Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sometimes cant boot had to do system restore two times in a row?


  • This topic is locked This topic is locked
103 replies to this topic

#1 Exactly

Exactly

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 19 September 2013 - 08:40 PM

As state in title..I've ran Malwarebytes malware and rootkit came up clean also I ran eset online scanner came up clean....malwarebytes rootkit did popoup a screen upon initial run saying appdll or apprun has ben change which indicates rootkit activity but the scan came up clean? also ran Adwclaner and Junkware removal tool

heres the logs..

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688
Run by Exactly at 21:38:14 on 2013-09-19
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8061.6218 [GMT -4:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{1BE9F9F7-C7A5-489D-80E0-F95449DA4AD5} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe"
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-19 09:14; toolbar_MYC3-V7@apn.ask.com; C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default\extensions\toolbar_MYC3-V7@apn.ask.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-5-16 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-5-16 204880]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-1-7 645952]
R1 aswFW;avast! TDI Firewall Driver;C:\Windows\System32\Drivers\aswFW.sys [2013-9-18 131232]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2013-9-18 22600]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswNdisFlt.sys [2013-9-18 276992]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-5-16 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-5-16 378944]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae64.sys [2013-7-9 62168]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-5-16 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-5-16 80816]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2012-11-9 231040]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-18 46808]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-9-18 137960]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-7 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-1-7 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-16 701512]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-19 4308320]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-7 365376]
R2 USTSScheduler;US Tech Support Scheduling Service;C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [2013-1-17 737600]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-1-7 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-1-7 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-1-7 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-1-7 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-1-7 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-1-7 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-1-7 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-1-7 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-8-23 658576]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-10-25 342528]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\Drivers\KORGUM64.SYS [2013-1-8 34288]
R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\Drivers\mcvidrv_x64.sys [2013-9-2 44544]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-3-16 25928]
R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\Drivers\mcaudrv_x64.sys [2013-1-31 28160]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-1-7 252048]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\Drivers\motfilt.sys [2009-1-29 6144]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\Drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\Drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\Drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\Drivers\Motousbnet.sys [2012-6-8 27136]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-18 16:15:29    --------    d-----w-    C:\Users\Exactly\AppData\Local\temp
2013-09-18 16:14:12    --------    d-----w-    C:\$RECYCLE.BIN
2013-09-18 16:08:36    98816    ----a-w-    C:\Windows\sed.exe
2013-09-18 16:08:36    256000    ----a-w-    C:\Windows\PEV.exe
2013-09-18 16:08:36    208896    ----a-w-    C:\Windows\MBR.exe
2013-09-18 04:47:54    131232    ----a-w-    C:\Windows\System32\drivers\aswFW.sys
2013-09-18 04:47:50    22600    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2013-09-18 04:47:48    276992    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2013-09-12 07:49:39    265392    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-05 19:07:53    --------    d-----w-    C:\Hypersonic 2 Content
2013-09-05 19:06:26    --------    d-----w-    C:\Users\Exactly\AppData\Roaming\Steinberg
2013-09-04 02:44:26    941720    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94C471FF-4C64-4971-B533-3E66C36E3085}\gapaengine.dll
2013-09-04 02:43:44    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{052382A0-186C-482F-BAB0-90DB5BEBA444}\mpengine.dll
2013-09-04 02:43:26    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-09-02 04:40:33    --------    d-----w-    C:\Users\Exactly\AppData\Roaming\ManyCam
2013-09-02 04:40:33    --------    d-----w-    C:\Users\Exactly\AppData\Local\ManyCam
2013-09-02 04:40:33    --------    d-----w-    C:\ProgramData\ManyCam
2013-09-02 04:40:31    44544    ----a-w-    C:\Windows\System32\drivers\mcvidrv_x64.sys
2013-09-02 04:40:22    --------    d-----w-    C:\Program Files (x86)\ManyCam
2013-08-29 23:04:10    --------    d-----w-    C:\Program Files (x86)\ARAR
2013-08-28 21:12:12    --------    d-----w-    C:\Program Files\Classic Shell
2013-08-26 05:37:19    --------    d-----w-    C:\AdwCleaner
2013-08-22 20:39:11    --------    d-----w-    C:\Program Files (x86)\ElcomSoft
.
==================== Find3M  ====================
.
2013-09-05 20:09:17    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48:10    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10    204880    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40    41664    ----a-w-    C:\Windows\avastSS.scr
2013-08-21 04:12:06    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-21 04:11:59    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-08-07 05:15:02    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-08-03 04:30:14    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-13 06:18:21    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07    120144    ----a-w-    C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21    439488    ----a-w-    C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45    385768    ----a-w-    C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19    245760    ----a-w-    C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00    543744    ----a-w-    C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00    414208    ----a-w-    C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00    370688    ----a-w-    C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16    312832    ----a-w-    C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17    1025024    ----a-w-    C:\Windows\System32\localspl.dll
2013-07-03 00:23:43    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12    778752    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26    1300480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23    268800    ----a-w-    C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02    551424    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14    67072    ----a-w-    C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22    77312    ----a-w-    C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54    195416    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47    125784    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16    327512    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-06-26 03:01:38    321536    ----a-w-    C:\Windows\System32\drivers\udfs.sys
2013-06-26 02:59:34    341504    ----a-w-    C:\Windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:52    447488    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-06-24 22:54:45    74240    ----a-w-    C:\Windows\System32\wcmcsp.dll
2013-06-24 22:54:45    263680    ----a-w-    C:\Windows\System32\wcmsvc.dll
2013-06-22 03:33:09    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
.
============= FINISH: 21:38:42.57 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 3/15/2013 11:48:04 PM
System Uptime: 9/19/2013 9:33:03 PM (0 hours ago)
.
Motherboard: Gateway |  | DX4870
Processor: Intel® Core™ i5-3330 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 904 GiB total, 452.087 GiB free.
D: is FIXED (FAT32) - 931 GiB total, 813.884 GiB free.
F: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP31: 8/28/2013 5:10:50 PM - Installed Classic Shell
RP32: 9/7/2013 1:00:11 AM - Scheduled Checkpoint
RP33: 9/11/2013 12:09:46 AM - Installed 7-Zip 9.20 (x64 edition)
RP34: 9/18/2013 12:08:42 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
AC3Filter 1.63b
Adobe Flash Player 11 Plugin
Agatha Christie - Death on the Nile
Aloha TriPeaks
ASIO4ALL
Ask Toolbar
avast! Internet Security
Avi to Dvd Free Converter v6.4.0.48
Bejeweled 3
BiFilter v2.3
BitTorrent
Classic Shell
CoreAAC Audio Decoder (remove only)
Cradle Of Egypt Collector's Edition
CyberLink MediaEspresso 6.5
CyberLink PowerDVD 10
Delicious: Emily's True Love Premium Edition
eBay Worldwide
Effectrix 1.4
ElectraX full
ESET Online Scanner v3
ffdshow [rev 3299] [2010-03-03]
FilterBank v3.3 X64
FL Studio 10
FL Studio 11
FlowStone FL 3.0
Free Audio Converter version 5.0.28.812
Gateway Power Management
Gateway Recovery Management
Gladiator  full
Google Chrome
Haali Media Splitter
HiJackThis
Hotkey Utility
Identity Card
IL Download Manager
IL Shared Libraries
ImgBurn
Intel® Control Center
Intel® Management Engine Components
Intel® Network Connections 17.2.153.0
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 21
Java Auto Updater
Jewel Match 3
KORG USB-MIDI Driver Tools for Windows
Live Updater
LUXONIX Purity
Malwarebytes Anti-Exploit version 0.9.2 beta
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 3.1.59
Microsoft Office
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
mIRC
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
Mystery P.I. - Curious Case of Counterfeit Cove
Native Instruments Abbey Road 60s Drums
Native Instruments Absynth 5
Native Instruments Action Strings
Native Instruments Battery 3
Native Instruments Battery Library Importer for Maschine
Native Instruments Berlin Concert Grand
Native Instruments FM8
Native Instruments Guitar Rig 5
Native Instruments Komplete 8
Native Instruments Kontakt 5
Native Instruments Kontakt Factory Library
Native Instruments Massive
Native Instruments New York Concert Grand
Native Instruments Rammfire
Native Instruments Reaktor 5
Native Instruments Reaktor Prism
Native Instruments Reaktor Spark R2
Native Instruments Reflektor
Native Instruments Scarbee MM-Bass
Native Instruments Scarbee Vintage Keys
Native Instruments Service Center
Native Instruments Studio Drummer
Native Instruments The Finger R2
Native Instruments Traktors 12
Native Instruments Transient Master
Native Instruments Upright Piano
Native Instruments Vienna Concert Grand
Native Instruments Vintage Organs
Native Instruments West Africa
Nero 12 Essentials OEM.a01
Nero BackItUp
Nero BackItUp 12 Essentials OEM.a01
Nero BackItUp Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Launcher
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero Update
PeerBlock 1.1 (r518)
Peggle Nights
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Prerequisite installer
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
reFX Nexus VSTi RTAS v2.2.0
Should I Remove It
Spotify
Steinberg Hypersonic VSTi DXi v2.0
SUPERAntiSpyware
Sylenth1 v2.21
SynthMaster 2.5 VST/VSTi (x64) version 2.5.3.109
Tales of Lagoona
TeamViewer 8
Tone2 Gladiator VSTi v2.2
Tone2 Warmverb multi-FX full
Update Installer for WildTangent Games App
US Tech Support Framework
VirtualCloneDrive
VLC media player 2.0.8
WildTangent Games
WildTangent Games App
Windows 7 USB/DVD Download Tool
WinRAR 4.20 (64-bit)
Xvid 1.2.2 final uninstall
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 9:33:06 PM, Error: volmgr [46]  - Crash dump initialization failed!
9/19/2013 9:33:06 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
9/18/2013 12:46:03 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user CandC\Exactly SID (S-1-5-21-3544349393-3606079791-649501264-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
9/18/2013 12:14:11 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/18/2013 12:13:56 PM, Error: Application Popup [1060]  -
.
==== End Of File ===========================
 


Edited by Exactly, 19 September 2013 - 09:10 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 23 September 2013 - 03:36 PM

Greetings Exactly and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 24 September 2013 - 12:26 PM

