-12-18 08:01    982232    ------w-    c:\windows\SysWow64\nvspcap.dll
2013-12-05 08:42 . 2013-12-18 08:00    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-18 08:00    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-12-05 08:42 . 2013-12-18 08:00    32544    ------w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-11-25 22:20 . 2013-08-14 22:02    2080472    ------w-    c:\windows\RtlExUpd.dll
2013-11-23 19:26 . 2013-12-06 05:23    1884448    ----a-w-    c:\windows\system32\nvdispco6433193.dll
2013-11-23 19:26 . 2013-12-06 05:23    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433193.dll
2013-11-23 18:26 . 2013-12-10 22:18    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 22:18    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-21 22:52 . 2013-11-20 22:16    46368    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-11-14 11:55 . 2013-11-20 06:46    1884448    ----a-w-    c:\windows\system32\nvdispco6433182.dll
2013-11-14 11:55 . 2013-11-20 06:46    1511712    ----a-w-    c:\windows\system32\nvdispgenco6433182.dll
2013-11-12 02:23 . 2013-12-10 22:18    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 22:18    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-11-11 06:36 . 2013-11-11 06:36    133336    ----a-w-    c:\windows\system32\corsveng2kcinstamd64.dll
2013-11-11 06:36 . 2013-11-11 06:36    109144    ----a-w-    c:\windows\system32\drivers\corsveng2kamd64.sys
2013-11-06 02:55 . 2013-11-06 02:55    150808    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2013-11-05 19:38 . 2013-12-12 05:04    274432    ------w-    c:\windows\SysWow64\ssleay32.dll
2013-11-05 19:38 . 2013-12-12 05:04    1122304    ------w-    c:\windows\SysWow64\libeay32.dll
2013-11-05 02:52 . 2013-11-05 02:52    240920    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-01 04:00 . 2013-11-01 04:00    212280    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2013-11-01 03:49 . 2013-11-01 03:49    294712    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2013-10-31 16:24 . 2013-08-17 05:24    35640    ----a-w-    c:\windows\system32\TURegOpt.exe
2013-10-31 16:24 . 2013-08-17 05:28    36664    ----a-w-    c:\windows\system32\uxtuneup.dll
2013-10-31 16:24 . 2013-08-17 05:28    30008    ------w-    c:\windows\SysWow64\uxtuneup.dll
2013-10-31 16:24 . 2013-08-17 05:24    26936    ----a-w-    c:\windows\system32\authuitu.dll
2013-10-31 16:24 . 2013-08-17 05:24    22328    ------w-    c:\windows\SysWow64\authuitu.dll
2013-10-30 02:32 . 2013-12-10 22:18    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-10 22:18    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-29 05:24 . 2013-08-17 15:13    76888    ------w-    c:\windows\SysWow64\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 17:22    1186616    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"BitTorrent"="c:\users\DisPak\AppData\Roaming\BitTorrent\BitTorrent.exe" [2013-11-20 899160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Fast Boot"="c:\program files (x86)\MSI\Fast Boot\StartFastBoot.exe" [2012-09-19 764472]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"Corsair M65 Mouse"="c:\program files (x86)\Corsair\M65 Mouse\M65Hid.exe" [2013-08-15 1766912]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-08-13 490480]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2013-08-16 711680]
"Cobian Backup 8"="c:\program files (x86)\Cobian Backup 8\Cobian.exe" [2007-09-27 501248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISCTSystray.lnk - c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"amd_dc_opt"=c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"UpdReg"=c:\windows\UpdReg.EXE
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 CorsairAudioFilter;Corsair Audio Filtering Service;c:\windows\system32\DRIVERS\corsveng2kamd64.sys;c:\windows\SYSNATIVE\DRIVERS\corsveng2kamd64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x]
R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7818v160\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7818v160\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIClock_CC;NTIOLib_MSIClock_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICOMM_CC;NTIOLib_MSICOMM_CC;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICPU_CC;NTIOLib_MSICPU_CC;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIFrequency_CC;NTIOLib_MSIFrequency_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIRatio_CC;NTIOLib_MSIRatio_CC;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISuperIO_CC;NTIOLib_MSISuperIO_CC;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [x]
R3 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe;c:\program files\Trend Micro SafeSync\hrfscore.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 ISCTAgent;Intel® Smart Connect Technology Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 mfmonitor;mfmonitor;c:\windows\system32\DRIVERS\mfmonitor_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mfmonitor_x64.sys [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SuperRAIDSvc;SuperRAIDSvc;c:\msi\Super RAID\SuperRAIDSvc.exe;c:\msi\Super RAID\SuperRAIDSvc.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S3 AcpiCtlDrv;AcpiCtlDrv;c:\windows\system32\DRIVERS\AcpiCtlDrv.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiCtlDrv.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\msi\Super RAID\NTIOLib_X64.sys;c:\msi\Super RAID\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SnakeEyes;Corsair M65 Gaming Mouse;c:\windows\system32\drivers\SnakeEyes.sys;c:\windows\SYSNATIVE\drivers\SnakeEyes.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_1
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - NTIOLIB_1_0_4
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-15 04:25    1211672    ------w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-15 04:24]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14 22:02]
.
2014-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-14 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 17:23    1748280    ------w-    c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"THX2Cf64"="c:\windows\system32\THX2Cf64.dll" [2013-12-19 29696]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-19 1100248]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-08-29 40576]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com/?type=586383&fr=spigot-yhp-ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Send to Bluetooth - c:\program files (x86)\Intel\Bluetooth\btSendToObject.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - ExtSQL: 2013-12-10 19:16; ascsurfingprotection@iobit.com; c:\users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-12-10 19:34; adsremoval@adsremoval.net; c:\users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\extensions\adsremoval@adsremoval.net
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MediaFire Tray - c:\users\DisPak\AppData\Local\MediaFire Desktop\mf_watch.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk - c:\windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe -minimize
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-26  12:14:06
ComboFix-quarantined-files.txt  2014-01-26 17:14
.
Pre-Run: 10,568,441,856 bytes free
Post-Run: 10,579,677,184 bytes free
.
- - End Of File - - A9C1DFF93099143820629393ECCEB09D
A36C5E4F47E84449FF07ED3517B43A31
 



