brian95

Okay, it's nice to hear that my system is clean. I'll just let MalwareBytes block the incoming connections.

Nope, I still get the incoming connections from svchost.exe. Do you think that it is just my university wifi conncection is insecure as the the notifications started after I moved into my university.

MiniToolBox by Farbar Version: 13-07-2013 Ran by Brian (administrator) on 19-09-2013 at 16:31:52 Running from "C:\Users\Brian\Downloads" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection 5 (Disconnected) Intel® Centrino® Wireless-N 135 = Wireless Network Connection (Connected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Brian-MSI Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : udel.edu Ethernet adapter Local Area Connection 5: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20) #3 Physical Address. . . . . . . . . : 8C-89-A5-09-CA-FB DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2 Physical Address. . . . . . . . . : 0C-D2-92-42-ED-F3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 0C-D2-92-42-ED-F3 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : udel.edu Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 135 Physical Address. . . . . . . . . : 0C-D2-92-42-ED-F2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6991:4857:69d3:484a%12(Preferred) IPv4 Address. . . . . . . . . . . : 128.4.98.77(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.248.0 Lease Obtained. . . . . . . . . . : Thursday, September 19, 2013 4:11:13 PM Lease Expires . . . . . . . . . . : Thursday, September 19, 2013 5:16:13 PM Default Gateway . . . . . . . . . : 128.4.96.1 DHCP Server . . . . . . . . . . . : 128.175.13.65 DHCPv6 IAID . . . . . . . . . . . : 318772480 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-D9-8B-F9-00-13-74-00-00-00 DNS Servers . . . . . . . . . . . : 128.175.13.16 128.175.13.17 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.udel.edu: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : udel.edu Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 15: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:106e:d4d:7ffb:9db2(Preferred) Link-local IPv6 Address . . . . . : fe80::106e:d4d:7ffb:9db2%26(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter 6TO4 Adapter: Connection-specific DNS Suffix . : udel.edu Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2002:8004:624d::8004:624d(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 128.175.13.16 128.175.13.17 NetBIOS over Tcpip. . . . . . . . : Disabled Server: dns1.udel.edu Address: 128.175.13.16 Name: google.com Addresses: 2607:f8b0:4006:803::100e 173.194.43.33 173.194.43.41 173.194.43.39 173.194.43.35 173.194.43.34 173.194.43.46 173.194.43.32 173.194.43.38 173.194.43.40 173.194.43.37 173.194.43.36 Pinging google.com [173.194.43.37] with 32 bytes of data: Reply from 173.194.43.37: bytes=32 time=12ms TTL=57 Reply from 173.194.43.37: bytes=32 time=11ms TTL=57 Ping statistics for 173.194.43.37: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 11ms, Maximum = 12ms, Average = 11ms Server: dns1.udel.edu Address: 128.175.13.16 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=33ms TTL=54 Reply from 98.139.183.24: bytes=32 time=99ms TTL=54 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 99ms, Average = 66ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=4ms TTL=128 Reply from 127.0.0.1: bytes=32 time=1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 4ms, Average = 2ms =========================================================================== Interface List 22...8c 89 a5 09 ca fb ......Killer e2200 PCI-E Gigabit Ethernet Controller (NDIS 6.20) #3 14...0c d2 92 42 ed f3 ......Microsoft Virtual WiFi Miniport Adapter #2 13...0c d2 92 42 ed f3 ......Microsoft Virtual WiFi Miniport Adapter 12...0c d2 92 42 ed f2 ......Intel® Centrino® Wireless-N 135 1...........................Software Loopback Interface 1 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 26...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 24...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 128.4.96.1 128.4.98.77 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 128.4.96.0 255.255.248.0 On-link 128.4.98.77 281 128.4.98.77 255.255.255.255 On-link 128.4.98.77 281 128.4.103.255 255.255.255.255 On-link 128.4.98.77 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 128.4.98.77 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 128.4.98.77 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 26 58 2001::/32 On-link 26 306 2001:0:4137:9e76:106e:d4d:7ffb:9db2/128 On-link 24 1030 2002::/16 On-link 24 286 2002:8004:624d::8004:624d/128 On-link 12 281 fe80::/64 On-link 26 306 fe80::/64 On-link 26 306 fe80::106e:d4d:7ffb:9db2/128 On-link 12 281 fe80::6991:4857:69d3:484a/128 On-link 1 306 ff00::/8 On-link 26 306 ff00::/8 On-link 12 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 09 C:\windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) Catalog9 05 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 12 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 13 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 14 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 15 C:\windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) x64-Catalog9 02 C:\Windows\System32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) x64-Catalog9 03 C:\Windows\System32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) x64-Catalog9 04 C:\Windows\System32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 16 C:\Windows\System32\BfLLR.dll [200704] (Bigfoot Networks, Inc.) ========================= Event log errors: =============================== Application errors: ================== Error: (09/19/2013 04:12:33 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 08:49:02 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 02:39:30 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2980 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2980 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/18/2013 00:35:46 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 10:05:28 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 04:07:12 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (09/17/2013 03:36:16 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/18/2013 02:31:43 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (09/15/2013 05:15:13 AM) (Source: Service Control Manager) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. Error: (09/12/2013 09:57:59 PM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/12/2013 09:57:57 PM) (Source: Service Control Manager) (User: ) Description: The Windows Search service terminated with service-specific error %%-1073473535. Error: (09/11/2013 11:42:00 AM) (Source: Service Control Manager) (User: ) Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/11/2013 11:38:33 AM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service hung on starting. Error: (09/11/2013 11:36:05 AM) (Source: Microsoft Antimalware) (User: ) Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: %24 Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: %600 Error: (09/11/2013 11:04:48 AM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY) Description: The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Problem-Steps-Recorder. Error: (09/11/2013 02:56:02 AM) (Source: Service Control Manager) (User: ) Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306 Error: (09/10/2013 00:42:11 PM) (Source: Service Control Manager) (User: ) Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (09/19/2013 04:12:33 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 08:49:02 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 02:39:30 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2980 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2980 Error: (09/18/2013 00:58:36 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/18/2013 00:35:46 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/18/2013 10:05:28 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/17/2013 04:07:12 PM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE Error: (09/17/2013 03:36:16 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-09-06 13:13:35.007 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-06 13:13:34.570 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-03 14:47:06.660 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-09-03 14:47:06.208 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-04-26 16:19:18.737 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-04-26 16:19:18.707 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-04-26 16:19:18.647 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-04-26 16:19:18.587 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-04-26 16:19:18.567 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-04-26 16:19:18.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 7-Zip 9.30 (x64 edition) (Version: 9.30.00.0) Adobe Flash Player 11 ActiveX (Version: 11.2.202.228) Adobe Reader XI (11.0.04) (Version: 11.0.04) Adobe Shockwave Player 12.0 (Version: 12.0.3.133) Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Battery Calibration (Version: 1.0.1105.1601) Bonjour (Version: 3.0.0.10) BurnRecovery (Version: 3.0.1103.1801) CCleaner (Version: 4.05) Chivalry: Medieval Warfare CyberLink YouCam (Version: 3.1.4612) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Epson Connect Epson Customer Participation (Version: 1.4.0.0) Epson Event Manager (Version: 3.01.0000) EPSON Scan EPSON XP-200 Series Printer Uninstall ETDWare PS/2-X64 11.13.1.4_WHQL (Version: 11.13.1.4) Galería fotográfica de Windows Live (Version: 15.4.3502.0922) Galerie de photos Windows Live (Version: 15.4.3502.0922) GeForce Experience NvStream Client Components (Version: 0.1.87) Google Chrome (Version: 29.0.1547.76) Google Update Helper (Version: 1.3.21.153) Intel PROSet Wireless Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35342) Intel® Management Engine Components (Version: 8.0.4.1441) Intel® OpenCL CPU Runtime Intel® Processor Graphics (Version: 9.17.10.2932) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.1.0.0096) Intel® Rapid Storage Technology (Version: 11.1.0.1006) Intel® Turbo Boost Technology Monitor 2.5 (Version: 2.5.1.0) Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.220) Intel® PROSet/Wireless WiFi Software (Version: 15.01.1000.0927) Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: 11.1.0.126) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Junk Mail filter update (Version: 15.4.3502.0922) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft VC9 runtime libraries (Version: 2.0.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSI HOUSE (Version: 10.07.1601) MSI Software Install (Version: 4.0.1105.1701) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NVIDIA Control Panel 327.23 (Version: 327.23) NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1) NVIDIA Graphics Driver 327.23 (Version: 327.23) NVIDIA Install Application (Version: 2.1002.133.902) NVIDIA Optimus 8.3.14 (Version: 8.3.14) NVIDIA PhysX (Version: 9.13.0725) NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725) NVIDIA Update 8.3.14 (Version: 8.3.14) NVIDIA Update Components (Version: 8.3.14) NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5) O&O Defrag Professional (Version: 16.0.345) PAYDAY 2 Qualcomm Atheros Killer Network Manager (Version: 6.1.0.315) Realtek Ethernet Controller Driver (Version: 7.50.1123.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6549) Realtek PCIE Card Reader (Version: 6.1.7601.90) S-Bar (Version: 21.012.12039) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition SHIELD Streaming (Version: 1.05.28) Skype™ 6.7 (Version: 6.7.102) Software Updater (Version: 4.1.1) Steam (Version: 1.0.0.0) Super-Charger (Version: 1.2.006) swMSM (Version: 12.0.0.1) TeamViewer 8 (Version: 8.0.19617) THX TruStudio Pro (Version: 1.04.01) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition VLC media player 2.0.8 (Version: 2.0.8) War Thunder Windows Live (Version: 15.4.3502.0922) Windows Live ??? (Version: 15.4.3502.0922) Windows Live ???? (Version: 15.4.3502.0922) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 8088.95 MB Available physical RAM: 5754.95 MB Total Pagefile: 16176.07 MB Available Pagefile: 13512.51 MB Total Virtual: 4095.88 MB Available Virtual: 3957.98 MB ========================= Partitions: ===================================== 1 Drive c: (OS_Install) (Fixed) (Total:412.19 GB) (Free:297.98 GB) NTFS 2 Drive d: (Data) (Fixed) (Total:274.8 GB) (Free:206.06 GB) NTFS 3 Drive e: (The Norton Recor) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS ========================= Users: ======================================== User accounts for \\BRIAN-MSI Administrator Brian Guest UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

