Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"nt32.exe", "315load32.exe", "load32.exe" Malware has attacked.


  • This topic is locked This topic is locked
30 replies to this topic

#1 Zekira G. Drake

Zekira G. Drake

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 10 February 2014 - 07:09 AM

As per instruction from this topic (http://www.bleepingcomputer.com/forums/t/523744/nt32exe-315load32exe-load32exe-malware-has-attacked-please-help/).

 

Original message:

 

 


Hello, glad to see Bleeping Computer is still very much alive with all the help! I haven't been here in a while, and I never thought this day would come again, but I am officially stumped by a malware which has infected my computer.

 

I have done my research and found that the processes involved are named "nt32.exe", "315load32.exe", and "load32.exe".

 

What happened is that I cannot access anything from my C drive at all. I also cannot edit its permissions; it tells me Access Denied. I have been using this computer for years without reformat, so I am very sure that I have Administrator access. This has only started happening recently.

 

Due to this, any of the malware removal tools I try to run, such as MalwareBytes and ComboFix, do not even run at all. Looking at it from process explorer, nt32.exe seems to intercept it and I have done my best to stop it to no avail.

 

Please help. I have a Farbar Recovery Scan Tool log ready, if needed. I know I shouldn't be posting logs, but I would like to at least point out that there are lines with "<===== ATTENTION" and they all point to nt32.exe, 315load32.exe, or load32.exe

 

Please help! Thank you!

 

P.S. I am running Windows 7 Ultimate 64-bit.

My other hard drives can also be accessed fine.

 

EDIT: I forgot to mention that, when these processes load, their description is "Print backup recovery migration".

 

Upon more research, all things point to a virus that has really attacked my computer...

 

What I have done so far:
 

-Posted logs in the original topic, but no cleaning.

 

-Ran ESET Online Scanner, detected some of the malicious files and cleaned them, but at least 2 of them remain uncleaned.

 

 

 

 

 

DDS.txt :

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Zekira Drake at 19:52:27 on 2014-02-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.63.1033.18.3957.1570 [GMT 8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\lxcrcoms.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\atwtusb.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://godvillegame.com/superhero
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Zekira Drake\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
StartupFolder: C:\Users\ZEKIRA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk -
StartupFolder: C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://bm-dist.bmcdn.jp/bmcdndist/neffy/NeffyLauncher.cab
TCP: NameServer = 8.8.8.8 8.8.4.4 124.106.6.134
TCP: Interfaces\{F93B6676-FAD5-4506-8A21-AD85C131F543} : DHCPNameServer = 8.8.8.8 8.8.4.4 124.106.6.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [MacrokeyManager] WTMKM.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://tweetdeck.twitter.com/|https://www.facebook.com/|http://godvillegame.com/superhero|http://mail.yahoo.com|https://mail.google.com/|http://www.shiftylook.com/comics/klonoa/|http://nekousagiinunezumi.blog118.fc2.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: D:\Kuroneko\GameOn\Common files\nppmangsupport.dll
.
---- FIREFOX POLICIES ----
.
.
.
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 3061d10c00000000000000270e0c4ae9
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15698
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.100:01:42
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-20 52760]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-11-20 182088]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-21 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-29 15129376]
R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2013-12-31 4308024]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-1-15 2533400]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-6-25 619904]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-1-15 509104]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-6-25 13728]
R3 Neo_VPN;VPN Client Device Driver - VPN;C:\Windows\System32\drivers\Neo_0008.sys [2013-12-31 28768]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-21 39200]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-6-25 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-6-25 15776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-9-7 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-7 121416]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-16 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2013-8-20 204568]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-16 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-16 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-09 21:41:06    119000    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-02-09 21:41:06    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-09 21:39:20    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-09 15:00:48    --------    d-----w-    C:\Program Files (x86)\ESET
2014-02-09 14:44:36    --------    d-----w-    C:\FRST
2014-02-09 14:29:50    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-02-09 14:25:34    --------    d-----w-    C:\Windows\pss
2014-02-01 04:34:06    --------    d--h--w-    C:\NTKernel
2014-02-01 04:33:43    --------    d-----w-    C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-02-01 03:00:08    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A416183E-D57E-4F48-863C-C84AA1FDB122}\mpengine.dll
2014-01-31 02:37:39    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-24 12:15:39    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{438D743A-AB26-4EFF-B8D9-364F11E7BBB1}\gapaengine.dll
2014-01-20 12:50:26    144896    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\lxcrpp6c.dll
2014-01-20 12:49:54    --------    d-----w-    C:\Program Files (x86)\Lexmark 2400 Series
2014-01-20 12:41:02    305152    ----a-w-    C:\Windows\SysWow64\LXCRhcp.dll
2014-01-20 12:18:42    --------    d-----w-    C:\Program Files (x86) (x86)
2014-01-17 03:08:30    --------    d-----w-    C:\Windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 03:03:16    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-17 03:03:16    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-17 03:03:15    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-17 03:03:15    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-17 03:03:15    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-17 03:03:15    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-17 03:03:15    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-17 03:03:15    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-17 03:03:14    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-31 06:28:31    28768    ----a-w-    C:\Windows\System32\drivers\Neo_0008.sys
2013-12-31 06:27:18    135736    ----a-w-    C:\Windows\System32\vpncmd.exe
2013-12-14 00:33:42    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 00:33:42    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11    982232    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01    1100248    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:30    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-05 08:42:26    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-12-05 08:42:26    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 19:52:56.43 ===============
 