Thanks Gary the computer had only one "no boot" and I had to system restore in the past few days,,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Exactly (administrator) on CANDC on 24-09-2013 13:24:05
Running from C:\Users\Exactly\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(KORG Inc.) C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2012-11-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [KORG USB-MIDI Driver] - C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe [394248 2013-01-08] (KORG Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {54C17E00-BA6A-4B87-B5D9-F5A74A819BCF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKLM-x32 - {54C17E00-BA6A-4B87-B5D9-F5A74A819BCF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
SearchScopes: HKCU - {54C17E00-BA6A-4B87-B5D9-F5A74A819BCF} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Extension: toolbar_MYC3-V7 - C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default\Extensions\toolbar_MYC3-V7@apn.ask.com.xpi
FF Extension: No Name - C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default\Extensions\{75df891f-e299-4725-b14f-7d52f086dea2}.xpi
FF Extension: No Name - C:\Users\Exactly\AppData\Roaming\Mozilla\Firefox\Profiles\du4p5mko.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR DefaultSearchURL: (Conduit Search) - http://www.google.com
CHR DefaultSuggestURL: (Conduit Search) - http://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Chrome In-App Payments service) - C:\Users\Exactly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [231040 2012-11-09] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [131232 2013-08-30] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [276992 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-09] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2013-03-06] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.sys [62168 2013-06-21] ()
R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34288 2013-01-08] (KORG INC.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [44544 2013-01-14] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-24 13:23 - 2013-09-24 13:23 - 01955802 _____ (Farbar) C:\Users\Exactly\Downloads\FRST64.exe
2013-09-24 13:23 - 2013-09-24 13:23 - 00000000 ____D C:\FRST
2013-09-21 01:31 - 2013-08-10 01:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-09-21 01:31 - 2013-08-10 01:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-09-21 01:31 - 2013-08-09 23:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-09-21 01:31 - 2013-08-03 02:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-09-21 01:31 - 2013-08-03 02:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-09-21 01:31 - 2013-08-03 02:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-09-21 01:31 - 2013-08-03 01:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-09-21 01:31 - 2013-08-03 01:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-09-21 01:31 - 2013-08-03 01:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-09-21 01:31 - 2013-08-02 02:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-21 01:31 - 2013-08-02 02:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-09-21 01:31 - 2013-08-02 02:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-21 01:31 - 2013-08-02 02:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-09-21 01:31 - 2013-08-02 01:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-21 01:31 - 2013-08-02 01:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-09-21 01:31 - 2013-08-02 01:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-21 01:31 - 2013-08-02 01:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-09-21 01:31 - 2013-08-01 06:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-09-21 01:31 - 2013-07-30 19:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-09-21 01:31 - 2013-07-24 19:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-09-21 01:31 - 2013-07-24 19:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-09-21 01:31 - 2013-04-09 19:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-09-21 01:31 - 2013-04-09 18:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-09-21 00:46 - 2013-09-21 00:47 - 00000000 ____D C:\Users\Exactly\Downloads\The Wire Season 3
2013-09-19 22:00 - 2013-09-19 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 21:38 - 2013-09-19 21:38 - 00021645 _____ C:\Users\Exactly\Desktop\dds.txt
2013-09-19 21:38 - 2013-09-19 21:38 - 00006420 _____ C:\Users\Exactly\Desktop\attach.txt
2013-09-19 21:37 - 2013-09-19 21:37 - 00688992 ____R (Swearware) C:\Users\Exactly\Downloads\dds.com
2013-09-19 00:46 - 2013-09-19 00:47 - 00000000 ____D C:\Users\Exactly\Downloads\Drake - Nothing Was The Same (Best Buy Exclusive) [2013-Album] Leak Mp3 CBR 192Kbps NimitMak SilverRG
2013-09-18 21:50 - 2013-09-18 21:50 - 00282472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 12:18 - 2013-08-21 00:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-18 12:18 - 2013-08-21 00:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-18 12:18 - 2013-08-21 00:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-18 12:18 - 2013-08-21 00:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-18 12:18 - 2013-08-20 22:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-18 12:18 - 2013-08-20 22:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-18 12:18 - 2013-08-20 22:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-18 12:18 - 2013-08-20 22:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-18 12:18 - 2013-08-20 22:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-18 12:18 - 2013-08-20 21:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-18 12:18 - 2013-08-20 19:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-09-18 12:18 - 2013-08-16 01:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2013-09-18 12:18 - 2013-08-16 01:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2013-09-18 12:18 - 2013-08-16 01:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-09-18 12:18 - 2013-08-16 01:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2013-09-18 12:18 - 2013-08-16 01:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2013-09-18 12:18 - 2013-08-16 01:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-09-18 12:18 - 2013-08-16 01:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-09-18 12:18 - 2013-08-16 01:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-09-18 12:18 - 2013-08-16 01:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll
2013-09-18 12:18 - 2013-08-15 18:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-09-18 12:18 - 2013-08-15 18:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2013-09-18 12:18 - 2013-08-15 18:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2013-09-18 12:18 - 2013-08-15 18:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll
2013-09-18 12:18 - 2013-08-07 01:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2013-09-18 12:18 - 2013-08-03 00:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-18 12:15 - 2013-09-18 12:15 - 00018599 _____ C:\ComboFix.txt
2013-09-18 12:08 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-18 12:08 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-18 12:08 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-18 12:08 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-18 12:07 - 2013-09-18 12:15 - 00000000 ____D C:\Qoobox
2013-09-18 12:07 - 2013-09-18 12:14 - 00000000 ____D C:\Windows\erdnt
2013-09-18 12:07 - 2013-09-18 12:07 - 05128653 ____R (Swearware) C:\Users\Exactly\Downloads\ComboFix.exe
2013-09-18 03:05 - 2013-09-18 03:05 - 02347384 _____ (ESET) C:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe
2013-09-18 01:22 - 2013-09-18 01:22 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Exactly\Downloads\tdsskiller.exe
2013-09-18 00:53 - 2013-09-18 00:53 - 00001071 _____ C:\Users\Exactly\Desktop\JRT.txt
2013-09-18 00:48 - 2013-09-18 00:48 - 01029675 _____ (Thisisu) C:\Users\Exactly\Downloads\JRT.exe
2013-09-18 00:47 - 2013-09-18 00:47 - 00001929 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-18 00:47 - 2013-08-30 03:48 - 00276992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-09-18 00:47 - 2013-08-30 03:48 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-09-18 00:47 - 2013-08-30 03:48 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-09-18 00:40 - 2013-09-18 00:40 - 01039554 _____ C:\Users\Exactly\Downloads\AdwCleaner.exe
2013-09-18 00:38 - 2013-09-18 00:38 - 00001510 _____ C:\Users\Exactly\Desktop\RKreport[0]_S_09182013_003817.txt
2013-09-18 00:35 - 2013-09-18 00:39 - 00000000 ____D C:\Users\Exactly\Desktop\RK_Quarantine
2013-09-18 00:35 - 2013-09-18 00:35 - 03787776 _____ C:\Users\Exactly\Downloads\RogueKillerX64.exe
2013-09-18 00:33 - 2013-09-18 00:33 - 04745728 _____ (AVAST Software) C:\Users\Exactly\Downloads\aswmbr.exe
2013-09-18 00:30 - 2013-09-18 00:30 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Exactly\Downloads\mbar-1.07.0.1005(1).exe
2013-09-18 00:30 - 2013-09-18 00:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Exactly\Downloads\rkill.exe
2013-09-18 00:18 - 2013-09-18 00:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Exactly\Downloads\mbar-1.07.0.1005.exe
2013-09-11 20:28 - 2013-09-11 20:30 - 34126199 _____ C:\Users\Exactly\Downloads\2013-Vybe-Beatz-Drum-Kit.rar
2013-09-11 00:10 - 2013-09-17 17:19 - 00000000 ____D C:\Program Files\7-Zip
2013-09-11 00:09 - 2013-09-11 00:09 - 01376768 _____ C:\Users\Exactly\Downloads\7z920-x64.msi
2013-09-10 23:01 - 2013-09-24 13:13 - 00003110 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-09-10 23:01 - 2013-09-24 13:13 - 00000514 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-09-10 10:42 - 2013-09-10 10:55 - 336424420 _____ C:\Users\Exactly\Downloads\BloodRage_v1.3.zip
2013-09-10 10:13 - 2013-09-10 10:14 - 447466518 _____ C:\Users\Exactly\Desktop\Sounds In HD Complete Collection.rar
2013-09-10 10:09 - 2013-09-10 10:09 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds In HD Complete Collection
2013-09-06 23:51 - 2013-09-06 23:51 - 00000000 ____D C:\Users\Exactly\Downloads\LEX LUGER DRUM KITs
2013-09-06 23:49 - 2013-09-06 23:50 - 207957006 _____ C:\Users\Exactly\Downloads\LEX LUGER DRUM KITs.rar
2013-09-06 02:40 - 2013-09-06 02:40 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds.In.HD.Hip.Hop.Domination.Drum
2013-09-05 15:37 - 2013-09-05 15:38 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds.In.HD.Hip.Hop.Domination.Drum.Kit.WAV-KRock
2013-09-05 15:07 - 2013-09-05 15:08 - 00000000 ____D C:\Hypersonic 2 Content
2013-09-05 15:06 - 2013-09-05 15:06 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\Steinberg
2013-09-03 22:43 - 2013-05-02 11:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-02 00:40 - 2013-09-02 00:40 - 00001084 _____ C:\Users\Public\Desktop\ManyCam.lnk
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Exactly\AppData\Local\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\ProgramData\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Program Files (x86)\ManyCam
2013-09-02 00:40 - 2013-06-06 16:41 - 00489392 _____ (Ask Partner Network) C:\Users\Exactly\Documents\APNSetup1.exe
2013-09-02 00:40 - 2013-06-06 16:41 - 00489392 _____ (Ask Partner Network) C:\Users\Exactly\Documents\APNSetup.exe
2013-09-02 00:40 - 2013-01-14 22:54 - 00044544 _____ (ManyCam LLC) C:\Windows\system32\Drivers\mcvidrv_x64.sys
2013-08-31 00:36 - 2013-08-31 00:37 - 00000000 ____D C:\Users\Exactly\Downloads\Kick Ass 2 2013 HC SUB WEBRip XViD ac3 juggs
2013-08-29 19:05 - 2013-08-29 19:05 - 00000000 ____D C:\Users\Exactly\Downloads\J.U.S.T.I.C.E. Ultimate Producer Pack4_recovered
2013-08-29 19:04 - 2013-08-29 19:06 - 00000000 ____D C:\Program Files (x86)\ARAR
2013-08-29 18:33 - 2013-08-29 18:34 - 196412846 _____ C:\Users\Exactly\Downloads\J.U.S.T.I.C.E. Ultimate Producer Pack4.rar
2013-08-29 18:29 - 2013-08-29 18:30 - 141094428 _____ C:\Users\Exactly\Downloads\G_Unit_Producer_Pack_Limited.rar
2013-08-29 18:24 - 2013-08-29 18:24 - 11460713 _____ C:\Users\Exactly\Downloads\FreeDrumKits.net - J.U.S.T.I.C.E. League Drum Kit.zip
2013-08-29 00:28 - 2013-08-29 00:29 - 00000000 ____D C:\Users\Exactly\Downloads\The Wire - Season 2
2013-08-28 17:12 - 2013-08-28 17:12 - 00000000 ____D C:\Program Files\Classic Shell
2013-08-27 00:49 - 2013-07-09 04:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-27 00:49 - 2013-07-09 02:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-27 00:49 - 2013-07-09 00:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-27 00:49 - 2013-07-08 23:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-27 00:49 - 2013-07-08 18:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-27 00:49 - 2013-07-08 18:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-27 00:49 - 2013-07-08 18:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-27 00:49 - 2013-07-08 18:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-27 00:49 - 2013-07-05 20:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-27 00:49 - 2013-07-02 20:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-27 00:49 - 2013-07-02 20:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-27 00:49 - 2013-07-02 20:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-27 00:49 - 2013-07-02 20:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-27 00:49 - 2013-07-02 20:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-27 00:49 - 2013-07-02 20:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-27 00:49 - 2013-07-02 20:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-27 00:49 - 2013-06-30 18:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-27 00:49 - 2013-06-30 18:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-27 00:49 - 2013-06-29 02:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-27 00:49 - 2013-06-29 02:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-27 00:49 - 2013-06-29 01:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-27 00:49 - 2013-06-28 21:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-27 00:49 - 2013-06-25 23:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-27 00:49 - 2013-06-25 22:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-27 00:49 - 2013-06-24 18:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-27 00:49 - 2013-06-24 18:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-27 00:49 - 2013-06-24 18:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-27 00:49 - 2013-06-19 01:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-27 00:49 - 2013-06-19 01:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-27 00:49 - 2013-06-18 18:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-27 00:49 - 2013-06-18 18:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-27 00:49 - 2013-06-11 19:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-27 00:49 - 2013-06-11 19:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-27 00:49 - 2013-06-10 17:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-27 00:49 - 2013-06-10 15:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-27 00:49 - 2013-06-10 15:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-27 00:49 - 2013-06-10 15:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-27 00:49 - 2013-06-10 15:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-27 00:49 - 2013-06-10 15:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-27 00:49 - 2013-06-10 15:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-27 00:49 - 2013-06-06 04:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-26 01:37 - 2013-09-18 00:44 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified Files and Folders =======