RogueKiller V8.6.12 _x64_ [sep 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Brian [Admin rights] Mode : Scan -- Date : 09/18/2013 12:43:08 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD7500BPVT-22HXZT3 +++++ --- User --- [MBR] f0a912900e331aefa072c5cf87f8a6af [bSP] 2402635d7ff985e4c399f94f6f68deb5 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11831 Mo 1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 24231936 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24436736 | Size: 422081 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 888858624 | Size: 281391 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09182013_124308.txt >>

Yes I'm still with you and I am also still getting incoming connections blocked.

Malwarebytes still blocks these incoming connections that happens randomly.

All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Brian\Downloads\cmd.bat deleted successfully. C:\Users\Brian\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Brian ->Temp folder emptied: 3461533 bytes ->Temporary Internet Files folder emptied: 2758019 bytes ->Java cache emptied: 1126126 bytes ->Google Chrome cache emptied: 81378405 bytes ->Flash cache emptied: 892 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 516198 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 85.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 09102013_102503 Files\Folders moved on Reboot... C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

The program didn't give me an extra log for some reason but I did get the OTL.txt. OTL logfile created on: 9/10/2013 9:38:12 AM - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Downloads64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16660)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.90 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 65.35% Memory free15.80 Gb Paging File | 12.78 Gb Available in Paging File | 80.93% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 412.19 Gb Total Space | 304.66 Gb Free Space | 73.91% Space Free | Partition Type: NTFSDrive D: | 274.80 Gb Total Space | 206.06 Gb Free Space | 74.99% Space Free | Partition Type: NTFSDrive E: | 548.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: BRIAN-MSI | User Name: Brian | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/09/10 07:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exePRC - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exePRC - [2013/09/06 16:55:38 | 001,811,368 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exePRC - [2013/09/02 16:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/07/27 04:41:25 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exePRC - [2013/07/27 04:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exePRC - [2013/07/08 07:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/12/03 09:24:36 | 005,504,416 | ---- | M] (Micro-Star International Co.,Ltd.) -- C:\Program Files (x86)\S-Bar\S-Bar.exePRC - [2012/12/03 09:24:36 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\S-Bar\MSIService.exePRC - [2012/03/15 00:48:22 | 000,362,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/03/15 00:48:20 | 000,276,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/03/15 00:48:14 | 000,127,320 | R--- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exePRC - [2012/03/15 00:48:06 | 000,162,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/02/27 04:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exePRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2012/01/03 16:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exePRC - [2012/01/03 16:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exePRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exePRC - [2011/10/13 03:46:02 | 000,230,696 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exePRC - [2011/10/13 03:46:02 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2011/08/29 19:37:02 | 001,517,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe ========== Modules (No Company Name) ========== MOD - [2013/09/06 16:55:40 | 001,120,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dllMOD - [2013/09/06 16:37:33 | 000,189,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dllMOD - [2013/09/06 12:43:02 | 018,524,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dllMOD - [2013/09/06 12:42:54 | 001,870,848 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dllMOD - [2013/09/06 12:42:53 | 012,692,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dllMOD - [2013/09/06 12:42:52 | 001,156,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\95623e12dc6a64d28bad5b85f4c730ae\System.Management.ni.dllMOD - [2013/09/06 12:42:44 | 010,914,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dllMOD - [2013/09/06 12:42:43 | 001,630,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dllMOD - [2013/09/06 12:42:38 | 006,995,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dllMOD - [2013/09/06 12:42:37 | 007,559,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dllMOD - [2013/09/06 12:42:35 | 003,905,024 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dllMOD - [2013/09/06 12:42:33 | 000,958,464 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dllMOD - [2013/09/06 12:42:33 | 000,462,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\e7d92730b571b31e62c2cf257f04a974\PresentationFramework.Aero.ni.dllMOD - [2013/09/06 12:42:31 | 009,925,120 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dllMOD - [2013/09/06 12:42:26 | 016,501,248 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dllMOD - [2013/09/02 16:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dllMOD - [2013/09/02 16:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dllMOD - [2013/09/02 16:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dllMOD - [2013/09/02 16:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dllMOD - [2013/09/02 16:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dllMOD - [2013/08/21 18:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dllMOD - [2013/08/07 15:31:06 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dllMOD - [2013/07/27 04:50:15 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\detoured.dllMOD - [2013/07/21 18:48:15 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dllMOD - [2013/07/21 18:48:15 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dllMOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dllMOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dllMOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dllMOD - [2013/04/23 18:57:26 | 004,554,752 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dllMOD - [2013/04/15 18:56:17 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dllMOD - [2013/04/15 18:56:16 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dllMOD - [2013/04/15 18:56:15 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dllMOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2012/12/12 01:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllMOD - [2012/10/05 06:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dllMOD - [2012/10/05 06:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllMOD - [2012/03/18 15:53:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dllMOD - [2010/11/20 23:24:23 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMOD - [2010/11/20 23:23:48 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dllMOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dllMOD - [2009/06/10 17:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/07/27 04:49:33 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2013/04/19 18:10:00 | 002,570,544 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)SRV:64bit: - [2012/03/29 07:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)SRV:64bit: - [2012/03/29 07:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2012/03/29 07:57:14 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2012/03/29 07:57:10 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2012/03/07 21:58:42 | 000,492,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe -- (Qualcomm Atheros Killer Service)SRV:64bit: - [2012/02/03 01:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2012/01/20 16:15:14 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2012/01/17 19:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)SRV:64bit: - [2012/01/09 15:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/07/27 04:35:36 | 001,889,568 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/07/08 07:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/12/03 09:24:36 