 

 

Attach.txt is attached on the post.

 

Thank you.

 

EDIT2: By the way, when I try to scan with MalwareBytes, the program just crashes upon clicking Scan.

 

EDIT3: As of today, I still cannot access many of the files in C:\Program Files. There is also too few icons in the tray, meaning many of the services aren't even starting up. (?)

Attached Files


Edited by Zekira G. Drake, 10 February 2014 - 05:40 PM.


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 10 February 2014 - 06:01 PM

Hi Zekira G. Drake and Welcome to BleepingComputer.

I am currently looking though your logs and will advice you on what to do in my next reply.

Did you run FRST on the USB flash pen or install the program on your computer?


Can you please post me your FRST log and Eset log?


you can find the Eset log at "C:\Program Files\EsetOnlineScanner\log.txt".

Edited by seedy21, 10 February 2014 - 06:13 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 February 2014 - 06:25 AM

OK, will do.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014
Ran by Zekira Drake (administrator) on HEARTTRIO3 on 09-02-2014 22:44:38
Running from D:\IMPORTANTFORCOMP
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
( ) C:\Windows\SysWOW64\lxcrcoms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Windows\system32\atwtusb.exe
() C:\Windows\system32\atwtusb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\WTMKM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sysinternals - www.sysinternals.com) D:\IMPORTANTFORCOMP\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Zekira Drake\AppData\Local\Temp\procexp64.exe
(Sysinternals - www.sysinternals.com) D:\IMPORTANTFORCOMP\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Zekira Drake\AppData\Local\Temp\procexp64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [7319784 2010-12-24] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [NT Kernel Service] - C:\NTKernel\nt32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\.DEFAULT\...\CurrentVersion\Windows: [Load] C:\Users\Zekira Drake\Documents\315load32.exe <===== ATTENTION
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\MountPoints2: {65b4d321-7d95-11e2-bea1-00270e0c4ae9} - E:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\MountPoints2: {65b4d323-7d95-11e2-bea1-00270e0c4ae9} - E:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\MountPoints2: {b033cc96-5f16-11e2-9f2c-8de477bdd3d6} - F:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\MountPoints2: {b033cc9c-5f16-11e2-9f2c-8de477bdd3d6} - F:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\MountPoints2: {d719ce99-731b-11e2-b501-806e6f6e6963} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [243200 2014-02-01] () <==== ATTENTION
HKU\S-1-5-21-1224801478-1470400727-1307533331-1001\...\CurrentVersion\Windows: [Load] C:\NTKernel\nt32.exe <===== ATTENTION
HKU\S-1-5-21-1224801478-1470400727-1307533331-1001\...\MountPoints2: {b033cc96-5f16-11e2-9f2c-8de477bdd3d6} - F:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1001\...\MountPoints2: {b033cc9c-5f16-11e2-9f2c-8de477bdd3d6} - F:\AutoRun.exe
HKU\S-1-5-21-1224801478-1470400727-1307533331-1001\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [243200 2014-02-01] () <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\MSASCui.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\MsMpEng.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\msseces.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\NisSrv.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\Zekira Drake\Documents\315load32.exe
Startup: C:\Users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
Startup: C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
Startup: C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://godvillegame.com/superhero
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ph.msn.com/?rd=1&ucc=PH&dcc=PH&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0BC7880628F3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/
http://twitter.com/tooi_tokoro
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Zekira Drake\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://bm-dist.bmcdn.jp/bmcdndist/neffy/NeffyLauncher.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 124.106.6.134