2013-09-24 13:23 - 2013-09-24 13:23 - 01955802 _____ (Farbar) C:\Users\Exactly\Downloads\FRST64.exe
2013-09-24 13:23 - 2013-09-24 13:23 - 00000000 ____D C:\FRST
2013-09-24 13:18 - 2013-03-15 23:56 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3544349393-3606079791-649501264-1001
2013-09-24 13:17 - 2012-07-26 03:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-24 13:14 - 2013-01-07 06:00 - 01674071 _____ C:\Windows\WindowsUpdate.log
2013-09-24 13:13 - 2013-09-10 23:01 - 00003110 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2013-09-24 13:13 - 2013-09-10 23:01 - 00000514 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2013-09-24 13:13 - 2013-05-16 13:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-24 13:12 - 2013-05-16 13:30 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 13:12 - 2012-07-26 03:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 13:39 - 2013-03-16 00:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 03:25 - 2013-03-16 17:50 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\BitTorrent
2013-09-23 03:25 - 2013-03-16 00:01 - 00000000 ____D C:\Program Files\PeerBlock
2013-09-23 02:58 - 2013-04-04 01:10 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\vlc
2013-09-23 02:50 - 2013-05-16 13:30 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-23 02:00 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\system32\sru
2013-09-22 18:17 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache
2013-09-21 23:00 - 2013-03-15 23:50 - 00000000 ___RD C:\Users\Exactly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-21 23:00 - 2013-03-15 23:50 - 00000000 ___RD C:\Users\Exactly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-21 13:47 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData
2013-09-21 00:47 - 2013-09-21 00:46 - 00000000 ____D C:\Users\Exactly\Downloads\The Wire Season 3
2013-09-20 23:51 - 2013-05-16 13:31 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-20 23:25 - 2012-08-29 08:02 - 00161724 _____ C:\Windows\PFRO.log
2013-09-20 12:48 - 2013-03-15 23:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 22:01 - 2013-03-15 23:54 - 00000000 ____D C:\Users\Exactly\AppData\Local\Mozilla
2013-09-19 22:00 - 2013-09-19 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 21:38 - 2013-09-19 21:38 - 00021645 _____ C:\Users\Exactly\Desktop\dds.txt
2013-09-19 21:38 - 2013-09-19 21:38 - 00006420 _____ C:\Users\Exactly\Desktop\attach.txt
2013-09-19 21:37 - 2013-09-19 21:37 - 00688992 ____R (Swearware) C:\Users\Exactly\Downloads\dds.com
2013-09-19 00:47 - 2013-09-19 00:46 - 00000000 ____D C:\Users\Exactly\Downloads\Drake - Nothing Was The Same (Best Buy Exclusive) [2013-Album] Leak Mp3 CBR 192Kbps NimitMak SilverRG
2013-09-18 22:12 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-09-18 21:50 - 2013-09-18 21:50 - 00282472 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore
2013-09-18 12:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-18 12:20 - 2013-07-14 00:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-18 12:19 - 2013-03-16 00:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-18 12:15 - 2013-09-18 12:15 - 00018599 _____ C:\ComboFix.txt
2013-09-18 12:15 - 2013-09-18 12:07 - 00000000 ____D C:\Qoobox
2013-09-18 12:14 - 2013-09-18 12:07 - 00000000 ____D C:\Windows\erdnt
2013-09-18 12:14 - 2012-07-26 01:26 - 00000215 _____ C:\Windows\system.ini
2013-09-18 12:07 - 2013-09-18 12:07 - 05128653 ____R (Swearware) C:\Users\Exactly\Downloads\ComboFix.exe
2013-09-18 03:05 - 2013-09-18 03:05 - 02347384 _____ (ESET) C:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe
2013-09-18 01:22 - 2013-09-18 01:22 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Exactly\Downloads\tdsskiller.exe
2013-09-18 00:54 - 2012-07-26 01:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-09-18 00:53 - 2013-09-18 00:53 - 00001071 _____ C:\Users\Exactly\Desktop\JRT.txt
2013-09-18 00:49 - 2013-03-26 22:57 - 00000000 ____D C:\ProgramData\USTechSupport
2013-09-18 00:48 - 2013-09-18 00:48 - 01029675 _____ (Thisisu) C:\Users\Exactly\Downloads\JRT.exe
2013-09-18 00:47 - 2013-09-18 00:47 - 00001929 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-09-18 00:47 - 2013-05-16 13:30 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-18 00:44 - 2013-08-26 01:37 - 00000000 ____D C:\AdwCleaner
2013-09-18 00:40 - 2013-09-18 00:40 - 01039554 _____ C:\Users\Exactly\Downloads\AdwCleaner.exe
2013-09-18 00:39 - 2013-09-18 00:35 - 00000000 ____D C:\Users\Exactly\Desktop\RK_Quarantine
2013-09-18 00:38 - 2013-09-18 00:38 - 00001510 _____ C:\Users\Exactly\Desktop\RKreport[0]_S_09182013_003817.txt
2013-09-18 00:35 - 2013-09-18 00:35 - 03787776 _____ C:\Users\Exactly\Downloads\RogueKillerX64.exe
2013-09-18 00:33 - 2013-09-18 00:33 - 04745728 _____ (AVAST Software) C:\Users\Exactly\Downloads\aswmbr.exe
2013-09-18 00:30 - 2013-09-18 00:30 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Exactly\Downloads\mbar-1.07.0.1005(1).exe
2013-09-18 00:30 - 2013-09-18 00:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Exactly\Downloads\rkill.exe
2013-09-18 00:29 - 2013-07-07 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-18 00:18 - 2013-09-18 00:18 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Exactly\Downloads\mbar-1.07.0.1005.exe
2013-09-17 17:19 - 2013-09-11 00:10 - 00000000 ____D C:\Program Files\7-Zip
2013-09-17 17:19 - 2013-08-22 01:22 - 00000000 ____D C:\Users\Exactly\Downloads\Now.You.See.Me.2013.EXTENDED.BDRip.X264-SPARKS[rarbg]
2013-09-17 17:19 - 2013-08-21 02:15 - 00000000 ____D C:\Users\Exactly\Downloads\Star Trek Into Darkness (2013) DVDRip XviD-MAXSPEED
2013-09-17 17:19 - 2013-08-18 04:22 - 00000000 ____D C:\Users\Exactly\Downloads\Steinberg.Hypersonic.VSTi.DXi.v2.0.INTERNAL-AiRISO
2013-09-17 17:19 - 2013-08-01 00:18 - 00000000 ____D C:\Users\Exactly\Downloads\Goldbaby.Urban.Cookbook.Vol.2.MULTiFORMAT-MAGNETRiXX
2013-09-17 17:18 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\registration
2013-09-17 13:39 - 2013-03-16 00:23 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-17 13:20 - 2013-03-15 23:48 - 00000000 ____D C:\Users\Exactly
2013-09-11 20:30 - 2013-09-11 20:28 - 34126199 _____ C:\Users\Exactly\Downloads\2013-Vybe-Beatz-Drum-Kit.rar
2013-09-11 00:09 - 2013-09-11 00:09 - 01376768 _____ C:\Users\Exactly\Downloads\7z920-x64.msi
2013-09-10 10:55 - 2013-09-10 10:42 - 336424420 _____ C:\Users\Exactly\Downloads\BloodRage_v1.3.zip
2013-09-10 10:14 - 2013-09-10 10:13 - 447466518 _____ C:\Users\Exactly\Desktop\Sounds In HD Complete Collection.rar
2013-09-10 10:09 - 2013-09-10 10:09 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds In HD Complete Collection
2013-09-06 23:51 - 2013-09-06 23:51 - 00000000 ____D C:\Users\Exactly\Downloads\LEX LUGER DRUM KITs
2013-09-06 23:50 - 2013-09-06 23:49 - 207957006 _____ C:\Users\Exactly\Downloads\LEX LUGER DRUM KITs.rar
2013-09-06 02:40 - 2013-09-06 02:40 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds.In.HD.Hip.Hop.Domination.Drum
2013-09-05 16:09 - 2013-05-16 21:09 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-05 16:09 - 2013-05-16 21:09 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-05 15:38 - 2013-09-05 15:37 - 00000000 ____D C:\Users\Exactly\Downloads\Sounds.In.HD.Hip.Hop.Domination.Drum.Kit.WAV-KRock
2013-09-05 15:10 - 2013-05-18 13:14 - 00000000 ____D C:\Users\Exactly\AppData\Local\CrashDumps
2013-09-05 15:08 - 2013-09-05 15:07 - 00000000 ____D C:\Hypersonic 2 Content
2013-09-05 15:06 - 2013-09-05 15:06 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\Steinberg
2013-09-02 00:47 - 2013-07-14 22:40 - 00000000 ____D C:\Users\Exactly\AppData\Local\Adobe
2013-09-02 00:40 - 2013-09-02 00:40 - 00001084 _____ C:\Users\Public\Desktop\ManyCam.lnk
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Exactly\AppData\Roaming\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Exactly\AppData\Local\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\ProgramData\ManyCam
2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Program Files (x86)\ManyCam
2013-09-02 00:40 - 2012-07-26 03:21 - 00010610 _____ C:\Windows\setupact.log
2013-08-31 00:37 - 2013-08-31 00:36 - 00000000 ____D C:\Users\Exactly\Downloads\Kick Ass 2 2013 HC SUB WEBRip XViD ac3 juggs
2013-08-30 03:48 - 2013-09-18 00:47 - 00276992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2013-08-30 03:48 - 2013-09-18 00:47 - 00131232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFW.sys
2013-08-30 03:48 - 2013-09-18 00:47 - 00022600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 03:48 - 2013-05-16 13:30 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 03:47 - 2013-05-16 13:30 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 03:47 - 2013-05-16 13:29 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-29 19:06 - 2013-08-29 19:04 - 00000000 ____D C:\Program Files (x86)\ARAR
2013-08-29 19:05 - 2013-08-29 19:05 - 00000000 ____D C:\Users\Exactly\Downloads\J.U.S.T.I.C.E. Ultimate Producer Pack4_recovered
2013-08-29 18:34 - 2013-08-29 18:33 - 196412846 _____ C:\Users\Exactly\Downloads\J.U.S.T.I.C.E. Ultimate Producer Pack4.rar
2013-08-29 18:30 - 2013-08-29 18:29 - 141094428 _____ C:\Users\Exactly\Downloads\G_Unit_Producer_Pack_Limited.rar
2013-08-29 18:24 - 2013-08-29 18:24 - 11460713 _____ C:\Users\Exactly\Downloads\FreeDrumKits.net - J.U.S.T.I.C.E. League Drum Kit.zip
2013-08-29 00:29 - 2013-08-29 00:28 - 00000000 ____D C:\Users\Exactly\Downloads\The Wire - Season 2
2013-08-28 17:12 - 2013-08-28 17:12 - 00000000 ____D C:\Program Files\Classic Shell
2013-08-27 02:59 - 2012-07-26 01:38 - 00000000 ____D C:\Windows\system32\oobe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-19 22:21

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Exactly at 2013-09-24 13:24:37
Running from C:\Users\Exactly\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Internet Security (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Enabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}