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\S-Bar\MSIService.exe -- (Micro Star SCM)SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2012/03/15 00:48:22 | 000,362,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/03/15 00:48:20 | 000,276,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/03/15 00:48:14 | 000,127,320 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®SRV - [2012/03/15 00:48:06 | 000,162,648 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012/01/03 16:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)SRV - [2011/12/07 15:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/07/16 19:39:32 | 000,012,800 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe -- (MSI Foundation Service)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys -- (MGHwCtrl)DRV:64bit: - [2013/06/21 08:06:36 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/05/14 15:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/09/28 02:38:22 | 000,329,104 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2012/09/03 04:36:59 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/09/03 04:29:28 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2012/09/03 04:29:28 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2012/07/09 15:27:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)DRV:64bit: - [2012/06/09 14:51:44 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2012/03/12 17:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)DRV:64bit: - [2012/03/07 21:59:46 | 000,075,880 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bflwfx64.sys -- (BfLwf)DRV:64bit: - [2012/03/07 21:59:44 | 000,161,616 | ---- | M] (Qualcomm Atheros, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e22W7x64.sys -- (L1C)DRV:64bit: - [2012/02/26 15:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)DRV:64bit: - [2012/02/26 15:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)DRV:64bit: - [2012/02/26 15:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)DRV:64bit: - [2012/02/01 19:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2012/01/20 16:14:34 | 000,016,128 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2012/01/09 15:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)DRV:64bit: - [2012/01/09 15:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)DRV:64bit: - [2012/01/02 23:21:44 | 000,340,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2011/12/05 16:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/10/13 03:46:20 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2009/11/18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2007/04/17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)DRV - [2011/12/12 16:45:08 | 000,017,936 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys -- (ipadtst)DRV - [2010/01/18 13:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{CC3BD658-3F65-4D87-82C4-B6C1F3485D8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{CC3BD658-3F65-4D87-82C4-B6C1F3485D8A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi.msn.comIE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.comIE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ieIE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\..\SearchScopes\{2D937411-478B-4FDD-A589-7D73810693F3}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://search.yahoo.com?type=714647&fr=spigot-yhp-chCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - Extension: Google Docs = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Chromoji - Emoji for Google Chrome\u2122 = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki\1.2.8_0\CHR - Extension: Adblock Plus = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\CHR - Extension: Google Search = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Reddit Enhancement Suite = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\CHR - Extension: Chrome In-App Payments service = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\CHR - Extension: Gmail = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/09/06 13:14:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)O4 - HKLM..\Run: [s-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe (Micro-Star International Co.,Ltd.)O4 - HKLM..\Run: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun File not foundO4 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001..\Run: [EPLTarget\P0000000000000000] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not foundO4 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)O4 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.5.lnk = File not foundO4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\S-Bar.lnk = C:\Program Files (x86)\S-Bar\S-Bar.exe (Micro-Star International Co.,Ltd.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O7 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1507080147-2391130120-3777288882-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 128.175.13.16 128.175.13.17O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248}: DhcpNameServer = 128.175.13.16 128.175.13.17O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation)O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2011/02/15 10:32:32 | 000,000,068 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/09/09 05:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S-Bar[2013/09/09 03:57:43 | 000,000,000 | ---D | C] -- C:\Users\Brian\Documents\Add-in Express[2013/09/08 20:04:20 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\vlc[2013/09/08 20:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2013/09/08 20:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN[2013/09/06 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\WarThunder[2013/09/06 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder[2013/09/06 13:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S-Bar[2013/09/06 13:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip[2013/09/06 13:18:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/09/06 13:17:15 | 000,000,000 | ---D | C] -- C:\windows\temp[2013/09/06 10:21:42 | 000,000,000 | ---D | C] -- C:\windows\Minidump[2013/09/05 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2013/09/03 12:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip[2013/09/02 15:45:41 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2013/08/30 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Skype[2013/08/30 15:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2013/08/30 15:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2013/08/30 15:35:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype[2013/08/30 15:35:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype[2013/08/28 21:56:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\PAYDAY 2[2013/08/28 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies[2013/08/27 22:12:42 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT[2013/08/27 10:19:45 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\HorizonWimba[2013/08/27 10:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2013/08/27 10:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe[2013/08/27 10:12:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt[2013/08/27 10:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun[2013/08/27 10:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2013/08/27 10:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2013/08/27 10:03:01 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe[2013/08/27 07:37:07 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Epson[2013/08/26 23:04:52 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Leadertech[2013/08/26 23:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON[2013/08/26 22:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON[2013/08/26 22:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc[2013/08/26 22:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software[2013/08/26 22:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software[2013/08/26 22:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON[2013/08/26 22:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON[2013/08/26 22:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson[2013/08/25 01:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013/08/25 01:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013/08/25 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013/08/25 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013/08/25 01:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/08/24 15:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam[2013/08/24 15:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam[2013/08/24 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/09/10 09:34:49 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/09/10 09:33:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/09/10 09:33:31 | 2066,436,095 | -HS- | M] () -- C:\hiberfil.sys[2013/09/10 09:14:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/09/10 07:59:11 | 000,028,896 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/09/10 07:59:11 | 000,028,896 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/09/09 10:10:04 | 000,417,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2013/09/09 05:27:37 | 017,415,968 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/09/09 05:27:37 | 000,744,614 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat[2013/09/09 05:27:37 | 000,744,406 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat[2013/09/09 05:27:37 | 000,742,362 | ---- | M] () -- C:\windows\SysNative\perfh013.dat[2013/09/09 05:27:37 | 000,739,204 | ---- | M] () -- C:\windows\SysNative\perfh015.dat[2013/09/09 05:27:37 | 000,739,048 | ---- | M] () -- C:\windows\SysNative\perfh010.dat[2013/09/09 05:27:37 | 000,728,034 | ---- | M] () -- C:\windows\SysNative\prfh0816.dat[2013/09/09 05:27:37 | 000,723,590 | ---- | M] () -- C:\windows\SysNative\perfh019.dat[2013/09/09 05:27:37 | 000,712,858 | ---- | M] () -- C:\windows\SysNative\prfh0416.dat[2013/09/09 05:27:37 | 000,696,002 | ---- | M] () -- C:\windows\SysNative\perfh007.dat[2013/09/09 05:27:37 | 000,682,648 | ---- | M] () -- C:\windows\SysNative\perfh00E.dat[2013/09/09 05:27:37 | 000,672,782 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/09/09 05:27:37 | 000,667,696 | ---- | M] () -- C:\windows\SysNative\perfh005.dat[2013/09/09 05:27:37 | 000,662,758 | ---- | M] () -- C:\windows\SysNative\perfh01D.dat[2013/09/09 05:27:37 | 000,655,746 | ---- | M] () -- C:\windows\SysNative\perfh01F.dat[2013/09/09 05:27:37 | 000,605,860 | ---- | M] () -- C:\windows\SysNative\perfh008.dat[2013/09/09 05:27:37 | 000,508,384 | ---- | M] () -- C:\windows\SysNative\perfh006.dat[2013/09/09 05:27:37 | 000,493,572 | ---- | M] () -- C:\windows\SysNative\perfh014.dat[2013/09/09 05:27:37 | 000,480,490 | ---- | M] () -- C:\windows\SysNative\perfh00B.dat[2013/09/09 05:27:37 | 000,478,118 | ---- | M] () -- C:\windows\SysNative\perfh001.dat[2013/09/09 05:27:37 | 000,427,920 | ---- | M] () -- C:\windows\SysNative\perfh012.dat[2013/09/09 05:27:37 | 000,416,308 | ---- | M] () -- C:\windows\SysNative\perfh011.dat[2013/09/09 05:27:37 | 000,400,644 | ---- | M] () -- C:\windows\SysNative\prfh0404.dat[2013/09/09 05:27:37 | 000,391,598 | ---- | M] () -- C:\windows\SysNative\perfh00D.dat[2013/09/09 05:27:37 | 000,383,556 | ---- | M] () -- C:\windows\SysNative\prfh0804.dat[2013/09/09 05:27:37 | 000,170,668 | ---- | M] () -- C:\windows\SysNative\perfc00E.dat[2013/09/09 05:27:37 | 000,157,966 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat[2013/09/09 05:27:37 | 000,155,282 | ---- | M] () -- C:\windows\SysNative\perfc015.dat[2013/09/09 05:27:37 | 000,152,576 | ---- | M] () -- C:\windows\SysNative\perfc013.dat[2013/09/09 05:27:37 | 000,152,454 | ---- | M] () -- C:\windows\SysNative\prfc0816.dat[2013/09/09 05:27:37 | 000,150,228 | ---- | M] () -- C:\windows\SysNative\perfc019.dat[2013/09/09 05:27:37 | 000,149,034 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat[2013/09/09 05:27:37 | 000,148,494 | ---- | M] () -- C:\windows\SysNative\perfc007.dat[2013/09/09 05:27:37 | 000,147,128 | ---- | M] () -- C:\windows\SysNative\prfc0416.dat[2013/09/09 05:27:37 | 000,146,384 | ---- | M] () -- C:\windows\SysNative\perfc010.dat[2013/09/09 05:27:37 | 000,142,032 | ---- | M] () -- C:\windows\SysNative\perfc01D.dat[2013/09/09 05:27:37 | 000,140,828 | ---- | M] () -- C:\windows\SysNative\perfc005.dat[2013/09/09 05:27:37 | 000,139,498 | ---- | M] () -- C:\windows\SysNative\perfc01F.dat[2013/09/09 05:27:37 | 000,125,488 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/09/09 05:27:37 | 000,121,714 | ---- | M] () -- C:\windows\SysNative\perfc011.dat[2013/09/09 05:27:37 | 000,120,000 | ---- | M] () -- C:\windows\SysNative\perfc012.dat[2013/09/09 05:27:37 | 000,119,390 | ---- | M] () -- C:\windows\SysNative\prfc0804.dat[2013/09/09 05:27:37 | 000,114,682 | ---- | M] () -- C:\windows\SysNative\prfc0404.dat[2013/09/09 05:27:37 | 000,110,622 | ---- | M] () -- C:\windows\SysNative\perfc008.dat[2013/09/09 05:27:37 | 000,100,888 | ---- | M] () -- C:\windows\SysNative\perfc00B.dat[2013/09/09 05:27:37 | 000,098,132 | ---- | M] () -- C:\windows\SysNative\perfc006.dat[2013/09/09 05:27:37 | 000,094,910 | ---- | M] () -- C:\windows\SysNative\perfc014.dat[2013/09/09 05:27:37 | 000,094,348 | ---- | M] () -- C:\windows\SysNative\perfc001.dat[2013/09/09 05:27:37 | 000,084,396 | ---- | M] () -- C:\windows\SysNative\perfc00D.dat[2013/09/09 04:34:53 | 000,000,000 | ---- | M] () -- C:\windows\EEventManager.INI[2013/09/08 20:04:06 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2013/09/06 20:11:50 | 000,000,222 | ---- | M] () -- C:\Users\Brian\Desktop\War Thunder.url[2013/09/06 13:38:57 | 017,226,180 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/09/06 13:14:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2013/09/02 20:58:15 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk[2013/08/30 15:48:24 | 000,007,611 | ---- | M] () -- C:\Users\Brian\AppData\Local\Resmon.ResmonCfg[2013/08/30 15:35:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk[2013/08/28 21:13:48 | 000,000,222 | ---- | M] () -- C:\Users\Brian\Desktop\PAYDAY 2.url[2013/08/27 10:18:26 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/08/26 23:04:42 | 000,000,079 | ---- | M] () -- C:\windows\XP200.ini[2013/08/26 22:53:46 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk[2013/08/25 01:14:43 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/08/24 17:10:15 | 000,000,222 | ---- | M] () -- C:\Users\Brian\Desktop\Chivalry Medieval Warfare.url[2013/08/24 15:15:01 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/09/09 10:09:04 | 000,417,416 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT[2013/09/09 04:34:53 | 000,000,000 | ---- | C] () -- C:\windows\EEventManager.INI[2013/09/08 20:04:06 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2013/09/06 20:11:50 | 000,000,222 | ---- | C] () -- C:\Users\Brian\Desktop\War Thunder.url[2013/08/30 15:35:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk[2013/08/28 21:13:48 | 000,000,222 | ---- | C] () -- C:\Users\Brian\Desktop\PAYDAY 2.url[2013/08/27 10:18:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk[2013/08/27 10:18:26 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk[2013/08/26 22:53:46 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk[2013/08/26 22:51:48 | 000,000,079 | ---- | C] () -- C:\windows\XP200.ini[2013/08/25 01:14:43 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/08/24 17:10:15 | 000,000,222 | ---- | C] () -- C:\Users\Brian\Desktop\Chivalry Medieval Warfare.url[2013/08/24 15:15:01 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk[2013/05/06 15:44:24 | 000,007,611 | ---- | C] () -- C:\Users\Brian\AppData\Local\Resmon.ResmonCfg[2013/04/28 06:44:39 | 017,226,180 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/04/26 16:19:10 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2012/12/14 02:42:24 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin[2012/12/14 02:42:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin[2012/09/03 21:51:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2012/09/03 21:39:48 | 000,001,313 | ---- | C] () -- C:\windows\THXCfg_SP_APOIM.ini[2012/09/03 21:39:48 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_HP_APOIM.ini[2012/09/03 21:39:48 | 000,001,212 | ---- | C] () -- C:\windows\THXCfg_APOIM.ini[2012/09/03 21:39:47 | 000,182,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL[2012/09/03 21:39:47 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL[2012/09/03 04:46:33 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin[2012/09/03 04:46:29 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin[2012/02/03 01:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/04/28 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\.mono[2013/08/27 07:37:07 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Epson[2013/08/26 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech[2013/08/06 07:03:40 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\TeamViewer[2013/08/02 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/08/02 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report >