FireFox:
========
FF ProfilePath: C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default
FF user.js: detected! => C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\user.js
FF DefaultSearchEngine: Claro Search
FF SelectedSearchEngine: Claro Search
FF Homepage: hxxp://tweetdeck.twitter.com/|https://www.facebook.com/|hxxp://godvillegame.com/superhero|hxxp://mail.yahoo.com|https://mail.google.com/|hxxp://www.shiftylook.com/comics/klonoa/|hxxp://nekousagiinunezumi.blog118.fc2.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: pmang.jp/pmangsupport-1 - D:\Kuroneko\GameOn\Common files\nppmangsupport.dll (gameon)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: ExHentai Easy - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack [2013-04-25]
FF Extension: New Tabs at the End - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\new-tabs-at-end@forerunnerdesigns.com [2013-01-15]
FF Extension: DownloadHelper - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Flashget Downloader Extension - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2013-01-16]
FF Extension: Firebug - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-15]
FF Extension: Furigana Injector - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\furiganainjector@yayakoshi.net.xpi [2013-02-03]
FF Extension: Imgur Uploader - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\giorgio@gilestro.tk.xpi [2013-04-13]
FF Extension: SmartVideo For YouTube - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\mytube@ashishmishra.in.xpi [2013-06-20]
FF Extension: NicoFox - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\nicofox@littlebtc.xpi [2013-01-15]
FF Extension: Photobucket Uploader - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\pbupload@photobucket.com.xpi [2013-01-15]
FF Extension: Element Properties - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\properties@darktrojan.net.xpi [2013-01-15]
FF Extension: Scriptish - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\scriptish@erikvold.com.xpi [2013-01-15]
FF Extension: YouTube to MP3 - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-04-14]
FF Extension: FlashGot - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-01-15]
FF Extension: DownThemAll! - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-29]
FF Extension: HTML Ruby - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{e10bc159-aa26-41d8-aa24-65de9464ca5a}.xpi [2013-02-04]
FF Extension: Greasemonkey - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-15]

Chrome:
=======
CHR HomePage: hxxp://godvillegame.com/superhero
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Drive) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-15]
CHR Extension: (YouTube) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-15]
CHR Extension: (Google Search) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-15]
CHR Extension: (Google Wallet) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-15]

==================== Services (Whitelisted) =================

R2 lxcr_device; C:\Windows\SysWOW64\lxcrcoms.exe [566192 2006-12-11] ( )
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTService; C:\Windows\system32\atwtusb.exe [914664 2011-01-26] ()