==================== Installed Programs ======================

AC3Filter 1.63b (x32 Version: 1.63b)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Aloha TriPeaks (x32 Version: 2.2.0.98)
ASIO4ALL (x32 Version: 2.10)
Ask Toolbar (x32 Version: 12.3.0.881)
avast! Internet Security (x32 Version: 8.0.1497.0)
Avi to Dvd Free Converter v6.4.0.48 (x32)
Bejeweled 3 (x32 Version: 2.2.0.98)
BiFilter v2.3 (x32)
BitTorrent (HKCU Version: 7.8.1.30004)
Classic Shell (Version: 3.6.8)
CoreAAC Audio Decoder (remove only) (x32)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819)
CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98)
eBay Worldwide (x32 Version: 2.3.0630)
Effectrix 1.4 (Version: 1.4)
ElectraX full (x32)
ESET Online Scanner v3 (x32)
ffdshow [rev 3299] [2010-03-03] (x32 Version: 1.0.0.3299)
FilterBank v3.3 X64 (x32)
FL Studio 10 (x32)
FL Studio 11 (x32)
FlowStone FL 3.0 (x32)
Free Audio Converter version 5.0.28.812 (x32 Version: 5.0.28.812)
Gateway Power Management (Version: 7.00.3006)
Gateway Recovery Management (Version: 6.00.3011)
Gladiator  full (x32)
Google Chrome (x32 Version: 29.0.1547.76)
Haali Media Splitter (x32)
HiJackThis (x32 Version: 1.0.0)
Hotkey Utility (x32 Version: 3.00.3001)
Identity Card (x32 Version: 2.00.3004)
IL Download Manager (x32)
IL Shared Libraries (x32)
ImgBurn (x32 Version: 2.5.7.0)
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Management Engine Components (x32 Version: 8.1.0.1281)
Intel® Network Connections 17.2.153.0 (Version: 17.2.153.0)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.98)
KORG USB-MIDI Driver Tools for Windows (x32 Version: 1.14.0603)
Live Updater (x32 Version: 2.00.3003)
LUXONIX Purity (x32 Version: 1.2.5)
Malwarebytes Anti-Exploit version 0.9.2 beta (Version: 0.9.2 beta)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
ManyCam 3.1.59 (x32 Version: 3.1.59)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
mIRC (x32 Version: 7.32)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)
Native Instruments Abbey Road 60s Drums (Version: 1.2.0.003)
Native Instruments Abbey Road 60s Drums (x32)
Native Instruments Absynth 5 (Version: 5.1.0.1013)
Native Instruments Absynth 5 (x32)
Native Instruments Action Strings (Version: 1.0.0.002)
Native Instruments Action Strings (x32)
Native Instruments Battery 3 (Version: 3.2.2.633)
Native Instruments Battery 3 (x32)
Native Instruments Battery Library Importer for Maschine (Version: 1.0.0.003)
Native Instruments Battery Library Importer for Maschine (x32)
Native Instruments Berlin Concert Grand (Version: 1.3.0.004)
Native Instruments Berlin Concert Grand (x32)
Native Instruments FM8 (Version: 1.2.0.1016)
Native Instruments FM8 (x32)
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig 5 (x32)
Native Instruments Komplete 8 (Version: 8.0.0.001)
Native Instruments Komplete 8 (x32)
Native Instruments Kontakt 5 (Version: 5.2.0.6361)
Native Instruments Kontakt 5 (x32 Version: 5.2.0.6361)
Native Instruments Kontakt Factory Library (Version: 1.0.0.004)
Native Instruments Kontakt Factory Library (x32)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Massive (x32)
Native Instruments New York Concert Grand (Version: 1.3.0.004)
Native Instruments New York Concert Grand (x32)
Native Instruments Rammfire (Version: 1.1.0.003)
Native Instruments Rammfire (x32)
Native Instruments Reaktor 5 (Version: 5.6.1.11150)
Native Instruments Reaktor 5 (x32)
Native Instruments Reaktor Prism (Version: 1.2.0.005)
Native Instruments Reaktor Prism (x32)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Reaktor Spark R2 (x32)
Native Instruments Reflektor (Version: 1.2.0.003)
Native Instruments Reflektor (x32)
Native Instruments Scarbee MM-Bass (Version: 1.2.0.006)
Native Instruments Scarbee MM-Bass (x32)
Native Instruments Scarbee Vintage Keys (Version: 1.1.0.002)
Native Instruments Scarbee Vintage Keys (x32)
Native Instruments Service Center (Version: 2.2.6.676)
Native Instruments Service Center (x32)
Native Instruments Studio Drummer (Version: 1.0.0.005)
Native Instruments Studio Drummer (x32)
Native Instruments The Finger R2 (Version: 1.1.0.004)
Native Instruments The Finger R2 (x32)
Native Instruments Traktors 12 (Version: 1.1.0.002)
Native Instruments Traktors 12 (x32)
Native Instruments Transient Master (Version: 1.0.0.004)
Native Instruments Transient Master (x32)
Native Instruments Upright Piano (Version: 1.3.0.004)
Native Instruments Upright Piano (x32)
Native Instruments Vienna Concert Grand (Version: 1.3.0.003)
Native Instruments Vienna Concert Grand (x32)
Native Instruments Vintage Organs (Version: 1.1.0.007)
Native Instruments Vintage Organs (x32)
Native Instruments West Africa (Version: 1.1.0.004)
Native Instruments West Africa (x32)
Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00000)
Nero BackItUp (x32 Version: 12.0.0016)
Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.1000)
Nero ControlCenter (x32 Version: 11.0.14500.0.45)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003)
Nero Core Components (x32 Version: 11.0.16900.1.27)
Nero Express (x32 Version: 12.0.16001)
Nero Express Help (CHM) (x32 Version: 12.0.1000)
Nero Launcher (x32 Version: 12.0.3000)
Nero RescueAgent (x32 Version: 12.0.3001)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000)
Nero Update (x32 Version: 11.0.11500.28.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Peggle Nights (x32 Version: 2.2.0.98)
Penguins! (x32 Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.98)
Prerequisite installer (x32 Version: 12.0.0002)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.214)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (x32 Version: 11.31)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680)
Realtek USB 2.0 Card Reader (x32 Version: 6.2.8400.30137)
reFX Nexus VSTi RTAS v2.2.0 (x32)
Should I Remove It (HKCU Version: 1.0.4)
Should I Remove It (x32 Version: 1.0.4)
Spotify (x32 Version: 0.8.4.99.ga249b5f1)
Steinberg Hypersonic VSTi DXi v2.0 (x32)
SUPERAntiSpyware (Version: 5.6.1032)
Sylenth1 v2.21 (x32)
SynthMaster 2.5 VST/VSTi (x64) version 2.5.3.109 (x32 Version: 2.5.3.109)
Tales of Lagoona (x32 Version: 2.2.0.110)
TeamViewer 8 (x32 Version: 8.0.20202)
Tone2 Gladiator VSTi v2.2 (x32)
Tone2 Warmverb multi-FX full (x32)
Update Installer for WildTangent Games App (x32)
US Tech Support Framework (x32 Version: 2.1.0.4741)
VirtualCloneDrive (x32)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WildTangent Games (x32 Version: 1.0.3.0)
WildTangent Games App (x32 Version: 4.0.10.20)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Xvid 1.2.2 final uninstall (x32 Version: 1.2)
Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points  =========================

28-08-2013 21:10:50 Installed Classic Shell
07-09-2013 05:00:11 Scheduled Checkpoint
11-09-2013 04:09:46 Installed 7-Zip 9.20 (x64 edition)
18-09-2013 16:08:42 ComboFix created restore point

==================== Hosts content: ==========================

2012-07-26 01:26 - 2013-09-18 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08E36B09-103A-4E72-9145-755F56378191} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbaeloader64.exe [2013-06-21] (Malwarebytes Corporation)
Task: {13DB4F5D-20D2-462C-AD83-4C605E71BC7F} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {2BA6078F-563E-40BF-8C13-5401FB5C6627} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
Task: {2D308269-20D9-4D84-BB81-7230ECF6FC18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {353C3145-B310-4E55-94F7-623F8112876B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-16] (Google Inc.)
Task: {37D5CE0D-7E30-4C9A-9809-7AFB215341E3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {448C65C1-839B-4FFE-8E3B-44D32BE1F9FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {503EC20E-9C91-403D-8523-43B51ADB59F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17] (Adobe Systems Incorporated)
Task: {78D44128-EB29-4654-B2E0-446E1958E32C} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated)
Task: {85F7050F-93B7-4BCB-AE66-D5A81FD0C8F7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\WSCStub.exe
Task: {9F12E6A2-CA8B-456C-9514-C39556CE0E46} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\SymErr.exe
Task: {AB52BE1F-EC2A-486D-B48F-649EEEF86E97} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
Task: {CAB6D665-2B70-42F6-A251-0C029C40C44C} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)
Task: {D4771BD0-27AA-4018-BAC0-C547D3556A3A} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] ()
Task: {F52BAB33-F997-46CD-9238-8AACC88416EE} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae64.exe

==================== Loaded Modules (whitelisted) =============

2013-06-29 10:50 - 2013-06-29 10:50 - 01750528 _____ (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2013-01-08 01:14 - 2013-01-08 01:14 - 00316912 _____ (KORG INC.) C:\Windows\system32\KORGUM64.DRV
2012-10-25 04:16 - 2012-09-27 23:51 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-10-25 04:16 - 2012-09-27 23:51 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-07 06:10 - 2010-11-03 06:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-01-07 06:10 - 2012-07-10 04:18 - 03642512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-11-09 20:06 - 2012-11-09 20:06 - 00010880 _____ (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ExtensionToolkit.dll
2012-11-09 20:06 - 2012-11-09 20:06 - 00034944 _____ (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.Infrastructure.dll
2012-11-09 20:06 - 2012-11-09 20:06 - 00114816 _____ (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\CommApiInterop.dll
2012-11-09 20:06 - 2012-11-09 20:06 - 00384128 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ContactsApi.dll
2012-11-09 20:06 - 2012-11-09 20:06 - 00042112 _____ (Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtTray.Toolkit.dll
2012-11-09 20:04 - 2012-11-09 20:04 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-08 01:14 - 2013-01-08 01:14 - 00316912 _____ (KORG INC.) C:\Windows\SYSTEM32\KORGUM64.DRV
2012-07-25 22:13 - 2012-07-25 23:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm
2013-09-19 22:00 - 2013-09-19 22:00 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2013 01:13:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: twinui.dll, version: 6.2.9200.16680, time stamp: 0x51fb45f3
Exception code: 0xc0000005
Fault offset: 0x0000000000100be2
Faulting process id: 0x68c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (09/19/2013 11:04:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/19/2013 10:22:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/19/2013 00:25:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2013 00:41:48 PM) (Source: ESENT) (User: )
Description: taskhostex (4520) An attempt to open the file "C:\Users\Exactly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/18/2013 03:05:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2013 03:05:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/18/2013 03:05:47 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (09/17/2013 11:54:06 PM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (09/17/2013 11:00:00 PM) (Source: ESENT) (User: )
Description: svchost (1804) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU003CC.log.


System errors:
=============
Error: (09/24/2013 01:12:35 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/23/2013 01:33:07 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/22/2013 07:45:39 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JAYLA-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1BE9F9F7-C7A5-489D-80E0-F95449DA4AD5}.
The master browser is stopping or an election is being forced.

Error: (09/22/2013 05:51:21 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/22/2013 01:27:13 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/21/2013 10:59:06 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/20/2013 11:25:50 PM) (Source: DCOM) (User: CandC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CandCExactlyS-1-5-21-3544349393-3606079791-649501264-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/20/2013 11:25:50 PM) (Source: DCOM) (User: CandC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CandCExactlyS-1-5-21-3544349393-3606079791-649501264-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/20/2013 11:25:50 PM) (Source: DCOM) (User: CandC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CandCExactlyS-1-5-21-3544349393-3606079791-649501264-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/20/2013 11:25:50 PM) (Source: DCOM) (User: CandC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}CandCExactlyS-1-5-21-3544349393-3606079791-649501264-1001LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (09/24/2013 01:13:21 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.1668051fb45f3c00000050000000000100be268c01ceb9494c3dba1aC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll9c7309d5-253c-11e3-bfd3-2016d8ab10ed

Error: (09/19/2013 11:04:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/19/2013 10:22:06 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/19/2013 00:25:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe

Error: (09/18/2013 00:41:48 PM) (Source: ESENT)(User: )
Description: taskhostex4520C:\Users\Exactly\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/18/2013 03:05:51 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe

Error: (09/18/2013 03:05:50 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe

Error: (09/18/2013 03:05:47 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Exactly\Downloads\esetsmartinstaller_enu.exe

Error: (09/17/2013 11:54:06 PM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (09/17/2013 11:00:00 PM) (Source: ESENT)(User: )
Description: svchost1804SRUJet: C:\Windows\system32\SRU\SRU003CC.log-1811 (0xfffff8ed)


CodeIntegrity Errors:
===================================
  Date: 2013-09-18 12:13:56.479
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8060.96 MB
Available physical RAM: 6215.34 MB
Total Pagefile: 9276.96 MB
Available Pagefile: 7398.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:903.7 GB) (Free:446.59 GB) NTFS
Drive d: (My Book) (Fixed) (Total:931.28 GB) (Free:813.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: B1682A49)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=0C)

==================== End Of Log ============================



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 24 September 2013 - 02:54 PM

Greetings,

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Performance Reliability Monitor Report

--------------------
  • Click Start
  • Type perfmon /rel in the Run box and press Enter
  • Click Save Reliability History... in the lower left hand portion of the screen
  • Name the file perfmon and save it to your desktop as an .xml file (should be default setting)
  • Attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Performance Reliability Report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 24 September 2013 - 09:45 PM

Thanks for the knowledge Gary

Attached Files


Edited by Exactly, 24 September 2013 - 09:55 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 24 September 2013 - 10:18 PM

Thanks for posting the log. It will require some investigating and I have worked stacked up here. Trying to close up shop soon so I will not be replying until tomorrow morning.

Thanks in advance for your patience. Windows 8 issues tend to be a little more difficult because not all of the tools and programs we typically us have caught up to the new Operating System.

Talk to you tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 24 September 2013 - 10:56 PM

Take your time I just appreciate the help.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 25 September 2013 - 08:08 AM

Good Morning,

I would like additional information to review. Please do this if you don't mind.

===================================================

Event Viewer Information Windows 8/7/Vista

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Right click on System then select Save All Events As...
  • Under File Name: please type System then save it to your desktop
  • Right click on Application then select Save All Events As...
  • Under File Name: please type Application then save it to your desktop
  • Zip the files and notify me when you have successfully uploaded them here
===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Let me know when the files are uploaded

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 25 September 2013 - 11:11 AM

Submitted.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 25 September 2013 - 12:58 PM

Greetings,

Thanks for all the information. There are errors there but I need a little more information about not being able to boot.

Does this happen quite often? What happens and what is on the screen when it fails to boot? Does it launch Automatic Repair and notify you whether or not it fixed anything?

Are you experiencing any issues other than this.

Please run this.