Okay I tried that then the incoming connection from svchost.exe came back. It happens randomly every between a couple hours to entire days. Each incoming IP is different and uses different ports.

Well since the problem isn't from my end I think that is it for this post. I'll just let Malwarebytes keep on blocking these incoming connections since it really isn't a problem but a mild inconvenience. Thanks for your help!

But I keep on getting them randomly. The weird thing is i started after I moved into my university. Could it be that the university wifi has some unprotected ports or something. I never had these incoming connections at home.

Yea I think I don't have I virus, all of these scans come up with nothing, but can you explain the incoming addresses?

I think I finally resolved the problem, I had to system restore to an earlier date before kaspersky crashed my laptop. A couple of programs aren't working but I can get to the desktop now.

After installing kaspersky I keep on getting blue screens when trying to start windows

Okay it fixed itself after I rebooted.

I ran the kaspersky file but got a blue screen now when I start my laptop the screen is black.

I still get incoming connections from svchost.exe that Malwarebytes blocks a couple of times a day randomly.

ESET scanner didn't find anything so I couldn't list threats and export it but here is the log from the scan. ESETSmartInstaller@High as downloader log:all ok# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=ec15cb204909594e96152d2de54fb69d# engine=15022# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2013-09-05 08:18:32# local_time=2013-09-05 04:18:32 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=5893 16776574 100 94 1513886 129955762 0 0# scanned=535039# found=0# cleaned=0# scan_time=11938