==================== Drivers (Whitelisted) ====================

R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0008.sys [28768 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-09 22:44 - 2014-02-09 22:44 - 00000000 ____D () C:\FRST
2014-02-09 22:29 - 2014-02-09 22:29 - 00000626 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 22:29 - 2014-02-09 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 22:29 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-09 22:25 - 2014-02-09 22:33 - 00000000 ____D () C:\Windows\pss
2014-02-09 22:19 - 2014-02-09 22:19 - 00000000 ____D () C:\Users\Blue\AppData\Roaming\Macromedia
2014-02-01 12:37 - 2014-02-01 12:37 - 00243200 ____N () C:\Program Files (x86)\wupdate.exe
2014-02-01 12:34 - 2014-02-09 22:41 - 00000000 ___HD () C:\NTKernel
2014-02-01 12:34 - 2014-02-01 12:33 - 00243200 __RSH () C:\Users\Zekira Drake\Documents\315load32.exe
2014-02-01 12:34 - 2014-02-01 12:33 - 00243200 __RSH () C:\Users\Blue\Documents\315load32.exe
2014-02-01 12:34 - 2014-02-01 12:33 - 00243200 __RSH () C:\ProgramData\load32.exe
2014-02-01 12:33 - 2014-02-01 12:42 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-01-20 20:49 - 2014-01-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 2400 Series
2014-01-20 20:41 - 2006-11-06 18:05 - 00305152 _____ ( ) C:\Windows\SysWOW64\LXCRhcp.dll
2014-01-20 20:36 - 2014-01-20 20:41 - 00002700 _____ () C:\lxcrcomx.log
2014-01-20 20:34 - 2006-12-11 12:12 - 00566192 _____ ( ) C:\Windows\SysWOW64\lxcrcoms.exe
2014-01-20 20:34 - 2006-12-11 12:12 - 00233392 _____ ( ) C:\Windows\SysWOW64\lxcrih.exe
2014-01-20 20:34 - 2006-12-11 12:12 - 00181168 _____ ( ) C:\Windows\SysWOW64\lxcrppls.exe
2014-01-20 20:34 - 2006-12-11 12:08 - 00002365 _____ () C:\Windows\SysWOW64\lxcr.loc
2014-01-20 20:34 - 2006-11-29 06:26 - 00091136 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsr.dll
2014-01-20 20:34 - 2006-11-29 06:26 - 00023040 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcur.dll
2014-01-20 20:34 - 2006-11-29 06:24 - 00131584 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrjswr.dll
2014-01-20 20:34 - 2006-11-29 06:22 - 00184320 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsb.dll
2014-01-20 20:34 - 2006-11-29 06:22 - 00067584 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcub.dll
2014-01-20 20:34 - 2006-11-29 06:21 - 00236032 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrins.dll
2014-01-20 20:34 - 2006-11-29 06:21 - 00097280 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcu.dll
2014-01-20 20:34 - 2006-11-29 06:20 - 00654336 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrutil.dll
2014-01-20 20:34 - 2006-11-28 05:57 - 00385024 _____ () C:\Windows\SysWOW64\lxcrcomx.dll
2014-01-20 20:34 - 2006-11-06 18:56 - 00409600 _____ ( ) C:\Windows\SysWOW64\lxcrpmui.dll
2014-01-20 20:34 - 2006-11-06 18:53 - 01417728 _____ ( ) C:\Windows\SysWOW64\lxcrserv.dll
2014-01-20 20:34 - 2006-11-06 18:38 - 00249856 _____ ( ) C:\Windows\SysWOW64\lxcrcomm.dll
2014-01-20 20:34 - 2006-11-06 18:34 - 00487424 _____ ( ) C:\Windows\SysWOW64\lxcrlmpm.dll
2014-01-20 20:34 - 2006-11-06 18:32 - 00194048 _____ () C:\Windows\SysWOW64\LXCRinst.dll
2014-01-20 20:34 - 2006-11-06 18:31 - 00226816 _____ ( ) C:\Windows\SysWOW64\lxcriesc.dll
2014-01-20 20:34 - 2006-11-06 18:27 - 00010752 _____ ( ) C:\Windows\SysWOW64\lxcrpplc.dll
2014-01-20 20:34 - 2006-11-06 18:25 - 00695808 _____ ( ) C:\Windows\SysWOW64\lxcrcomc.dll
2014-01-20 20:34 - 2006-11-06 18:24 - 00035328 _____ ( ) C:\Windows\SysWOW64\lxcrprox.dll
2014-01-20 20:34 - 2006-11-06 18:14 - 00238592 _____ ( ) C:\Windows\SysWOW64\lxcrinpa.dll
2014-01-20 20:34 - 2006-11-06 18:12 - 01099264 _____ ( ) C:\Windows\SysWOW64\lxcrusb1.dll
2014-01-20 20:34 - 2006-09-06 06:11 - 00064512 _____ (Lexmark International) C:\Windows\SysWOW64\LXCRcfg.dll
2014-01-20 20:34 - 2006-05-09 17:11 - 00983107 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lxcrgf.dll
2014-01-20 20:34 - 2006-02-07 19:47 - 00535647 _____ () C:\Windows\SysWOW64\lxcrhelp.chm
2014-01-20 20:18 - 2014-01-20 20:34 - 00000000 ____D () C:\Program Files (x86) (x86)
2014-01-17 11:08 - 2014-01-17 11:08 - 00000000 ____D () C:\Windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 11:03 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-17 11:03 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 11:03 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-09 22:44 - 2014-02-09 22:44 - 00000000 ____D () C:\FRST