===================================================

Run TDSSKiller by Kaspersky on Windows 8/7/Vista

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

Malwarebytes Anti-Rootkit - Scan Only

--------------------
  • Download Malwarebytes Anti-Rootkit (mbar) and save it to your desktop
  • Unzip the folder to your desktop
  • Double click the mbar icon and select Run
  • Click OK to install it on your desktop
  • If you receive a User Account Control prompt allow it to run
  • If you receive the following screen select Yes and your computer will be restarted

dda-driver-warning.png

  • Click Next on the following screen

start-screen.png

  • On the Update Database: screen click Update to download the latest definition updates then click Next

database-update.png

  • On the Scan System: screen place checkmarks in the Drivers, Sectors, and System boxes (should be checked by default) then click Scan. Please be patient and allow the process to complete

scan-system.png

  • Click the Exit button not Cleanup
  • A system-log report will be created in the mbar folder, please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Questions
  • TDSSKiller log
  • MBAR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 25 September 2013 - 01:09 PM

Its "hung up" only once since I have posted this for help...when it did "hang" it was the gateway logo never went past that...yes auto repair auto launches and it ask to goto a previous restore point and it boots normally..I havent had a "hang up" in the maybe the last 20 boot up so thats good news...no other problems then this I can think of..thank will do scans


Edited by Exactly, 25 September 2013 - 01:16 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 25 September 2013 - 01:12 PM

Great, thanks for the information. So it never freezes after it successfully boots and you are in the normal course and scope of computer work?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 25 September 2013 - 01:18 PM

No hiccups after that...Just looking for a little piece of mind that i am secure :-) mbar is running

 

 