ComboFix 13-09-02.02 - Brian 09/03/2013 14:39:51.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8089.5153 [GMT -4:00] Running from: c:\users\Brian\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\2a3b3a35215f343b20_c c:\programdata\ntuser.dat c:\programdata\Roaming c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\pt c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll . . ((((((((((((((((((((((((( Files Created from 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))))) . . 2013-09-03 18:47 . 2013-09-03 18:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-09-03 18:47 . 2013-09-03 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-30 19:36 . 2013-08-31 02:30 -------- d-----w- c:\users\Brian\AppData\Roaming\Skype 2013-08-30 19:35 . 2013-08-30 19:35 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-08-30 19:35 . 2013-08-30 19:35 -------- d-----r- c:\program files (x86)\Skype 2013-08-30 19:35 . 2013-08-30 19:36 -------- d-----w- c:\programdata\Skype 2013-08-29 01:56 . 2013-08-29 01:57 -------- d-----w- c:\users\Brian\AppData\Local\PAYDAY 2 2013-08-29 01:56 . 2013-08-29 01:56 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-08-28 02:12 . 2013-08-28 02:14 -------- d-----w- c:\windows\system32\MRT 2013-08-28 02:09 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-28 02:09 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-28 02:09 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-28 02:09 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-28 02:09 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-28 02:09 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-28 02:09 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-28 02:09 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 02:07 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-28 02:07 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-27 14:19 . 2013-08-27 14:19 -------- d-----w- c:\users\Brian\AppData\Local\HorizonWimba 2013-08-27 14:18 . 2013-08-27 14:18 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-08-27 14:12 . 2013-09-03 16:39 -------- d-----w- c:\windows\system32\appmgmt 2013-08-27 14:10 . 2013-08-27 14:10 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-08-27 14:10 . 2013-08-27 14:10 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-27 14:10 . 2013-08-27 14:10 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-27 14:10 . 2013-08-27 14:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-27 14:10 . 2013-08-27 14:10 -------- d-----w- c:\program files (x86)\Java 2013-08-27 14:07 . 2013-08-27 14:07 -------- d-----w- c:\programdata\McAfee 2013-08-27 14:03 . 2013-08-27 14:03 -------- d-----w- c:\windows\SysWow64\Adobe 2013-08-27 11:37 . 2013-08-27 11:37 -------- d-----w- c:\users\Brian\AppData\Roaming\Epson 2013-08-27 03:04 . 2013-08-27 03:04 -------- d-----w- c:\users\Brian\AppData\Roaming\Leadertech 2013-08-27 03:02 . 2013-08-27 03:02 -------- d-----w- c:\program files\Common Files\EPSON 2013-08-27 02:59 . 2013-08-27 02:59 -------- d-----w- c:\program files\EPSON 2013-08-27 02:59 . 2013-08-27 02:59 -------- d-----w- c:\program files (x86)\Epson America Inc 2013-08-27 02:58 . 2001-09-05 07:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2013-08-27 02:58 . 2001-09-05 07:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2013-08-25 05:14 . 2013-08-25 05:14 -------- d-----w- c:\program files\iPod 2013-08-25 05:14 . 2013-08-25 05:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-25 05:14 . 2013-08-25 05:14 -------- d-----w- c:\program files\iTunes 2013-08-25 05:14 . 2013-08-25 05:14 -------- d-----w- c:\program files (x86)\iTunes 2013-08-25 04:45 . 2013-08-25 04:45 -------- d-----w- c:\program files (x86)\Paradox Interactive 2013-08-24 19:37 . 2013-08-24 19:12 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A40B4E66-C4B7-4214-9059-DC899510AFD7}\gapaengine.dll 2013-08-24 19:14 . 2013-08-30 03:20 -------- d-----w- c:\program files (x86)\Common Files\Steam 2013-08-24 19:14 . 2013-09-03 17:06 -------- d-----w- c:\program files (x86)\Steam 2013-08-19 20:57 . 2013-08-25 04:44 -------- d-----w- c:\users\Brian\AppData\Roaming\vlc 2013-08-09 09:55 . 2013-08-09 09:55 -------- d-----w- c:\windows\SysWow64\NV 2013-08-09 09:55 . 2013-08-09 09:55 -------- d-----w- c:\windows\system32\NV 2013-08-09 09:48 . 2013-08-09 09:48 -------- d-----w- C:\NvidiaLogging 2013-08-09 09:47 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-08-09 09:47 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-09 09:47 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-08 15:29 . 2013-07-16 09:02 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-08 15:27 . 2013-08-08 15:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-08-08 15:27 . 2013-08-08 15:27 -------- d-----w- c:\program files\Microsoft Security Client 2013-08-08 15:02 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 15:02 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll 2013-08-08 15:02 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-08-08 15:02 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-08-08 15:02 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-08-08 15:02 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-08-08 15:02 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-08-08 15:02 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-08-08 15:02 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-08-08 15:02 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-08-08 15:02 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-08-08 15:02 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-08-08 15:00 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-08-08 15:00 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-08-07 03:21 . 2013-08-07 04:07 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-07 00:35 . 2013-09-03 00:58 -------- d-----w- c:\program files\CCleaner 2013-08-07 00:34 . 2013-08-07 00:34 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes 2013-08-07 00:34 . 2013-08-07 00:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-07 00:34 . 2013-08-07 00:34 -------- d-----w- c:\programdata\Malwarebytes 2013-08-07 00:34 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-06 23:40 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22013C5A-54CA-40F8-8D27-F0913C2BAED4}\mpengine.dll 2013-08-06 11:02 . 2013-08-06 11:03 -------- d-----w- c:\users\Brian\AppData\Roaming\TeamViewer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-28 02:12 . 2013-04-26 23:40 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-09 04:45 . 2013-08-28 02:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-21 12:06 . 2013-06-17 12:07 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-06-21 12:06 . 2012-09-04 01:14 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-06-21 12:06 . 2012-09-04 01:14 2936208 ----a-w- c:\windows\system32\nvapi64.dll 2013-06-21 10:23 . 2012-09-04 01:14 6496544 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-21 10:23 . 2012-09-04 01:14 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-06-21 10:23 . 2012-09-04 01:14 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-21 10:23 . 2012-09-04 01:14 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll 2013-06-21 10:23 . 2012-09-04 01:14 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-06-21 10:23 . 2012-09-04 01:14 2555680 ----a-w- c:\windows\system32\nvsvcr.dll 2013-06-21 10:23 . 2012-09-04 01:14 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-21 10:23 . 2012-09-04 01:14 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll 2013-06-20 04:17 . 2012-09-04 01:14 3253909 ----a-w- c:\windows\system32\nvcoproc.bin 2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-19 01:50 . 2013-06-19 01:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-08-28 1811880] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2011-08-29 1517056] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2012-01-03 502288] "YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-10-13 136488] "YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2011-10-13 230696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Intel® Turbo Boost Technology Monitor 2.5.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2012-1-20 207360] S-Bar.lnk - c:\program files (x86)\S-Bar\S-Bar.exe [2012-4-27 5499392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ O&O Defrag Tray.lnk - c:\windows\Installer\{72C47E50-F95D-415C-8EA5-AE6899B151F3}\DefragIcon.exe [2013-5-20 292878] Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-3-7 549888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x] R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x] S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe;c:\program files\OO Software\Defrag\oodag.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NTIOLIB_1_0_3 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 22:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27 00:02] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-27 00:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2013-04-19 7074096] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-10 12445288] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: %SYSTEMROOT%\system32\BfLLR.dll TCP: DhcpNameServer = 128.175.13.16 128.175.13.17 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-08021127.sys SafeBoot-77587963.sys SafeBoot-97629763.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:04,da,a3,81,d6,42,ce,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,6f,1c,73,68,20,0e,48,b2,05,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,59,6f,1c,73,68,20,0e,48,b2,05,73,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG16.00.00.01PROFESSIONAL"="71CA9B3AF6C1390248BFB1FD6C26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407BA7FD869164D67949DB7CE019D40AA5CA6A0AC4980AC79336DA24205F0014E3CB209AF7EE3286811F3928DE45DB10D721B9E4ACB8D376B78F090970AB0C51C0736E820967322E60CDAADD1B3F2588E13C1A033E9C21AAD2E0F48475707F3A6288CCC874CA649A2859E1AE9B2F9279FE143DEF3D2A0638F0BA5CD64D9D20F85FA40BC6AB6D2B5729A900768C7626C79D65ACED059D1364B8377FA83EE95309193B996CBE1F414F01963F666C94289981CA337924225C75D402AFABDE9F700E9B54B0CB94DADA3FC0231C07E8751F33B9221B386C60CE1051D49CFB392433EEF5CA52441EE41B83C0EF50ED042EDB4664CB7357D169DE4CAAA424E04A368BFCAB36237F32D163C91A7905F01AC97E7E391B17E4B52114175AD681FD4CA78E9E39D7CF36A6438AAACEA4786B572F241BCDD3B274911477D931FF1BD50ADAA39E9B0D2DB3FE45914F9ACC12A1CAECA8344E0E51C535CBFB4742B78FC24615A3DCEB4A8458FF24C9C2CF28CC462F30B888BFDA89BCAB2A1932EB1FA0003F08698C82825597F45877B3CF797A63DC6443FED4C5ABA948537DE9BC85CC0205C5282D03CD415B40AA97F65AA38F0E31FABA705983BE098BA6CEAD737628A371583C5A757264B5A5EF08625ACA51C926A99D632E0E9C8C3ACD522C37AB600850406C24C92EC221ED94106BE557D71098B0C7619596E8486A9A70406C36994CC83E76C083B6092B481A206BB2F400F8955A2C3236AB075D573BBA086F56C9251E2DD4AE2D19B6B5353C122E378506ADC92A4907A2D7ED42AC0112174AA9494DDE3BCF62B0E204CB4BD6D8BC923F7C74E7E77C01174092E80BA483DBDAD1E0C40BE7FA1F3D8CDAC18A61A873E5763442E4BAA4F99C06561587F28C41A80273F4A9E470F93CE6F573F635F6C586E224CCE1D6E488DCB8D2138A09B1A0257B1C450A15494A241AD67F1C3F92674F62A23090E174DA8005E7628A5ADB2321BA30CADDA8F9E01B699D07904C837323451E0B7AA9E146A7D1ABDB3871298AC67C9533ED2022CCEE7A5D8A55AD033729BD6EF3C73A065969665A4ECB49E6B360D4F31E5035CCF7443AA18C86EB8C0DE58D90E77DD5F1E37D3C9AF670ECDDB5710C70C875AF0B19AEAE2FC395BCD1E6049DECED2533F3017F1B4B7BCEABBB15DAA2A248F3D358E30B1ED4A51B27E9AA7804D983A31C821C65E78670816AC465BC751076A0146B267A34F15F0F7DF9927C3F2271C4728899ABCC83FEBCA0507A288791B89F26202B5FCEDC77A22A816968E00076D5B3097A96541928C3DCDF8D0C1C719E14FEBF556B0161E539E3699F08F081EA526550BD1645C89911337AFBE7BC00E" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-09-03 14:50:17 ComboFix-quarantined-files.txt 2013-09-03 18:50 . Pre-Run: 335,595,745,280 bytes free Post-Run: 335,206,092,800 bytes free . - - End Of File - - FA0669E25F26283FF5891BC515798C67