#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 26 January 2014 - 01:11 PM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner log
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 04:13 PM

# AdwCleaner v3.017 - Report created 26/01/2014 at 15:20:14
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : DisPak - DISPAK-PC
# Running from : C:\Users\DisPak\Desktop\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

File Found : C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\user.js
Folder Found C:\Users\DisPak\AppData\Local\AVG SafeGuard toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\APN PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6852 octets] - [08/12/2013 14:40:57]
AdwCleaner[R1].txt - [1098 octets] - [26/01/2014 15:20:14]
AdwCleaner[S0].txt - [6693 octets] - [08/12/2013 14:41:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1218 octets] ##########

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.26.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
DisPak :: DISPAK-PC [administrator]

1/26/2014 3:25:19 PM
mbam-log-2014-01-26 (15-25-19).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 491688
Time elapsed: 36 minute(s), 51 second(s)

Memory Processes Detected: 1
C:\Windows\temp\svchost.exe (Trojan.BitCoinMiner) -> 5588 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Windows\temp\svchost.exe (Trojan.BitCoinMiner) -> Delete on reboot.
D:\Downloads\Madden.NFL.08\mainapp.exe (Trojan.Agent.BEWGen) -> Quarantined and deleted successfully.
D:\Downloads\Madden.NFL.08\ViTALiTY\mainapp.exe (Trojan.Agent.BEWGen) -> Quarantined and deleted successfully.
D:\Program Files (x86)\EA Sports\Madden NFL 08\mainapp.exe (Trojan.Agent.BEWGen) -> Quarantined and deleted successfully.
F:\ViTALiTY\mainapp.exe (Trojan.Agent.BEWGen) -> Delete on reboot.
C:\Windows\temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

(end)


 



#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 26 January 2014 - 04:38 PM