14:09:15.0574 8084  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:09:15.0574 8084  UEFI system
14:09:16.0131 8084  ============================================================
14:09:16.0131 8084  Current date / time: 2013/09/25 14:09:16.0131
14:09:16.0131 8084  SystemInfo:
14:09:16.0131 8084  
14:09:16.0131 8084  OS Version: 6.2.9200 ServicePack: 0.0
14:09:16.0131 8084  Product type: Workstation
14:09:16.0131 8084  ComputerName: CANDC
14:09:16.0132 8084  UserName: Exactly
14:09:16.0132 8084  Windows directory: C:\Windows
14:09:16.0132 8084  System windows directory: C:\Windows
14:09:16.0132 8084  Running under WOW64
14:09:16.0132 8084  Processor architecture: Intel x64
14:09:16.0132 8084  Number of processors: 4
14:09:16.0132 8084  Page size: 0x1000
14:09:16.0132 8084  Boot type: Normal boot
14:09:16.0132 8084  ============================================================
14:09:16.0594 8084  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:09:16.0605 8084  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:09:23.0951 8084  ============================================================
14:09:23.0951 8084  \Device\Harddisk0\DR0:
14:09:23.0951 8084  GPT partitions:
14:09:23.0952 8084  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FD03E774-982D-4201-AE64-DA267600D300}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
14:09:23.0952 8084  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3119B8C9-3B0E-45DF-93AE-3010CC994222}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
14:09:23.0952 8084  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AD39BEE5-88C4-46AA-86DF-5A0DD43EA18C}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
14:09:23.0952 8084  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C88EF202-391D-4195-91BA-9D19E44D0255}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x70F68000
14:09:23.0952 8084  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {74F11CE4-902C-4639-856C-162FF05F4E0D}, Name: Basic data partition, StartLBA 0x71106800, BlocksNum 0x3600000
14:09:23.0952 8084  MBR partitions:
14:09:23.0952 8084  \Device\Harddisk1\DR1:
14:09:23.0953 8084  MBR partitions:
14:09:23.0953 8084  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
14:09:23.0953 8084  ============================================================
14:09:23.0966 8084  C: <-> \Device\Harddisk0\DR0\Partition4
14:09:23.0967 8084  D: <-> \Device\Harddisk1\DR1\Partition1
14:09:23.0967 8084  ============================================================
14:09:23.0967 8084  Initialize success
14:09:23.0967 8084  ============================================================
14:09:33.0211 6228  ============================================================
14:09:33.0211 6228  Scan started
14:09:33.0211 6228  Mode: Manual;
14:09:33.0211 6228  ============================================================
14:09:33.0512 6228  ================ Scan system memory ========================
14:09:33.0512 6228  System memory - ok
14:09:33.0512 6228  ================ Scan services =============================
14:09:33.0557 6228  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:09:33.0558 6228  !SASCORE - ok
14:09:33.0657 6228  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
14:09:33.0660 6228  1394ohci - ok
14:09:33.0678 6228  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
14:09:33.0680 6228  3ware - ok
14:09:33.0705 6228  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:09:33.0709 6228  ACPI - ok
14:09:33.0722 6228  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
14:09:33.0724 6228  acpiex - ok
14:09:33.0739 6228  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
14:09:33.0740 6228  acpipagr - ok
14:09:33.0752 6228  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
14:09:33.0755 6228  AcpiPmi - ok
14:09:33.0765 6228  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
14:09:33.0766 6228  acpitime - ok
14:09:33.0833 6228  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:09:33.0835 6228  AdobeFlashPlayerUpdateSvc - ok
14:09:33.0862 6228  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:09:33.0867 6228  adp94xx - ok
14:09:33.0876 6228  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:09:33.0879 6228  adpahci - ok
14:09:33.0885 6228  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:09:33.0888 6228  adpu320 - ok
14:09:33.0917 6228  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:09:33.0919 6228  AeLookupSvc - ok
14:09:33.0939 6228  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
14:09:33.0943 6228  AFD - ok
14:09:33.0959 6228  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:09:33.0960 6228  agp440 - ok
14:09:33.0989 6228  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
14:09:33.0990 6228  ALG - ok
14:09:33.0998 6228  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
14:09:34.0000 6228  AllUserInstallAgent - ok
14:09:34.0020 6228  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
14:09:34.0021 6228  AmdK8 - ok
14:09:34.0032 6228  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
14:09:34.0034 6228  AmdPPM - ok
14:09:34.0044 6228  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:09:34.0046 6228  amdsata - ok
14:09:34.0052 6228  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:09:34.0054 6228  amdsbs - ok
14:09:34.0071 6228  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:09:34.0073 6228  amdxata - ok
14:09:34.0086 6228  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
14:09:34.0087 6228  AppID - ok
14:09:34.0104 6228  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:09:34.0106 6228  AppIDSvc - ok
14:09:34.0126 6228  [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo         C:\Windows\System32\appinfo.dll
14:09:34.0127 6228  Appinfo - ok
14:09:34.0147 6228  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
14:09:34.0149 6228  arc - ok
14:09:34.0156 6228  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:09:34.0158 6228  arcsas - ok
14:09:34.0185 6228  [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:09:34.0186 6228  aswFsBlk - ok
14:09:34.0205 6228  [ C9ABD6DB930C89A3BAD4D2EBD59D5652 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
14:09:34.0207 6228  aswFW - ok
14:09:34.0218 6228  [ D07E6D1765AEDD75E67987921BBA43AD ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
14:09:34.0220 6228  aswKbd - ok
14:09:34.0229 6228  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:09:34.0229 6228  aswMonFlt - ok
14:09:34.0238 6228  [ B60FB423B82ECAFCC28A53F1C9C8D8D4 ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
14:09:34.0241 6228  aswNdisFlt - ok
14:09:34.0254 6228  [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
14:09:34.0255 6228  aswRdr - ok
14:09:34.0263 6228  [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
14:09:34.0264 6228  aswRvrt - ok
14:09:34.0282 6228  [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:09:34.0289 6228  aswSnx - ok
14:09:34.0299 6228  [ EC7148DB4D126C81426A67602822E62C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:09:34.0302 6228  aswSP - ok
14:09:34.0305 6228  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:09:34.0306 6228  aswTdi - ok
14:09:34.0318 6228  [ 9FE455C916C656144B004E3EB48507CE ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
14:09:34.0320 6228  aswVmm - ok
14:09:34.0332 6228  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:34.0333 6228  AsyncMac - ok
14:09:34.0344 6228  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:09:34.0346 6228  atapi - ok
14:09:34.0370 6228  [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
14:09:34.0372 6228  AthBTPort - ok
14:09:34.0418 6228  [ 688D17F196290EB2FCE0D6A62227853A ] AtherosSvc      C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
14:09:34.0420 6228  AtherosSvc - ok
14:09:34.0475 6228  [ 1DA32C4ED8D3928B0DAC570557B8A09B ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
14:09:34.0520 6228  athr - ok
14:09:34.0560 6228  [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:09:34.0562 6228  AudioEndpointBuilder - ok
14:09:34.0603 6228  [ 599B3F685A263A114FFAF3BE29C49C75 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:09:34.0608 6228  Audiosrv - ok
14:09:34.0639 6228  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:09:34.0640 6228  avast! Antivirus - ok
14:09:34.0653 6228  [ 68E3356BC848124F56BDAC3C70C2E54B ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
14:09:34.0654 6228  avast! Firewall - ok
14:09:34.0667 6228  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:09:34.0669 6228  AxInstSV - ok
14:09:34.0703 6228  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:09:34.0708 6228  b06bdrv - ok
14:09:34.0732 6228  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
14:09:34.0734 6228  BasicDisplay - ok
14:09:34.0738 6228  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
14:09:34.0740 6228  BasicRender - ok
14:09:34.0761 6228  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:09:34.0764 6228  BDESVC - ok
14:09:34.0773 6228  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:09:34.0775 6228  Beep - ok
14:09:34.0796 6228  [ 73133A0C0CA63817BFF2CB9DE65B64E7 ] BFE             C:\Windows\System32\bfe.dll
14:09:34.0803 6228  BFE - ok
14:09:34.0833 6228  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\system32\qmgr.dll
14:09:34.0845 6228  BITS - ok
14:09:34.0850 6228  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:09:34.0852 6228  bowser - ok
14:09:34.0887 6228  [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:09:34.0890 6228  BrokerInfrastructure - ok
14:09:34.0906 6228  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
14:09:34.0909 6228  Browser - ok
14:09:34.0921 6228  [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
14:09:34.0925 6228  BTATH_A2DP - ok
14:09:34.0938 6228  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
14:09:34.0941 6228  btath_avdt - ok
14:09:34.0952 6228  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
14:09:34.0953 6228  BTATH_BUS - ok
14:09:34.0963 6228  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
14:09:34.0966 6228  BTATH_HCRP - ok
14:09:34.0974 6228  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:09:34.0976 6228  BTATH_LWFLT - ok
14:09:34.0986 6228  [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
14:09:34.0988 6228  BTATH_RCP - ok
14:09:35.0009 6228  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
14:09:35.0011 6228  BTCFilterService - ok
14:09:35.0030 6228  [ F0B7281CE5B52BF847ADCA5846DE3CC8 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
14:09:35.0035 6228  BtFilter - ok
14:09:35.0076 6228  [ 6695200F455E251F0BCC9CE4D0978D59 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
14:09:35.0078 6228  BthAvrcpTg - ok
14:09:35.0099 6228  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
14:09:35.0101 6228  BthEnum - ok
14:09:35.0119 6228  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
14:09:35.0121 6228  BthHFEnum - ok
14:09:35.0137 6228  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
14:09:35.0139 6228  bthhfhid - ok
14:09:35.0160 6228  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
14:09:35.0162 6228  BthLEEnum - ok
14:09:35.0179 6228  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
14:09:35.0181 6228  BTHMODEM - ok
14:09:35.0199 6228  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:09:35.0201 6228  BthPan - ok
14:09:35.0235 6228  [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:09:35.0244 6228  BTHPORT - ok
14:09:35.0248 6228  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
14:09:35.0250 6228  bthserv - ok
14:09:35.0257 6228  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:09:35.0258 6228  BTHUSB - ok
14:09:35.0259 6228  catchme - ok
14:09:35.0276 6228  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:09:35.0299 6228  cdfs - ok
14:09:35.0318 6228  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
14:09:35.0320 6228  cdrom - ok
14:09:35.0335 6228  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:09:35.0337 6228  CertPropSvc - ok
14:09:35.0349 6228  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
14:09:35.0351 6228  circlass - ok
14:09:35.0378 6228  [ 55FE970B500F6D2A550B5E80AB8C4EAC ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
14:09:35.0379 6228  ClassicShellService - ok
14:09:35.0387 6228  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
14:09:35.0391 6228  CLFS - ok
14:09:35.0409 6228  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
14:09:35.0411 6228  CmBatt - ok
14:09:35.0433 6228  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:09:35.0439 6228  CNG - ok
14:09:35.0445 6228  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
14:09:35.0447 6228  CompositeBus - ok
14:09:35.0451 6228  COMSysApp - ok
14:09:35.0456 6228  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
14:09:35.0457 6228  condrv - ok
14:09:35.0506 6228  [ 4961FCA91C016AEA3E590784B744188F ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:09:35.0510 6228  cphs - ok
14:09:35.0550 6228  [ 5CE2742F063731EC10C1B2EE386A2C08 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:09:35.0553 6228  CryptSvc - ok
14:09:35.0588 6228  [ FAEF4C245BE832DB41B15DAAC336AFB7 ] dam             C:\Windows\system32\drivers\dam.sys
14:09:35.0589 6228  dam - ok
14:09:35.0621 6228  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:09:35.0633 6228  DcomLaunch - ok
14:09:35.0650 6228  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:09:35.0655 6228  defragsvc - ok
14:09:35.0667 6228  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
14:09:35.0672 6228  DeviceAssociationService - ok
14:09:35.0696 6228  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
14:09:35.0702 6228  DeviceInstall - ok
14:09:35.0707 6228  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
14:09:35.0709 6228  Dfsc - ok
14:09:35.0727 6228  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:09:35.0732 6228  Dhcp - ok
14:09:35.0737 6228  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
14:09:35.0738 6228  discache - ok
14:09:35.0743 6228  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
14:09:35.0745 6228  disk - ok
14:09:35.0760 6228  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
14:09:35.0761 6228  dmvsc - ok
14:09:35.0787 6228  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:09:35.0791 6228  Dnscache - ok
14:09:35.0798 6228  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
14:09:35.0802 6228  dot3svc - ok
14:09:35.0813 6228  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
14:09:35.0817 6228  DPS - ok
14:09:35.0828 6228  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:09:35.0829 6228  drmkaud - ok
14:09:35.0864 6228  [ F87F4AAAF6664906248D11D5E579A53B ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
14:09:35.0868 6228  DsmSvc - ok
14:09:35.0903 6228  [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:09:35.0917 6228  DXGKrnl - ok
14:09:35.0941 6228  [ 7C92EC22B031ECCD75EE0A3CEE214EDA ] e1cexpress      C:\Windows\system32\DRIVERS\e1c63x64.sys
14:09:35.0945 6228  e1cexpress - ok
14:09:35.0968 6228  [ 651FBD69A9713D623D456A240F96179C ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
14:09:35.0972 6228  e1iexpress - ok
14:09:35.0977 6228  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
14:09:35.0980 6228  Eaphost - ok
14:09:36.0027 6228  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:09:36.0062 6228  ebdrv - ok
14:09:36.0081 6228  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
14:09:36.0084 6228  EFS - ok
14:09:36.0087 6228  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
14:09:36.0088 6228  EhStorClass - ok
14:09:36.0103 6228  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:09:36.0104 6228  EhStorTcgDrv - ok
14:09:36.0134 6228  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
14:09:36.0136 6228  ElbyCDIO - ok
14:09:36.0175 6228  [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:09:36.0180 6228  ePowerSvc - ok
14:09:36.0193 6228  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
14:09:36.0194 6228  ErrDev - ok
14:09:36.0236 6228  [ 7DFAD0FB752A51B047A0870FD7255FD0 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\MBAE64.sys
14:09:36.0238 6228  ESProtectionDriver - ok
14:09:36.0259 6228  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
14:09:36.0266 6228  EventSystem - ok
14:09:36.0273 6228  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:09:36.0276 6228  exfat - ok
14:09:36.0282 6228  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:09:36.0284 6228  fastfat - ok
14:09:36.0312 6228  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
14:09:36.0317 6228  Fax - ok
14:09:36.0329 6228  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
14:09:36.0330 6228  fdc - ok
14:09:36.0343 6228  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
14:09:36.0346 6228  fdPHost - ok
14:09:36.0355 6228  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
14:09:36.0357 6228  FDResPub - ok
14:09:36.0369 6228  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
14:09:36.0371 6228  fhsvc - ok
14:09:36.0374 6228  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:09:36.0375 6228  FileInfo - ok
14:09:36.0380 6228  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:09:36.0381 6228  Filetrace - ok
14:09:36.0388 6228  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
14:09:36.0390 6228  flpydisk - ok
14:09:36.0402 6228  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:09:36.0409 6228  FltMgr - ok
14:09:36.0434 6228  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
14:09:36.0443 6228  FontCache - ok
14:09:36.0491 6228  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:36.0492 6228  FontCache3.0.0.0 - ok
14:09:36.0499 6228  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:09:36.0501 6228  FsDepends - ok
14:09:36.0504 6228  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:09:36.0505 6228  Fs_Rec - ok
14:09:36.0526 6228  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:09:36.0529 6228  fvevol - ok
14:09:36.0542 6228  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
14:09:36.0543 6228  FxPPM - ok
14:09:36.0562 6228  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:09:36.0564 6228  gagp30kx - ok
14:09:36.0610 6228  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:09:36.0612 6228  GamesAppService - ok
14:09:36.0638 6228  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
14:09:36.0639 6228  gencounter - ok
14:09:36.0661 6228  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
14:09:36.0663 6228  GPIOClx0101 - ok
14:09:36.0689 6228  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:09:36.0699 6228  gpsvc - ok
14:09:36.0726 6228  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:36.0727 6228  gupdate - ok
14:09:36.0730 6228  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:36.0730 6228  gupdatem - ok
14:09:36.0760 6228  [ 630555943E5A3FE21010CE91EC7FC84F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:36.0763 6228  HdAudAddService - ok
14:09:36.0777 6228  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
14:09:36.0778 6228  HDAudBus - ok
14:09:36.0806 6228  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
14:09:36.0807 6228  HidBatt - ok
14:09:36.0826 6228  [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
14:09:36.0828 6228  HidBth - ok
14:09:36.0841 6228  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
14:09:36.0841 6228  hidi2c - ok
14:09:36.0851 6228  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
14:09:36.0853 6228  HidIr - ok
14:09:36.0856 6228  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\System32\hidserv.dll
14:09:36.0858 6228  hidserv - ok
14:09:36.0892 6228  [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
14:09:36.0894 6228  HidUsb - ok