Oh sorry, I should have read that one first. Well here are the logs. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: BrowserJavaVersion: 10.25.2Run by Brian at 14:12:25 on 2013-09-03Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8089.4989 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k GPSvcGroupC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\system32\Dwm.exeC:\windows\system32\WLANExt.exeC:\windows\Explorer.EXEC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\S-Bar\MSIService.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\OO Software\Defrag\oodtray.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\System32\spool\drivers\x64\3\E_IATIIEE.EXEC:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exeC:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exeC:\Program Files\Intel\TurboBoost\SignalIslandUi.exeC:\Program Files (x86)\S-Bar\S-Bar.exeC:\Program Files (x86)\MSI\Super-Charger\ChargeService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeC:\Program Files\OO Software\Defrag\oodag.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\CyberLink\YouCam\YouCam.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\windows\system32\EscSvc64.exeC:\Program Files\iPod\bin\iPodService.exeC:\windows\system32\wbem\unsecapp.exeC:\Program Files\Intel\TurboBoost\TurboBoost.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Elantech\ETDCtrlHelper.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\system32\wuauclt.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [EPLTarget\P0000000000000000] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /rmRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exemRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"mRun: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe" /smRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunStartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exeStartupFolder: C:\Users\Brian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\S-Bar.lnk - C:\Program Files (x86)\S-Bar\S-Bar.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\O&ODEF~1.LNK - C:\windows\Installer\{72C47E50-F95D-415C-8EA5-AE6899B151F3}\DefragIcon.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllLSP: %SYSTEMROOT%\system32\BfLLR.dllTCP: NameServer = 128.175.13.16 128.175.13.17TCP: Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248} : DHCPNameServer = 128.175.13.16 128.175.13.17TCP: Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248}\357716E644F6C6078696E6 : DHCPNameServer = 8.8.8.8 4.2.2.2TCP: Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248}\452716E6 : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248}\D4F62696C65602452716E6 : DHCPNameServer = 8.8.8.8TCP: Interfaces\{D9B99B64-5150-47F8-9801-8C26B9359248}\D65727078697 : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exex64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exex64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetchx64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-9-3 16152]R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2013-8-9 30496]R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\windows\System32\drivers\bflwfx64.sys [2012-3-7 75880]R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-17 135952]R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]R2 EpsonScanSvc;Epson Scanner Service;C:\windows\System32\escsvc64.exe [2013-8-26 135824]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-3 13592]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-4-26 2429544]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-3 127320]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-3 162648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-6 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-6 701512]R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-4-27 160768]R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-16 12800]R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-9-3 138768]R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-9 14984480]R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2013-4-19 2570544]R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-3-7 492032]R2 regi;regi;C:\windows\System32\drivers\regi.sys [2013-4-26 14112]R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2012-1-20 16128]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-3 362840]R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-3-29 2669840]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2012-1-9 195584]R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-10-13 31216]R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2013-4-27 329104]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-9-3 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-9-3 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-9-3 788760]R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\windows\System32\drivers\e22W7x64.sys [2012-3-7 161616]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-6 25928]R3 MBfilt;MBfilt;C:\windows\System32\drivers\MBfilt64.sys [2013-4-27 32344]R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-9-3 14136]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2013-8-9 39712]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-9-3 340072]R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2012-1-9 195584]S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-6-9 849408]S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-7-9 60928]S3 ipadtst;ipadtst;C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [2012-9-3 17936]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-3-29 273168]S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-26 19456]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-26 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-4-26 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-26 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-09-03 06:03:03 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{048CC844-D3E3-434B-8C15-F1B73AAFA3E7}\mpengine.dll2013-09-03 01:00:25 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-09-02 19:52:53 -------- d-sh--w- C:\$RECYCLE.BIN2013-08-30 19:35:52 -------- d-----r- C:\Program Files (x86)\Skype2013-08-29 01:56:31 -------- d-----w- C:\Users\Brian\AppData\Local\PAYDAY 22013-08-28 02:12:42 -------- d-----w- C:\windows\System32\MRT2013-08-28 02:09:59 1732032 ----a-w- C:\windows\System32\ntdll.dll2013-08-28 02:09:58 243712 ----a-w- C:\windows\System32\wow64.dll2013-08-28 02:09:58 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll2013-08-28 02:09:57 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2013-08-28 02:09:56 7680 ----a-w- C:\windows\SysWow64\instnm.exe2013-08-28 02:09:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll2013-08-28 02:09:56 25600 ----a-w- C:\windows\SysWow64\setup16.exe2013-08-28 02:09:56 2048 ----a-w- C:\windows\SysWow64\user.exe2013-08-28 02:07:58 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys2013-08-28 02:07:02 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys2013-08-27 14:19:45 -------- d-----w- C:\Users\Brian\AppData\Local\HorizonWimba2013-08-27 14:12:27 -------- d-----w- C:\windows\System32\appmgmt2013-08-27 14:10:16 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll2013-08-27 14:10:16 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll2013-08-27 14:10:13 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll2013-08-27 14:03:01 -------- d-----w- C:\windows\SysWow64\Adobe2013-08-27 03:02:13 -------- d-----w- C:\Program Files\Common Files\EPSON2013-08-27 02:59:53 -------- d-----w- C:\Program Files\EPSON2013-08-27 02:59:31 -------- d-----w- C:\Program Files (x86)\Epson America Inc2013-08-27 02:58:54 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll2013-08-27 02:58:54 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll2013-08-27 02:58:54 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll2013-08-27 02:58:54 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll2013-08-27 02:58:53 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe2013-08-27 02:58:41 -------- d-----w- C:\Program Files (x86)\Epson Software2013-08-27 02:54:22 10752 ----a-w- C:\windows\System32\E_GCINST.DLL2013-08-27 02:54:09 120320 ----a-w- C:\windows\System32\E_ILMIEE.DLL2013-08-27 02:54:09 120320 ----a-w- C:\windows\System32\E_ILMIEA.DLL2013-08-27 02:54:06 83968 ----a-w- C:\windows\System32\E_ID4BIEE.DLL2013-08-27 02:54:06 83968 ----a-w- C:\windows\System32\E_ID4BIEA.DLL2013-08-27 02:53:54 -------- d-----w- C:\ProgramData\EPSON2013-08-27 02:53:46 466432 ----a-w- C:\windows\System32\esxw2ud.dll2013-08-27 02:53:46 135824 ----a-w- C:\windows\System32\escsvc64.exe2013-08-27 02:53:45 -------- d-----w- C:\Program Files (x86)\epson2013-08-25 05:14:20 -------- d-----w- C:\Program Files\iPod2013-08-25 05:14:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-08-25 05:14:19 -------- d-----w- C:\Program Files\iTunes2013-08-25 05:14:19 -------- d-----w- C:\Program Files (x86)\iTunes2013-08-25 04:45:50 -------- d-----w- C:\Program Files (x86)\Paradox Interactive2013-08-24 19:37:01 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A40B4E66-C4B7-4214-9059-DC899510AFD7}\gapaengine.dll2013-08-24 19:14:57 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-08-24 19:14:56 -------- d-----w- C:\Program