Please do this next:

icon11.gif  Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    Uncheck everything except these:
    Key Found : HKCU\Software\APN PIP
    Key Found : [x64] HKCU\Software\APN PIP
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator


  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:

  • adwCleaner log
  • ESET log

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 07:53 PM

# AdwCleaner v3.017 - Report created 26/01/2014 at 17:04:41
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : DisPak - DISPAK-PC
# Running from : C:\Users\DisPak\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : vToolbarUpdater17.1.3

***** [ Files / Folders ] *****

[x] Not Deleted : C:\Users\DisPak\AppData\Local\AVG SafeGuard toolbar
[x] Not Deleted : C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\DisPak\AppData\Roaming\Mozilla\Firefox\Profiles\id9k75zw.default\prefs.js ]


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\DisPak\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6852 octets] - [08/12/2013 14:40:57]
AdwCleaner[R1].txt - [1302 octets] - [26/01/2014 15:20:14]
AdwCleaner[R2].txt - [1362 octets] - [26/01/2014 17:03:26]
AdwCleaner[S0].txt - [6693 octets] - [08/12/2013 14:41:39]
AdwCleaner[S1].txt - [1256 octets] - [26/01/2014 17:04:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1316 octets] ##########
 

 

 

 

 

C:\AdwCleaner\Quarantine\C\Users\DisPak\AppData\Roaming\Search Protection\SearchProtection.exe.vir    a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Users\DisPak\AppData\Roaming\Search Protection\Uninstall.exe.vir    probably a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\softendo.com\Mario Forever 5.01\Data\Mario Forever.exe    a variant of Win32/Toolbar.Conduit.B application
C:\Program Files (x86)\softendo.com\Mario Forever 6.0 Beta\Data\Mario Forever.exe    Win32/Toolbar.Conduit application
C:\Users\DisPak\AppData\Roaming\Origin\update.vbe    VBS/CoinMiner.AD trojan
C:\Users\DisPak\Downloads\cbsidlm-tr1_14-CPUZ-SEO-10050423.exe    Win32/DownloadAdmin.G application
C:\Users\DisPak\Downloads\cbsidlm-tr1_14-Daemon_Tools_Lite-SEO-10778842.exe    Win32/DownloadAdmin.G application
C:\Users\DisPak\Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D application
C:\Users\DisPak\Downloads\epson14540.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\DisPak\Downloads\TrojanSvchostRemovalTool.exe    multiple threats
C:\Users\DisPak\Downloads\WinZip175.exe    a variant of Win32/OpenInstall application
C:\Users\DisPak\Downloads\DuckTales.Remastered-RELOADED\rld-ducktales.iso    a variant of Win32/HackTool.Crack.BQ application
C:\Windows\temp\svchost.exe    a variant of Win32/BitCoinMiner.AF application
D:\DISPAK-PC\Backup Set 2013-08-15 003119\Backup Files 2013-08-18 190006\Backup files 3.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-08-15 003119\Backup Files 2013-08-18 190006\Backup files 4.zip    a variant of Win32/OpenInstall application
D:\DISPAK-PC\Backup Set 2013-08-15 003119\Backup Files 2013-08-25 190000\Backup files 5.zip    Win32/DownloadAdmin.G application
D:\DISPAK-PC\Backup Set 2013-08-15 003119\Backup Files 2013-09-15 190000\Backup files 1.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-08-15 003119\Backup Files 2013-09-15 190000\Backup files 2.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-09-29 202954\Backup Files 2013-09-29 202954\Backup files 1.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-09-29 202954\Backup Files 2013-09-29 202954\Backup files 5.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-10-27 190000\Backup Files 2013-10-27 190000\Backup files 1.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-10-27 190000\Backup Files 2013-10-27 190000\Backup files 5.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-10-27 190000\Backup Files 2013-11-17 190006\Backup files 1.zip    a variant of Win32/Toolbar.Widgi application
D:\DISPAK-PC\Backup Set 2013-12-08 211344\Backup Files 2013-12-08 211344\Backup files 1.zip    VBS/CoinMiner.AD trojan
D:\DISPAK-PC\Backup Set 2013-12-08 211344\Backup Files 2013-12-08 211344\Backup files 3.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-12-15 190000\Backup Files 2013-12-15 190000\Backup files 5.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-12-15 190000\Backup Files 2013-12-15 190000\Backup files 6.zip    multiple threats
D:\DISPAK-PC\Backup Set 2013-12-15 190000\Backup Files 2013-12-22 195400\Backup files 1.zip    VBS/CoinMiner.AD trojan
D:\DISPAK-PC\Backup Set 2013-12-15 190000\Backup Files 2013-12-29 191955\Backup files 2.zip    a variant of Win32/Bundled.Toolbar.Ask.D application
D:\DmC Devil may Cry\Binaries\Win32\steam_api.dll    a variant of Win32/HackTool.Crack.BQ application
D:\Downloads\Super Mario Bros 3 - Mario Forever 5.01 Final Retail - SceneDL.zip    a variant of MSIL/Injector.BUW trojan
 