14:09:36.0906 6228  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:09:36.0910 6228  hkmsvc - ok
14:09:36.0936 6228  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:36.0941 6228  HomeGroupListener - ok
14:09:36.0958 6228  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:36.0966 6228  HomeGroupProvider - ok
14:09:36.0987 6228  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:09:36.0989 6228  HpSAMD - ok
14:09:37.0024 6228  [ F4A91D985EB9D1D2717D538F3424603C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:09:37.0033 6228  HTTP - ok
14:09:37.0038 6228  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:09:37.0039 6228  hwpolicy - ok
14:09:37.0050 6228  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
14:09:37.0052 6228  hyperkbd - ok
14:09:37.0057 6228  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
14:09:37.0059 6228  HyperVideo - ok
14:09:37.0075 6228  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
14:09:37.0078 6228  i8042prt - ok
14:09:37.0115 6228  [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
14:09:37.0120 6228  iaStorA - ok
14:09:37.0145 6228  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:09:37.0150 6228  iaStorV - ok
14:09:37.0217 6228  [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
14:09:37.0229 6228  IconMan_R - ok
14:09:37.0293 6228  [ A1CF07D24EDCDC6870535471654D957C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:37.0342 6228  igfx - ok
14:09:37.0352 6228  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:09:37.0353 6228  iirsp - ok
14:09:37.0380 6228  [ 3884117CE4FEC35E4A1A7A62918B1F34 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:09:37.0389 6228  IKEEXT - ok
14:09:37.0452 6228  [ F1A3ECE3809AF333810ED0A872200226 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:37.0493 6228  IntcAzAudAddService - ok
14:09:37.0516 6228  [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:09:37.0519 6228  IntcDAud - ok
14:09:37.0537 6228  [ B353F1834FCD36D77BE3F74992C147D4 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
14:09:37.0540 6228  Intel® Capability Licensing Service Interface - ok
14:09:37.0552 6228  [ 79187D6E38D1E67FEC49E4F89B6BC043 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
14:09:37.0554 6228  Intel® PROSet Monitoring Service - ok
14:09:37.0565 6228  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:09:37.0566 6228  intelide - ok
14:09:37.0590 6228  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
14:09:37.0591 6228  intelppm - ok
14:09:37.0609 6228  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:37.0610 6228  IpFilterDriver - ok
14:09:37.0646 6228  [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:09:37.0653 6228  iphlpsvc - ok
14:09:37.0671 6228  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
14:09:37.0672 6228  IPMIDRV - ok
14:09:37.0690 6228  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:09:37.0691 6228  IPNAT - ok
14:09:37.0708 6228  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:09:37.0709 6228  IRENUM - ok
14:09:37.0714 6228  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:09:37.0715 6228  isapnp - ok
14:09:37.0739 6228  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
14:09:37.0742 6228  iScsiPrt - ok
14:09:37.0797 6228  [ 5B7DE9D87B9D2713BDD6A53678DC2A49 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
14:09:37.0799 6228  jhi_service - ok
14:09:37.0810 6228  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
14:09:37.0812 6228  kbdclass - ok
14:09:37.0817 6228  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
14:09:37.0818 6228  kbdhid - ok
14:09:37.0830 6228  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
14:09:37.0832 6228  kdnic - ok
14:09:37.0840 6228  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
14:09:37.0844 6228  KeyIso - ok
14:09:37.0856 6228  [ FF391ED062854A313D72D0E7EF96A185 ] KORGUMDS        C:\Windows\System32\Drivers\KORGUM64.SYS
14:09:37.0858 6228  KORGUMDS - ok
14:09:37.0875 6228  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:09:37.0877 6228  KSecDD - ok
14:09:37.0900 6228  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:09:37.0902 6228  KSecPkg - ok
14:09:37.0907 6228  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:09:37.0908 6228  ksthunk - ok
14:09:37.0937 6228  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:09:37.0945 6228  KtmRm - ok
14:09:37.0962 6228  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:09:37.0970 6228  LanmanServer - ok
14:09:37.0983 6228  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:37.0990 6228  LanmanWorkstation - ok
14:09:38.0002 6228  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:09:38.0004 6228  lltdio - ok
14:09:38.0018 6228  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:09:38.0024 6228  lltdsvc - ok
14:09:38.0032 6228  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:09:38.0036 6228  lmhosts - ok
14:09:38.0049 6228  [ E70FD0D2C95F559A17321D831875593D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:09:38.0052 6228  LMS - ok
14:09:38.0075 6228  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:09:38.0078 6228  LSI_SAS - ok
14:09:38.0089 6228  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:09:38.0091 6228  LSI_SAS2 - ok
14:09:38.0104 6228  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:09:38.0106 6228  LSI_SCSI - ok
14:09:38.0117 6228  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
14:09:38.0119 6228  LSI_SSS - ok
14:09:38.0143 6228  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
14:09:38.0151 6228  LSM - ok
14:09:38.0163 6228  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:09:38.0165 6228  luafv - ok
14:09:38.0180 6228  [ FB365D68B0A9DDEA218DF7D8192A7AF4 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
14:09:38.0182 6228  ManyCam - ok
14:09:38.0208 6228  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
14:09:38.0209 6228  MBAMProtector - ok
14:09:38.0255 6228  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:09:38.0259 6228  MBAMScheduler - ok
14:09:38.0277 6228  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:09:38.0284 6228  MBAMService - ok
14:09:38.0297 6228  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
14:09:38.0299 6228  mcaudrv_simple - ok
14:09:38.0312 6228  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
14:09:38.0314 6228  megasas - ok
14:09:38.0340 6228  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:09:38.0344 6228  MegaSR - ok
14:09:38.0369 6228  [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
14:09:38.0371 6228  MEIx64 - ok
14:09:38.0385 6228  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
14:09:38.0389 6228  MMCSS - ok
14:09:38.0400 6228  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
14:09:38.0402 6228  Modem - ok
14:09:38.0421 6228  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\Windows\System32\drivers\monitor.sys
14:09:38.0422 6228  monitor - ok
14:09:38.0445 6228  [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb   C:\Windows\System32\Drivers\motoandroid.sys
14:09:38.0447 6228  motandroidusb - ok
14:09:38.0463 6228  [ 43E754047C6DEE50666554D3C66D6279 ] motccgp         C:\Windows\System32\drivers\motccgp.sys
14:09:38.0465 6228  motccgp - ok
14:09:38.0476 6228  [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl       C:\Windows\System32\drivers\motccgpfl.sys
14:09:38.0478 6228  motccgpfl - ok
14:09:38.0482 6228  [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\System32\drivers\motswch.sys
14:09:38.0483 6228  MotoSwitchService - ok
14:09:38.0497 6228  [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
14:09:38.0499 6228  Motousbnet - ok
14:09:38.0503 6228  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
14:09:38.0505 6228  mouclass - ok
14:09:38.0527 6228  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\Windows\System32\drivers\mouhid.sys
14:09:38.0529 6228  mouhid - ok
14:09:38.0534 6228  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:09:38.0536 6228  mountmgr - ok
14:09:38.0569 6228  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:09:38.0570 6228  MozillaMaintenance - ok
14:09:38.0585 6228  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:09:38.0587 6228  mpsdrv - ok
14:09:38.0617 6228  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:09:38.0628 6228  MpsSvc - ok
14:09:38.0645 6228  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:09:38.0646 6228  MRxDAV - ok
14:09:38.0670 6228  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:38.0673 6228  mrxsmb - ok
14:09:38.0678 6228  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:38.0680 6228  mrxsmb10 - ok
14:09:38.0692 6228  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:38.0694 6228  mrxsmb20 - ok
14:09:38.0712 6228  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
14:09:38.0712 6228  MsBridge - ok
14:09:38.0731 6228  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
14:09:38.0734 6228  MSDTC - ok
14:09:38.0739 6228  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:09:38.0740 6228  Msfs - ok
14:09:38.0756 6228  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
14:09:38.0758 6228  msgpiowin32 - ok
14:09:38.0771 6228  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:09:38.0772 6228  mshidkmdf - ok
14:09:38.0780 6228  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
14:09:38.0782 6228  mshidumdf - ok
14:09:38.0784 6228  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:09:38.0785 6228  msisadrv - ok
14:09:38.0808 6228  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:09:38.0811 6228  MSiSCSI - ok
14:09:38.0814 6228  msiserver - ok
14:09:38.0816 6228  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:09:38.0817 6228  MSKSSRV - ok
14:09:38.0831 6228  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
14:09:38.0831 6228  MsLldp - ok
14:09:38.0846 6228  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:38.0847 6228  MSPCLOCK - ok
14:09:38.0853 6228  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:09:38.0853 6228  MSPQM - ok
14:09:38.0859 6228  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:09:38.0862 6228  MsRPC - ok
14:09:38.0866 6228  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
14:09:38.0866 6228  mssmbios - ok
14:09:38.0877 6228  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:09:38.0879 6228  MSTEE - ok
14:09:38.0889 6228  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
14:09:38.0892 6228  MTConfig - ok
14:09:38.0894 6228  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:09:38.0895 6228  Mup - ok
14:09:38.0915 6228  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
14:09:38.0916 6228  mvumis - ok
14:09:38.0941 6228  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
14:09:38.0946 6228  napagent - ok
14:09:38.0960 6228  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:09:38.0963 6228  NativeWifiP - ok
14:09:39.0006 6228  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
14:09:39.0009 6228  NAUpdate - ok
14:09:39.0026 6228  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
14:09:39.0029 6228  NcaSvc - ok
14:09:39.0035 6228  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
14:09:39.0038 6228  NcdAutoSetup - ok
14:09:39.0081 6228  [ A10E176F3B2BF83EDE7B5C4658C93B66 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:09:39.0088 6228  NDIS - ok
14:09:39.0097 6228  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:39.0098 6228  NdisCap - ok
14:09:39.0114 6228  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:09:39.0115 6228  NdisImPlatform - ok
14:09:39.0133 6228  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:39.0135 6228  NdisTapi - ok
14:09:39.0144 6228  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:39.0145 6228  Ndisuio - ok
14:09:39.0149 6228  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:39.0150 6228  NdisWan - ok
14:09:39.0153 6228  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:39.0154 6228  NDISWANLEGACY - ok
14:09:39.0173 6228  [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:09:39.0175 6228  NDProxy - ok
14:09:39.0178 6228  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
14:09:39.0179 6228  Ndu - ok
14:09:39.0182 6228  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:09:39.0182 6228  NetBIOS - ok
14:09:39.0187 6228  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:09:39.0190 6228  NetBT - ok
14:09:39.0198 6228  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
14:09:39.0200 6228  Netlogon - ok
14:09:39.0212 6228  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
14:09:39.0216 6228  Netman - ok
14:09:39.0252 6228  [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm        C:\Windows\System32\netprofmsvc.dll
14:09:39.0257 6228  netprofm - ok
14:09:39.0286 6228  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:39.0301 6228  NetTcpPortSharing - ok
14:09:39.0316 6228  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:09:39.0318 6228  nfrd960 - ok
14:09:39.0346 6228  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:09:39.0353 6228  NlaSvc - ok
14:09:39.0358 6228  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:09:39.0360 6228  Npfs - ok
14:09:39.0364 6228  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
14:09:39.0365 6228  npsvctrig - ok
14:09:39.0374 6228  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
14:09:39.0378 6228  nsi - ok
14:09:39.0381 6228  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:09:39.0383 6228  nsiproxy - ok
14:09:39.0412 6228  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:09:39.0438 6228  Ntfs - ok
14:09:39.0448 6228  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
14:09:39.0449 6228  Null - ok
14:09:39.0466 6228  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:09:39.0468 6228  nvraid - ok
14:09:39.0481 6228  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:09:39.0483 6228  nvstor - ok
14:09:39.0493 6228  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:09:39.0495 6228  nv_agp - ok
14:09:39.0512 6228  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:09:39.0518 6228  p2pimsvc - ok
14:09:39.0537 6228  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:09:39.0543 6228  p2psvc - ok
14:09:39.0561 6228  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
14:09:39.0563 6228  Parport - ok
14:09:39.0627 6228  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:09:39.0629 6228  partmgr - ok
14:09:39.0644 6228  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:09:39.0652 6228  PcaSvc - ok
14:09:39.0659 6228  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
14:09:39.0662 6228  pci - ok
14:09:39.0669 6228  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:09:39.0671 6228  pciide - ok
14:09:39.0691 6228  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:09:39.0694 6228  pcmcia - ok
14:09:39.0699 6228  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:09:39.0700 6228  pcw - ok
14:09:39.0722 6228  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\Windows\system32\drivers\pdc.sys
14:09:39.0724 6228  pdc - ok
14:09:39.0752 6228  [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:09:39.0760 6228  PEAUTH - ok
14:09:39.0804 6228  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:09:39.0808 6228  PerfHost - ok
14:09:39.0849 6228  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
14:09:39.0863 6228  pla - ok
14:09:39.0880 6228  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:09:39.0883 6228  PlugPlay - ok
14:09:39.0894 6228  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:09:39.0898 6228  PNRPAutoReg - ok
14:09:39.0903 6228  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:09:39.0906 6228  PNRPsvc - ok
14:09:39.0933 6228  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:09:39.0939 6228  PolicyAgent - ok
14:09:39.0960 6228  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
14:09:39.0965 6228  Power - ok
14:09:39.0971 6228  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:09:39.0973 6228  PptpMiniport - ok
14:09:40.0030 6228  [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
14:09:40.0059 6228  PrintNotify - ok
14:09:40.0090 6228  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
14:09:40.0092 6228  Processor - ok
14:09:40.0113 6228  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
14:09:40.0117 6228  ProfSvc - ok
14:09:40.0121 6228  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:09:40.0122 6228  Psched - ok
14:09:40.0133 6228  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
14:09:40.0137 6228  QWAVE - ok
14:09:40.0147 6228  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:09:40.0149 6228  QWAVEdrv - ok
14:09:40.0162 6228  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:09:40.0164 6228  RasAcd - ok
14:09:40.0173 6228  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:40.0174 6228  RasAgileVpn - ok
14:09:40.0178 6228  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:09:40.0182 6228  RasAuto - ok
14:09:40.0185 6228  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:40.0187 6228  Rasl2tp - ok
14:09:40.0204 6228  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
14:09:40.0209 6228  RasMan - ok
14:09:40.0212 6228  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:40.0213 6228  RasPppoe - ok
14:09:40.0217 6228  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:09:40.0218 6228  RasSstp - ok
14:09:40.0262 6228  [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:09:40.0265 6228  rdbss - ok
14:09:40.0274 6228  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
14:09:40.0276 6228  rdpbus - ok
14:09:40.0292 6228  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:09:40.0294 6228  RDPDR - ok
14:09:40.0317 6228  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:09:40.0344 6228  RdpVideoMiniport - ok
14:09:40.0351 6228  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:09:40.0354 6228  RDPWD - ok
14:09:40.0368 6228  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:09:40.0376 6228  rdyboost - ok
14:09:40.0400 6228  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:09:40.0406 6228  RemoteAccess - ok
14:09:40.0412 6228  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:09:40.0420 6228  RemoteRegistry - ok
14:09:40.0433 6228  [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
14:09:40.0436 6228  RFCOMM - ok
14:09:40.0455 6228  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\System32\Drivers\RimUsb_AMD64.sys
14:09:40.0457 6228  RimUsb - ok
14:09:40.0471 6228  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:09:40.0476 6228  RpcEptMapper - ok
14:09:40.0491 6228  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
14:09:40.0495 6228  RpcLocator - ok
14:09:40.0513 6228  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
14:09:40.0523 6228  RpcSs - ok
14:09:40.0529 6228  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:09:40.0531 6228  rspndr - ok
14:09:40.0549 6228  [ 7291CC1B5ECA448B0B9C15E7E987A6B3 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
14:09:40.0552 6228  RSUSBSTOR - ok
14:09:40.0567 6228  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
14:09:40.0569 6228  s3cap - ok
14:09:40.0583 6228  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
14:09:40.0586 6228  SamSs - ok
14:09:40.0630 6228  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:09:40.0631 6228  SASDIFSV - ok
14:09:40.0637 6228  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:09:40.0639 6228  SASKUTIL - ok
14:09:40.0660 6228  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:09:40.0663 6228  sbp2port - ok
14:09:40.0686 6228  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:09:40.0692 6228  SCardSvr - ok
14:09:40.0701 6228  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:09:40.0703 6228  scfilter - ok