Files (x86)\Steam2013-08-09 09:55:46 -------- d-----w- C:\windows\SysWow64\NV2013-08-09 09:55:46 -------- d-----w- C:\windows\System32\NV2013-08-09 09:48:19 -------- d-----w- C:\NvidiaLogging2013-08-09 09:47:39 39712 ----a-w- C:\windows\System32\drivers\nvvad64v.sys2013-08-09 09:47:39 29984 ----a-w- C:\windows\System32\nvaudcap64v.dll2013-08-09 09:47:39 28448 ----a-w- C:\windows\SysWow64\nvaudcap32v.dll2013-08-08 15:29:24 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-08-08 15:27:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-08-08 15:27:15 -------- d-----w- C:\Program Files\Microsoft Security Client2013-08-08 15:02:56 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll2013-08-08 15:02:56 624128 ----a-w- C:\windows\System32\qedit.dll2013-08-08 15:02:56 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll2013-08-08 15:02:56 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll2013-08-08 15:02:56 509440 ----a-w- C:\windows\SysWow64\qedit.dll2013-08-08 15:02:56 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll2013-08-08 15:02:56 3153920 ----a-w- C:\windows\System32\win32k.sys2013-08-08 15:02:56 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll2013-08-08 15:02:56 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll2013-08-08 15:02:55 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll2013-08-08 15:02:53 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-08-08 15:02:53 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll2013-08-08 15:00:52 1643520 ----a-w- C:\windows\System32\DWrite.dll2013-08-08 15:00:52 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll2013-08-07 03:21:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-08-07 00:35:48 -------- d-----w- C:\Program Files\CCleaner2013-08-07 00:34:20 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes2013-08-07 00:34:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys2013-08-07 00:34:17 -------- d-----w- C:\ProgramData\Malwarebytes2013-08-07 00:34:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-08-06 23:40:50 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22013C5A-54CA-40F8-8D27-F0913C2BAED4}\mpengine.dll2013-08-06 11:02:21 -------- d-----w- C:\Users\Brian\AppData\Roaming\TeamViewer.==================== Find3M ====================.2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll2013-06-21 10:23:16 6496544 ----a-w- C:\windows\System32\nvcpl.dll2013-06-21 10:23:16 3514656 ----a-w- C:\windows\System32\nvsvc64.dll2013-06-21 10:23:11 884512 ----a-w- C:\windows\System32\nvvsvc.exe2013-06-21 10:23:10 67072 ----a-w- C:\windows\System32\nv3dappshextr.dll2013-06-21 10:23:10 63776 ----a-w- C:\windows\System32\nvshext.dll2013-06-21 10:23:10 2555680 ----a-w- C:\windows\System32\nvsvcr.dll2013-06-21 10:23:10 237856 ----a-w- C:\windows\System32\nvmctray.dll2013-06-21 10:23:10 1025312 ----a-w- C:\windows\System32\nv3dappshext.dll2013-06-20 04:17:49 3253909 ----a-w- C:\windows\System32\nvcoproc.bin2013-06-19 01:50:08 247216 ----a-w- C:\windows\System32\drivers\MpFilter.sys2013-06-19 01:50:08 139616 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys.============= FINISH: 14:12:39.65 ===============. DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2Install Date: 4/26/2013 4:00:24 PMSystem Uptime: 9/3/2013 1:04:05 PM (1 hours ago).Motherboard: Micro-Star International Co., Ltd. | | MS-16GAProcessor: Intel® Core i5-3230M CPU @ 2.60GHz | SOCKET 0 | 2601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 412 GiB total, 312.736 GiB free.D: is FIXED (NTFS) - 275 GiB total, 206.062 GiB free.E: is CDROM (CDFS).==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: avast! Firewall NDIS Filter MiniportDevice ID: ROOT\SW_ASWNDISMP\0000Manufacturer: ALWIL SoftwareName: avast! Firewall NDIS Filter MiniportPNP Device ID: ROOT\SW_ASWNDISMP\0000Service: aswNdis.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: avast! Firewall NDIS Filter MiniportDevice ID: ROOT\SW_ASWNDISMP\0001Manufacturer: ALWIL SoftwareName: avast! Firewall NDIS Filter MiniportPNP Device ID: ROOT\SW_ASWNDISMP\0001Service: aswNdis.==== System Restore Points ===================.RP93: 9/3/2013 12:27:40 AM - Scheduled CheckpointRP94: 9/3/2013 12:32:34 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17RP95: 9/3/2013 12:39:55 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148RP96: 9/3/2013 12:41:56 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17RP97: 9/3/2013 12:49:17 PM - Installed 7-Zip 9.30 (x64 edition).==== Installed Programs ======================.7-Zip 9.30 (x64 edition)Adobe Flash Player 11 ActiveXAdobe Reader XI (11.0.03)Adobe Shockwave Player 12.0Apple Application SupportApple Mobile Device SupportApple Software UpdateBattery CalibrationBonjourBurnRecoveryCCleanerChivalry: Medieval WarfareCyberLink YouCamD3DX10Definition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionEpson ConnectEpson Customer ParticipationEpson Event ManagerEPSON ScanEPSON XP-200 Series Printer UninstallETDWare PS/2-X64 11.13.1.4_WHQLGalerie de photos Windows LiveGalería fotográfica de Windows LiveGoogle ChromeGoogle Update HelperIntel PROSet WirelessIntel® Manageability Engine Firmware Recovery AgentIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology Monitor 2.5Intel® USB 3.0 eXtensible Host Controller DriverIntel® PROSet/Wireless WiFi SoftwareIntel® Trusted Connect Service ClientiTunesJava 7 Update 25Java Auto UpdaterJunk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft VC9 runtime librariesMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MSI HOUSEMSI Software InstallMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA Control Panel 320.49NVIDIA GeForce Experience 1.6NVIDIA Graphics Driver 320.49NVIDIA Install ApplicationNVIDIA Optimus 7.2.17NVIDIA PhysXNVIDIA Update 7.2.17NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.1O&O Defrag ProfessionalPAYDAY 2Qualcomm Atheros Killer Network ManagerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderS-BarSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit EditionSHIELD StreamingSkype™ 6.7Software UpdaterSteamSuper-ChargerswMSMTHX TruStudio ProUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2760631) 64-Bit EditionVLC media player 2.0.8Windows LiveWindows Live ???Windows Live ????Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.9/3/2013 12:36:09 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.9/3/2013 1:08:46 AM, Error: Service Control Manager [7023] - The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-21471963069/2/2013 9:06:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}9/2/2013 9:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}9/2/2013 9:05:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}9/2/2013 9:05:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}9/2/2013 9:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}9/2/2013 9:05:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}9/2/2013 9:05:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BfLwf DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:02 PM, Error: Service Control Manager [7001] - The Epson Scanner Service service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The dependency service or group failed to start.9/2/2013 9:05:01 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 9:05:01 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 9:05:01 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 9:05:01 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.9/2/2013 12:53:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.9/2/2013 12:53:16 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.9/2/2013 12:34:30 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s).8/31/2013 12:08:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Network Inspection service to connect.8/31/2013 12:08:29 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/31/2013 12:08:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007041d Error description: The service did not respond to the start or control request in a timely fashion. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.8/30/2013 3:59:24 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.8/28/2013 8:03:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.8/28/2013 8:03:47 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/28/2013 7:27:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.8/28/2013 7:27:37 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/27/2013 7:36:16 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.8/27/2013 11:12:19 PM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting..==== End Of File ===========================

Hi, I just moved to my college dorm about a week ago and ever since then Malwarebytes Anti-Malware has been blocking IPs incoming from svchost.exe such as: 2013/09/03 04:53:17 -0400 BRIAN-MSI Brian IP-BLOCK 222.186.26.222 (Type: incoming, Port: 1433, Process: svchost.exe) 2013/09/03 06:10:42 -0400 BRIAN-MSI Brian IP-BLOCK 60.173.12.102 (Type: incoming, Port: 3389, Process: svchost.exe) The thing is it started about a day after I moved into my dorm. I am concerned as this has never happened at my house and also because my college was recently a victim of a cyber attack earlier this summer. I'm not sure if this is a problem on my end or the university end but help would be appreciated.