2014-02-09 22:42 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 22:42 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 22:41 - 2014-02-01 12:34 - 00000000 ___HD () C:\NTKernel
2014-02-09 22:38 - 2013-01-15 21:24 - 01555083 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 22:36 - 2013-12-31 14:26 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-02-09 22:35 - 2013-01-16 01:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-09 22:35 - 2009-07-14 12:51 - 00099044 _____ () C:\Windows\setupact.log
2014-02-09 22:35 - 2009-07-14 10:34 - 00000493 _____ () C:\Windows\win.ini
2014-02-09 22:33 - 2014-02-09 22:25 - 00000000 ____D () C:\Windows\pss
2014-02-09 22:33 - 2013-01-16 09:07 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-02-09 22:29 - 2014-02-09 22:29 - 00000626 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-09 22:29 - 2014-02-09 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 22:19 - 2014-02-09 22:19 - 00000000 ____D () C:\Users\Blue\AppData\Roaming\Macromedia
2014-02-09 22:19 - 2013-12-24 15:54 - 00000000 ___RD () C:\Users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-09 22:17 - 2010-11-21 11:47 - 00992438 _____ () C:\Windows\PFRO.log
2014-02-07 20:22 - 2013-01-15 23:38 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Dropbox
2014-02-02 08:55 - 2013-01-21 21:38 - 00423998 _____ () C:\Windows\system32\perfh011.dat
2014-02-02 08:55 - 2013-01-21 21:38 - 00127128 _____ () C:\Windows\system32\perfc011.dat
2014-02-02 08:55 - 2013-01-16 08:27 - 00435644 _____ () C:\Windows\system32\perfh012.dat
2014-02-02 08:55 - 2013-01-16 08:27 - 00125412 _____ () C:\Windows\system32\perfc012.dat
2014-02-02 08:55 - 2009-07-14 13:13 - 01865548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 02:34 - 2013-01-15 23:40 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\uTorrent
2014-02-02 02:33 - 2013-01-16 00:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 02:28 - 2013-01-15 23:31 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA.job
2014-02-01 20:28 - 2013-01-15 23:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core.job
2014-02-01 12:42 - 2014-02-01 12:33 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-02-01 12:37 - 2014-02-01 12:37 - 00243200 ____N () C:\Program Files (x86)\wupdate.exe
2014-02-01 12:37 - 2013-01-15 21:41 - 00116288 _____ () C:\Users\Zekira Drake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 12:35 - 2013-02-01 20:41 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-02-01 12:34 - 2013-01-15 21:25 - 00000000 ___RD () C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-01 12:33 - 2014-02-01 12:34 - 00243200 __RSH () C:\Users\Zekira Drake\Documents\315load32.exe
2014-02-01 12:33 - 2014-02-01 12:34 - 00243200 __RSH () C:\Users\Blue\Documents\315load32.exe
2014-02-01 12:33 - 2014-02-01 12:34 - 00243200 __RSH () C:\ProgramData\load32.exe
2014-02-01 10:54 - 2013-05-26 19:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 10:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 11:50 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-31 10:34 - 2013-01-15 23:44 - 00002409 _____ () C:\Users\Zekira Drake\Desktop\Google Chrome.lnk
2014-01-25 19:09 - 2013-01-16 00:41 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Local\Paint.NET
2014-01-20 21:01 - 2013-01-25 16:29 - 00042447 _____ () C:\lxcr.log
2014-01-20 20:50 - 2013-01-25 16:19 - 00019544 _____ () C:\Windows\SysWOW64\LexFiles.ulf
2014-01-20 20:49 - 2014-01-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 2400 Series
2014-01-20 20:41 - 2014-01-20 20:36 - 00002700 _____ () C:\lxcrcomx.log
2014-01-20 20:34 - 2014-01-20 20:18 - 00000000 ____D () C:\Program Files (x86) (x86)
2014-01-20 20:27 - 2013-01-25 16:36 - 00000000 ____D () C:\Program Files\lx_cats
2014-01-19 15:33 - 2010-11-21 11:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 10:27 - 2009-07-14 12:45 - 05073080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 11:08 - 2014-01-17 11:08 - 00000000 ____D () C:\Windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 11:07 - 2013-07-14 07:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 11:04 - 2013-01-16 01:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 10:58 - 2013-01-16 00:31 - 00001040 _____ () C:\Users\Zekira Drake\Desktop\Dropbox.lnk
2014-01-17 10:58 - 2013-01-16 00:29 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-12 21:39 - 2013-09-19 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Files to move or delete:
====================
C:\ProgramData\load32.exe