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 26 January 2014 - 08:18 PM

Please do this next:

icon11.gif   Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it in the same location as FRST (usually your desktop) as fixlist.txt

C:\Users\DisPak\Downloads\TrojanSvchostRemovalTool.exe
C:\Windows\temp\svchost.exe
D:\Downloads\Super Mario Bros 3 - Mario Forever 5.01 Final Retail - SceneDL.zip
C:\Users\DisPak\AppData\Roaming\Origin\update.vbe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now run FRST again.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) please post it to your reply.

icon11.gif  Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

Please include the following in your next post:
  • Fixlog.txt Report

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 08:40 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-01-2014 02
Ran by DisPak at 2014-01-26 20:36:01 Run:1
Running from C:\Users\DisPak\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\DisPak\Downloads\TrojanSvchostRemovalTool.exe
C:\Windows\temp\svchost.exe
D:\Downloads\Super Mario Bros 3 - Mario Forever 5.01 Final Retail - SceneDL.zip
C:\Users\DisPak\AppData\Roaming\Origin\update.vbe
*****************

C:\Users\DisPak\Downloads\TrojanSvchostRemovalTool.exe => Moved successfully.
C:\Windows\temp\svchost.exe => Moved successfully.
D:\Downloads\Super Mario Bros 3 - Mario Forever 5.01 Final Retail - SceneDL.zip => Moved successfully.
C:\Users\DisPak\AppData\Roaming\Origin\update.vbe => Moved successfully.


The system needs a manual reboot.

==== End of Fixlog ====



#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 26 January 2014 - 10:30 PM

Please reboot the computer if you have'nt already, then do this next:

icon11.gif   Run FRST again.

  • When the tool opens click Yes to disclaimer.
  • Enter the following into the search box:  svchost.exe
  • Press the Search File(s) button
  • The tool will make another log (Search.txt) please post it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 26 January 2014 - 10:51 PM

Farbar Recovery Scan Tool (x64) Version: 26-01-2014 02
Ran by DisPak at 2014-01-26 22:51:18
Running from C:\Users\DisPak\Desktop
Boot Mode: Normal

================== Search: "svchost.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 18:19] - [2009-07-13 20:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2009-07-13 20:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\erdnt\cache86\svchost.exe
[2013-12-08 14:57] - [2009-07-13 20:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866

C:\Windows\erdnt\cache64\svchost.exe
[2013-12-08 14:57] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2013-12-08 21:27] - [2013-04-04 14:50] - 0218184 ____N () B4C6E3889BB310CA7E974A04EC6E46AC

C:\FRST\Quarantine\svchost.exe
[2014-01-26 16:15] - [2014-01-26 17:07] - 0645646 ____A () FC57F2A5A68BFC86492A31EA29029496

====== End Of Search ======



#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 AM

Posted 27 January 2014 - 11:44 AM

That confirmed that the bad svchost file did not return.  All I have left for you is some important housekeeping:

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 dispak

dispak
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 27 January 2014 - 04:35 PM

RPMcMurphy Thank You good sir. it was a long process and you stuck with me throughout the whole thing. i cant thank you enough . ive donated to you good sir and i will try to keep my computer's nose clean from now on.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users