14:09:40.0743 6228  [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule        C:\Windows\system32\schedsvc.dll
14:09:40.0759 6228  Schedule - ok
14:09:40.0776 6228  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:09:40.0778 6228  SCPolicySvc - ok
14:09:40.0806 6228  [ F58B030A0664385C707B8C1C63682041 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
14:09:40.0808 6228  sdbus - ok
14:09:40.0828 6228  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:09:40.0832 6228  SDRSVC - ok
14:09:40.0849 6228  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
14:09:40.0850 6228  sdstor - ok
14:09:40.0853 6228  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:09:40.0854 6228  secdrv - ok
14:09:40.0869 6228  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
14:09:40.0873 6228  seclogon - ok
14:09:40.0884 6228  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\system32\sens.dll
14:09:40.0887 6228  SENS - ok
14:09:40.0898 6228  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:09:40.0902 6228  SensrSvc - ok
14:09:40.0921 6228  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
14:09:40.0922 6228  SerCx - ok
14:09:40.0938 6228  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
14:09:40.0940 6228  Serenum - ok
14:09:40.0955 6228  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
14:09:40.0956 6228  Serial - ok
14:09:40.0973 6228  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
14:09:40.0974 6228  sermouse - ok
14:09:40.0983 6228  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
14:09:40.0989 6228  SessionEnv - ok
14:09:40.0995 6228  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
14:09:40.0997 6228  sfloppy - ok
14:09:41.0014 6228  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:09:41.0018 6228  SharedAccess - ok
14:09:41.0046 6228  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:41.0053 6228  ShellHWDetection - ok
14:09:41.0064 6228  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:09:41.0065 6228  SiSRaid2 - ok
14:09:41.0081 6228  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:09:41.0083 6228  SiSRaid4 - ok
14:09:41.0099 6228  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:09:41.0103 6228  SNMPTRAP - ok
14:09:41.0125 6228  [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
14:09:41.0127 6228  spaceport - ok
14:09:41.0136 6228  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
14:09:41.0137 6228  SpbCx - ok
14:09:41.0152 6228  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
14:09:41.0159 6228  Spooler - ok
14:09:41.0252 6228  [ 061A977C920FBE4BF71FF47C966DDDCA ] sppsvc          C:\Windows\system32\sppsvc.exe
14:09:41.0327 6228  sppsvc - ok
14:09:41.0334 6228  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:09:41.0338 6228  srv - ok
14:09:41.0367 6228  [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:09:41.0371 6228  srv2 - ok
14:09:41.0392 6228  [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:09:41.0393 6228  srvnet - ok
14:09:41.0406 6228  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:09:41.0411 6228  SSDPSRV - ok
14:09:41.0414 6228  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:09:41.0417 6228  SstpSvc - ok
14:09:41.0430 6228  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:09:41.0432 6228  stexstor - ok
14:09:41.0454 6228  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
14:09:41.0464 6228  stisvc - ok
14:09:41.0493 6228  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\Windows\system32\drivers\storahci.sys
14:09:41.0496 6228  storahci - ok
14:09:41.0510 6228  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
14:09:41.0513 6228  storflt - ok
14:09:41.0522 6228  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
14:09:41.0528 6228  StorSvc - ok
14:09:41.0535 6228  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:09:41.0537 6228  storvsc - ok
14:09:41.0546 6228  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
14:09:41.0551 6228  svsvc - ok
14:09:41.0555 6228  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
14:09:41.0557 6228  swenum - ok
14:09:41.0579 6228  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
14:09:41.0596 6228  swprv - ok
14:09:41.0648 6228  [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain         C:\Windows\system32\sysmain.dll
14:09:41.0663 6228  SysMain - ok
14:09:41.0688 6228  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:09:41.0692 6228  SystemEventsBroker - ok
14:09:41.0704 6228  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
14:09:41.0707 6228  TabletInputService - ok
14:09:41.0717 6228  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:09:41.0723 6228  TapiSrv - ok
14:09:41.0779 6228  [ 37D85E873C9531A2F88DD9C63D3F8A9E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:09:41.0805 6228  Tcpip - ok
14:09:41.0837 6228  [ 37D85E873C9531A2F88DD9C63D3F8A9E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:09:41.0854 6228  TCPIP6 - ok
14:09:41.0861 6228  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:09:41.0862 6228  tcpipreg - ok
14:09:41.0881 6228  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:09:41.0883 6228  tdx - ok
14:09:41.0971 6228  [ D53118C165AE5D188632B6CDEEE82A1B ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
14:09:41.0998 6228  TeamViewer8 - ok
14:09:42.0034 6228  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
14:09:42.0036 6228  terminpt - ok
14:09:42.0051 6228  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
14:09:42.0058 6228  TermService - ok
14:09:42.0065 6228  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
14:09:42.0068 6228  Themes - ok
14:09:42.0085 6228  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:09:42.0087 6228  THREADORDER - ok
14:09:42.0102 6228  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
14:09:42.0106 6228  TimeBroker - ok
14:09:42.0121 6228  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\Windows\system32\drivers\tpm.sys
14:09:42.0124 6228  TPM - ok
14:09:42.0138 6228  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
14:09:42.0145 6228  TrkWks - ok
14:09:42.0203 6228  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:09:42.0204 6228  TrustedInstaller - ok
14:09:42.0219 6228  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:09:42.0221 6228  TsUsbFlt - ok
14:09:42.0231 6228  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
14:09:42.0233 6228  TsUsbGD - ok
14:09:42.0238 6228  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:09:42.0240 6228  tunnel - ok
14:09:42.0258 6228  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:09:42.0261 6228  uagp35 - ok
14:09:42.0273 6228  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
14:09:42.0276 6228  UASPStor - ok
14:09:42.0317 6228  [ 4834158B8D06A153FADAB6B85320FBBE ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
14:09:42.0320 6228  UCX01000 - ok
14:09:42.0347 6228  [ 25C50F4EDF70D0A831E0566BD181CCF2 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:09:42.0351 6228  udfs - ok
14:09:42.0373 6228  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:09:42.0380 6228  UI0Detect - ok
14:09:42.0394 6228  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:09:42.0396 6228  uliagpkx - ok
14:09:42.0401 6228  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
14:09:42.0403 6228  umbus - ok
14:09:42.0421 6228  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
14:09:42.0423 6228  UmPass - ok
14:09:42.0438 6228  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
14:09:42.0445 6228  UmRdpService - ok
14:09:42.0500 6228  [ C485FB802F6C4A306B8F89BA087E5CA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:09:42.0503 6228  UNS - ok
14:09:42.0523 6228  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
14:09:42.0533 6228  upnphost - ok
14:09:42.0555 6228  [ 3FBE0784E42E7BA93FCC5201D2BAFE23 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:09:42.0558 6228  usbaudio - ok
14:09:42.0564 6228  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
14:09:42.0566 6228  usbccgp - ok
14:09:42.0581 6228  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
14:09:42.0583 6228  usbcir - ok
14:09:42.0612 6228  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
14:09:42.0615 6228  usbehci - ok
14:09:42.0631 6228  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
14:09:42.0637 6228  usbhub - ok
14:09:42.0659 6228  [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
14:09:42.0665 6228  USBHUB3 - ok
14:09:42.0677 6228  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
14:09:42.0679 6228  usbohci - ok
14:09:42.0689 6228  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
14:09:42.0691 6228  usbprint - ok
14:09:42.0701 6228  [ BFC7FE4AAEB61317A921871B4085EF4B ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
14:09:42.0704 6228  USBSTOR - ok
14:09:42.0708 6228  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
14:09:42.0710 6228  usbuhci - ok
14:09:42.0742 6228  [ 1ADCF0A490C2845637B334626669CD6F ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
14:09:42.0746 6228  USBXHCI - ok
14:09:42.0780 6228  [ 67056D279BDCDA45F958252AFC5D6A39 ] USTSScheduler   C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe
14:09:42.0786 6228  USTSScheduler - ok
14:09:42.0800 6228  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
14:09:42.0803 6228  VaultSvc - ok
14:09:42.0827 6228  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
14:09:42.0830 6228  VClone - ok
14:09:42.0834 6228  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:09:42.0836 6228  vdrvroot - ok
14:09:42.0874 6228  [ 1B4488988E5E7512E6C5CD1255E9E973 ] vds             C:\Windows\System32\vds.exe
14:09:42.0885 6228  vds - ok
14:09:42.0891 6228  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
14:09:42.0894 6228  VerifierExt - ok
14:09:42.0919 6228  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
14:09:42.0924 6228  vhdmp - ok
14:09:42.0945 6228  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
14:09:42.0947 6228  viaide - ok
14:09:42.0968 6228  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:09:42.0971 6228  vmbus - ok
14:09:42.0992 6228  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
14:09:42.0994 6228  VMBusHID - ok
14:09:43.0014 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
14:09:43.0020 6228  vmicheartbeat - ok
14:09:43.0026 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:09:43.0031 6228  vmickvpexchange - ok
14:09:43.0037 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
14:09:43.0041 6228  vmicrdv - ok
14:09:43.0044 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
14:09:43.0047 6228  vmicshutdown - ok
14:09:43.0051 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
14:09:43.0053 6228  vmictimesync - ok
14:09:43.0057 6228  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
14:09:43.0060 6228  vmicvss - ok
14:09:43.0063 6228  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:09:43.0064 6228  volmgr - ok
14:09:43.0079 6228  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:09:43.0082 6228  volmgrx - ok
14:09:43.0095 6228  [ 78A5BBA3819FFFC62FFEC3E2220D102D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:09:43.0098 6228  volsnap - ok
14:09:43.0113 6228  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
14:09:43.0115 6228  vpci - ok
14:09:43.0132 6228  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:09:43.0133 6228  vsmraid - ok
14:09:43.0173 6228  [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS             C:\Windows\system32\vssvc.exe
14:09:43.0184 6228  VSS - ok
14:09:43.0204 6228  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
14:09:43.0206 6228  VSTXRAID - ok
14:09:43.0224 6228  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:09:43.0226 6228  vwifibus - ok
14:09:43.0231 6228  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:09:43.0232 6228  vwififlt - ok
14:09:43.0235 6228  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:09:43.0236 6228  vwifimp - ok
14:09:43.0245 6228  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
14:09:43.0250 6228  W32Time - ok
14:09:43.0258 6228  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
14:09:43.0260 6228  WacomPen - ok
14:09:43.0271 6228  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:09:43.0272 6228  Wanarp - ok
14:09:43.0274 6228  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:09:43.0275 6228  Wanarpv6 - ok
14:09:43.0302 6228  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
14:09:43.0314 6228  wbengine - ok
14:09:43.0337 6228  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:09:43.0342 6228  WbioSrvc - ok
14:09:43.0361 6228  [ AF1349386D4C6786EF4E34FACEF15042 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
14:09:43.0365 6228  Wcmsvc - ok
14:09:43.0386 6228  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:09:43.0391 6228  wcncsvc - ok
14:09:43.0397 6228  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:09:43.0401 6228  WcsPlugInService - ok
14:09:43.0409 6228  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
14:09:43.0411 6228  Wd - ok
14:09:43.0443 6228  [ FD47DF026B32969B8A68721A0243E8EE ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
14:09:43.0444 6228  WdBoot - ok
14:09:43.0469 6228  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:09:43.0474 6228  Wdf01000 - ok
14:09:43.0498 6228  [ 5F425D842DD6ADE9F95A51A0616AFAD7 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
14:09:43.0500 6228  WdFilter - ok
14:09:43.0505 6228  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:09:43.0508 6228  WdiServiceHost - ok
14:09:43.0511 6228  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:09:43.0514 6228  WdiSystemHost - ok
14:09:43.0518 6228  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
14:09:43.0524 6228  WebClient - ok
14:09:43.0528 6228  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:09:43.0532 6228  Wecsvc - ok
14:09:43.0548 6228  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:09:43.0552 6228  wercplsupport - ok
14:09:43.0568 6228  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:09:43.0572 6228  WerSvc - ok
14:09:43.0593 6228  [ 3F1F31883EAC9DDDF836ACC6D1DAC36C ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
14:09:43.0594 6228  WFPLWFS - ok
14:09:43.0602 6228  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
14:09:43.0606 6228  WiaRpc - ok
14:09:43.0613 6228  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:09:43.0614 6228  WIMMount - ok
14:09:43.0631 6228  WinDefend - ok
14:09:43.0649 6228  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:09:43.0656 6228  WinHttpAutoProxySvc - ok
14:09:43.0697 6228  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:09:43.0699 6228  Winmgmt - ok
14:09:43.0749 6228  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:09:43.0784 6228  WinRM - ok
14:09:43.0803 6228  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:09:43.0805 6228  WinUsb - ok
14:09:43.0835 6228  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
14:09:43.0851 6228  WlanSvc - ok
14:09:43.0879 6228  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
14:09:43.0902 6228  wlidsvc - ok
14:09:43.0913 6228  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
14:09:43.0914 6228  WmiAcpi - ok
14:09:43.0927 6228  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:09:43.0929 6228  wmiApSrv - ok
14:09:43.0931 6228  WMPNetworkSvc - ok
14:09:43.0944 6228  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
14:09:43.0945 6228  wpcfltr - ok
14:09:43.0950 6228  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:09:43.0953 6228  WPCSvc - ok
14:09:43.0964 6228  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:09:43.0967 6228  WPDBusEnum - ok
14:09:43.0978 6228  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
14:09:43.0980 6228  WpdUpFltr - ok
14:09:43.0995 6228  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:09:43.0996 6228  ws2ifsl - ok
14:09:44.0019 6228  [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc          C:\Windows\system32\wscsvc.dll
14:09:44.0023 6228  wscsvc - ok
14:09:44.0025 6228  WSearch - ok
14:09:44.0084 6228  [ D4D04839F3DFAF09D94BAB1016F7A297 ] WSService       C:\Windows\System32\WSService.dll
14:09:44.0117 6228  WSService - ok
14:09:44.0162 6228  [ 9DEC60D4783377097014DFCCA31E69F8 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:09:44.0213 6228  wuauserv - ok
14:09:44.0227 6228  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:09:44.0229 6228  WudfPf - ok
14:09:44.0250 6228  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:09:44.0254 6228  wudfsvc - ok
14:09:44.0271 6228  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:44.0274 6228  WUDFWpdFs - ok
14:09:44.0277 6228  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
14:09:44.0278 6228  WUDFWpdMtp - ok
14:09:44.0310 6228  [ 6D9E07436B6646EC8F7EFFD39B6BA288 ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:09:44.0316 6228  WwanSvc - ok
14:09:44.0325 6228  ================ Scan global ===============================
14:09:44.0359 6228  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
14:09:44.0376 6228  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
14:09:44.0398 6228  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
14:09:44.0424 6228  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
14:09:44.0429 6228  [Global] - ok
14:09:44.0430 6228  ================ Scan MBR ==================================
14:09:44.0441 6228  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:09:44.0446 6228  \Device\Harddisk0\DR0 - ok
14:09:44.0906 6228  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
14:09:44.0912 6228  \Device\Harddisk1\DR1 - ok
14:09:44.0912 6228  ================ Scan VBR ==================================
14:09:44.0922 6228  [ CFD28296DAE6604398F7D20F3A32D358 ] \Device\Harddisk0\DR0\Partition1
14:09:44.0924 6228  \Device\Harddisk0\DR0\Partition1 - ok
14:09:44.0929 6228  [ 1B2B90873E9C6312E29BF11713F883A3 ] \Device\Harddisk0\DR0\Partition2
14:09:44.0930 6228  \Device\Harddisk0\DR0\Partition2 - ok
14:09:44.0940 6228  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
14:09:44.0941 6228  \Device\Harddisk0\DR0\Partition3 - ok
14:09:44.0948 6228  [ 10FF1422C0D138738D4D6EFD93452523 ] \Device\Harddisk0\DR0\Partition4
14:09:44.0950 6228  \Device\Harddisk0\DR0\Partition4 - ok
14:09:44.0976 6228  [ 4E3C2288CDF176D3CF9CE68533561B88 ] \Device\Harddisk0\DR0\Partition5
14:09:44.0978 6228  \Device\Harddisk0\DR0\Partition5 - ok
14:09:44.0981 6228  [ 66712657C385E75B13BABDFB1759CA1B ] \Device\Harddisk1\DR1\Partition1
14:09:45.0000 6228  \Device\Harddisk1\DR1\Partition1 - ok
14:09:45.0000 6228  ============================================================
14:09:45.0000 6228  Scan finished
14:09:45.0000 6228  ============================================================
14:09:45.0009 4332  Detected object count: 0
14:09:45.0009 4332  Actual detected object count: 0
14:09:55.0238 8028  Deinitialize success
 



#14 Exactly

Exactly
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 AM

Posted 25 September 2013 - 01:21 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.25.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Exactly :: CANDC [administrator]

9/25/2013 2:13:04 PM
mbar-log-2013-09-25 (14-13-04).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 267871
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:32 AM

Posted 25 September 2013 - 01:22 PM

OK, that report looks great. The logs you provided indicated there were a couple of unexpected shutdowns. No big deal unless it was forced because your compute froze.

I will await the MBAR results. Just running that because of your initial comments about possible rootkit activity.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users