Some content of TEMP:
====================
C:\Users\Zekira Drake\AppData\Local\Temp\bdfilters.dll
C:\Users\Zekira Drake\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Zekira Drake\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\falad4pr.dll
C:\Users\Zekira Drake\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Zekira Drake\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Zekira Drake\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Zekira Drake\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Zekira Drake\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Zekira Drake\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Zekira Drake\AppData\Local\Temp\mkal1i45.dll
C:\Users\Zekira Drake\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Zekira Drake\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Zekira Drake\AppData\Local\Temp\nvStInst.exe
C:\Users\Zekira Drake\AppData\Local\Temp\oi_{BB5DEEC8-34B7-483E-B567-0491866CF7A8}.exe
C:\Users\Zekira Drake\AppData\Local\Temp\procexp64.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ResetDevice.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-6.7.0.311-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-7.0.1.351-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-7.1.0.386-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-7.1.1.390-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-7.2.0.436-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-8.0.0.463-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-8.1.1.584-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\ShareX-8.2.0.655-setup.exe
C:\Users\Zekira Drake\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Zekira Drake\AppData\Local\Temp\utt95B2.tmp.exe
C:\Users\Zekira Drake\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Zekira Drake\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 13:29

==================== End Of Log ============================

 

 

 

 

 

ESET

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b2ba1d94dbc0b646ae7658166d78c473
# engine=17003
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-09 05:20:59
# local_time=2014-02-10 01:20:59 (+0800, China Standard Time)
# country="Republic of the Philippines"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17441643 143596309 0 0
# scanned=660724
# found=10
# cleaned=8
# scan_time=8182
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan" ac=I fn="C:\Users\All Users\load32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\Documents\315load32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\NTKernel\nt32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\wupdate.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\ProgramData\load32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Blue\Documents\315load32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Zekira Drake\AppData\Local\Temp\7867"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Zekira Drake\Documents\315load32.exe"
sh=9D41F53F25A9A52CEC5AE9C7F6208B0583B556F8 ft=1 fh=a11633f6492b9c77 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\Documents\315load32.exe"
sh=A6FA31850989D5C47CE7AEECFEA79E9F772AA015 ft=1 fh=361cef5b3e77e4b9 vn="a variant of MSIL/Injector.CQG trojan (cleaned by deleting - quarantined)" ac=C fn="D:\DLSite.com\R-18\(?????) [2014-01-24][RJ128317][sol-fa-soft] ?????????????????2 (files)\(?????) [2014-01-24][RJ128317][sol-fa-soft] ?????????????????2 (files)\??2.exe"
 

 

 

 

 

There are the logs.

 

Oh, and sorry for cutting through ahead, but I was able to run ComboFix yesterday and let it run. I believe it didn't detect anything (at least judging from the logs), but at least it run now.

 

I could also run MalwareBytes Anti-Malware now, but when I click Scan I get the "Run-time Error 13: Type mismatch" and the program crashes.

 

 

 

 

So I guess that the suspicious startup files have gone away somehow, but I still do not have full permissions on my Program Files folders (especially Microsoft Security Essentials folder) and my tray icons are still very few, as well as my startup being TOO FAST meaning that my startup programs aren't even launching. I think my Startup configuration is majorly screwed up somehow, and I don't know if there's a way to recover that...



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 11 February 2014 - 10:36 AM

Hi Zekira G. Drake
 

Oh, and sorry for cutting through ahead, but I was able to run ComboFix yesterday and let it run.


Please refrain from running any tools unless I have advised you to do it.

As you have already run Combofix I am going to need to see the log it makes.

ComboFix's log shall be located a C:\COMBOFIX.TXT

Edited by seedy21, 11 February 2014 - 10:43 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 11 February 2014 - 10:51 AM

Yes and that's why I apologized in advance; I've had some experience busting viruses and malware on my own before, so I was just curious of stuff that works. I know I should have waited though.

 

ComboFix.txt

 

ComboFix 14-02-05.02 - Zekira Drake 02/11/2014   0:04.2.4 - x64 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.63.1033.18.3957.2897 [GMT 8:00]
Running from: d:\importantforcomp\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-10 to 2014-02-10  )))))))))))))))))))))))))))))))
.
.
2014-02-10 16:07 . 2014-02-10 16:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-10 16:07 . 2014-02-10 16:07    --------    d-----w-    c:\users\Blue\AppData\Local\temp
2014-02-09 21:41 . 2014-02-09 21:59    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-09 21:39 . 2014-02-09 21:39    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-02-09 15:00 . 2014-02-09 15:00    --------    d-----w-    c:\program files (x86)\ESET
2014-02-09 14:44 . 2014-02-09 14:45    --------    d-----w-    C:\FRST
2014-02-09 14:29 . 2014-02-09 14:29    --------    d-----w-    c:\programdata\Malwarebytes
2014-02-01 04:34 . 2014-02-09 17:20    --------    d-----w-    C:\NTKernel
2014-02-01 04:33 . 2014-02-01 04:42    --------    d-----w-    c:\users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-02-01 03:00 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A416183E-D57E-4F48-863C-C84AA1FDB122}\mpengine.dll
2014-01-31 02:37 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-24 12:15 . 2013-10-18 12:12    965000    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{438D743A-AB26-4EFF-B8D9-364F11E7BBB1}\gapaengine.dll
2014-01-20 12:50 . 2006-11-26 19:55    144896    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\lxcrpp6c.dll
2014-01-20 12:49 . 2014-01-20 12:49    --------    d-----w-    c:\program files (x86)\Lexmark 2400 Series
2014-01-20 12:41 . 2006-11-06 10:05    305152    ----a-w-    c:\windows\SysWow64\LXCRhcp.dll
2014-01-17 03:08 . 2014-01-17 03:08    --------    d-----w-    c:\windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 03:03 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-17 03:03 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-17 03:03 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-17 03:03 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-17 03:03 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-17 03:03 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-17 03:03 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-17 03:03 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-17 03:03 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:33 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-17 03:04 . 2013-01-15 17:17    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-31 06:28 . 2013-12-31 06:28    28768    ----a-w-    c:\windows\system32\drivers\Neo_0008.sys
2013-12-31 06:27 . 2013-12-31 06:27    135736    ----a-w-    c:\windows\system32\vpncmd.exe
2013-12-14 00:33 . 2013-01-15 16:20    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-14 00:33 . 2013-01-15 16:20    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13 . 2013-12-20 18:33    982232    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-12-20 18:33    1100248    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-12-20 18:31    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-12-05 08:42 . 2013-12-20 18:31    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-12-05 08:42 . 2013-08-29 15:03    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-11-26 11:54 . 2013-12-13 13:51    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-13 13:51    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-13 13:51    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-13 13:51    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-13 13:51    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-13 13:51    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-13 13:51    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-13 13:51    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-13 13:51    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-13 13:51    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-13 13:51    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-13 13:51    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-13 13:51    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-13 13:51    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-13 13:51    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-13 13:51    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-13 13:51    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-13 13:51    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-13 13:51    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-13 13:51    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-13 13:51    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-13 13:51    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-13 13:51    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-13 13:51    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-24 01:32 . 2013-11-24 01:32    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-24 01:32 . 2013-11-24 01:32    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-24 01:32 . 2013-11-24 01:32    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-24 01:32 . 2013-11-24 01:32    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-24 01:32 . 2013-11-24 01:32    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-24 01:32 . 2013-11-24 01:32    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-24 01:32 . 2013-11-24 01:32    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-24 01:32 . 2013-11-24 01:32    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-24 01:32 . 2013-11-24 01:32    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-24 01:32 . 2013-11-24 01:32    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-24 01:32 . 2013-11-24 01:32    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-24 01:32 . 2013-11-24 01:32    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-24 01:32 . 2013-11-24 01:32    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-24 01:32 . 2013-11-24 01:32    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-24 01:32 . 2013-11-24 01:32    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-24 01:32 . 2013-11-24 01:32    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-24 01:32 . 2013-11-24 01:32    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-24 01:32 . 2013-11-24 01:32    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-24 01:32 . 2013-11-24 01:32    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-24 01:32 . 2013-11-24 01:32    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-24 01:32 . 2013-11-24 01:32    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-24 01:32 . 2013-11-24 01:32    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-24 01:32 . 2013-11-24 01:32    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-24 01:32 . 2013-11-24 01:32    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-24 01:32 . 2013-11-24 01:32    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-24 01:32 . 2013-11-24 01:32    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-24 01:32 . 2013-11-24 01:32    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-24 01:32 . 2013-11-24 01:32    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-24 01:32 . 2013-11-24 01:32    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-24 01:32 . 2013-11-24 01:32    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-24 01:32 . 2013-11-24 01:32    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-24 01:32 . 2013-11-24 01:32    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-24 01:32 . 2013-11-24 01:32    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-24 01:32 . 2013-11-24 01:32    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-24 01:32 . 2013-11-24 01:32    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-24 01:32 . 2013-11-24 01:32    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-24 01:32 . 2013-11-24 01:32    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-24 01:32 . 2013-11-24 01:32    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-24 01:32 . 2013-11-24 01:32    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-24 01:32 . 2013-11-24 01:32    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-24 01:32 . 2013-11-24 01:32    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-24 01:32 . 2013-11-24 01:32    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-24 01:32 . 2013-11-24 01:32    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-24 01:32 . 2013-11-24 01:32    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-24 01:32 . 2013-11-24 01:32    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-24 01:32 . 2013-11-24 01:32    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-24 01:32 . 2013-11-24 01:32    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-24 01:32 . 2013-11-24 01:32    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-24 01:32 . 2013-11-24 01:32    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-24 01:32 . 2013-11-24 01:32    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-24 01:32 . 2013-11-24 01:32    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-24 01:32 . 2013-11-24 01:32    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-24 01:32 . 2013-11-24 01:32    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-24 01:32 . 2013-11-24 01:32    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-24 01:32 . 2013-11-24 01:32    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-24 01:32 . 2013-11-24 01:32    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-24 01:32 . 2013-11-24 01:32    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-24 01:32 . 2013-11-24 01:32    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-24 01:32 . 2013-11-24 01:32    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-23 18:26 . 2013-12-13 13:45    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-13 13:45    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Zekira Drake\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Zekira Drake\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Zekira Drake\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Zekira Drake\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="d:\malwarebytes' anti-malware\mbamgui.exe" [2013-04-04 532040]
.
c:\users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Update.Microsoft.com.url [2014-2-1 46]
.
c:\users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Update.Microsoft.com.url [2014-2-9 46]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\program files\SoftEther VPN Client\vpncmgr_x64.exe /startup [2013-12-31 4498488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 SEVPNCLIENT;SoftEther VPN Client;c:\program files\SoftEther VPN Client\vpnclient_x64.exe;c:\program files\SoftEther VPN Client\vpnclient_x64.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0008.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0008.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 00:33]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core.job
- c:\users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 15:31]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA.job
- c:\users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15 15:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacrokeyManager"="WTMKM.exe" [2010-12-24 7319784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"SoftEther VPN Client UI Helper"="c:\program files\SoftEther VPN Client\vpnclient_x64.exe" [2013-12-31 4308024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://godvillegame.com/superhero
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download all links by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - c:\program files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 124.106.6.134
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://bm-dist.bmcdn.jp/bmcdndist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\
FF - prefs.js: browser.search.selectedEngine - Claro Search
FF - prefs.js: browser.startup.homepage - hxxp://tweetdeck.twitter.com/|https://www.facebook.com/|http://godvillegame.com/superhero|http://mail.yahoo.com|https://mail.google.com/|http://www.shiftylook.com/comics/klonoa/|http://nekousagiinunezumi.blog118.fc2.com/
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 3061d10c00000000000000270e0c4ae9
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15698
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.100:01
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - claro
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Pmang - c:\windows\PmangDownloader.exe
AddRemove-Pmang_common - c:\windows\PmangDownloader.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows NT\CurrentVersion\Windows]
@Denied: (A C D 2 3) (Everyone)
"UserSelectedDefault"=dword:00000000
"Device"="Microsoft XPS Document Writer,winspool,Ne00:"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@Denied: (A C D 2 3) (Everyone)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"ParseAutoexec"="1"
"shell"="explorer.exe"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
@DACL=(02 0000)
@="Dropbox Autoplay COM Server"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}]
@DACL=(02 0000)
@="Plugin for Wacom tablets."
"AppID"="{B415CD14-B45D-4BCA-B552-B06175C38606}"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
@DACL=(02 0000)
@="DropboxExt"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-11  00:09:01
ComboFix-quarantined-files.txt  2014-02-10 16:09
ComboFix2.txt  2014-02-10 15:42
.
Pre-Run: 36,617,809,920 bytes free
Post-Run: 36,514,934,784 bytes free
.
- - End Of File - - BDC852E5EEC3D2805EA8F0036B1BA3FA
A36C5E4F47E84449FF07ED3517B43A31
 



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 11 February 2014 - 02:14 PM

Hi Zekira G. Drake

Step 1

Malwarebytes Anti-Rootkit Tool....

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image4.png

7. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

8. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

9. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
10. If no threats were found you will see the following image, Select Exit:

Image6.png

11. Verify that your system is now running normally, making sure that the following items are functional:
  • Internet access
  • Windows Update
  • Windows Firewall
12. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

Image7.png

13. The following Window will open, Select "Y" from your Keyboard, tap Enter.

Image8.png

14. The fix will be applied, select any key to Exit.

Image9.png

15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png

Step 2

We need to re-run Farbar Recovery Scan Tool
  • Double Click the Program to Run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 February 2014 - 07:27 AM

mbar log

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Zekira Drake :: HEARTTRIO3 [administrator]

2/12/2014 20:04:49
mbar-log-2014-02-12 (20-04-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 265493
Time elapsed: 9 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

system-log.txt

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Non-administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 4149608448, free: 1286189056

Downloaded database version: v2014.02.09.06
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     02/10/2014 05:41:06
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0008.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\wachidrouter.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\wacomrouterfilter.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\Drivers\PROCEXP152.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\difxapi.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048de060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa800467a060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048deb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004617e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800467a060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 165E165D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 204796557
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204796620  Numsec = 771955380

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Infected: C:\Users\Zekira Drake\AppData\Local\Temp\NODA677.tmp --> [Trojan.MSIL]
Infected: C:\Users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url --> [Trojan.Agent]
Infected: C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url --> [Trojan.Agent]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avcenter.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avconfig.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgcsrvx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgnt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgrsx.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avguard.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avgwdsvc.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\avscan.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ccuac.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ComboFix.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\hijackthis.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\keyscrambler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbam.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamgui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbampt.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamscheduler.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\mbamservice.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MpCmdRun.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\msseces.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\rstrui.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\spybotsd.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\wireshark.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\zlclient.exe --> [Security.Hijack]
Scan finished
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 4149608448, free: 2269138944

Downloaded database version: v2014.02.09.07
Downloaded database version: v2014.02.10.01
Downloaded database version: v2014.02.10.02
Downloaded database version: v2014.02.10.03
Downloaded database version: v2014.02.10.04
Downloaded database version: v2014.02.10.05
Downloaded database version: v2014.02.10.06
Downloaded database version: v2014.02.10.07
=======================================
Initializing...
------------ Kernel report ------------
     02/11/2014 06:16:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0008.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048e0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa80044f6680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048e0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048e0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048e0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80044fa520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044f6680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 165E165D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 204796557
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204796620  Numsec = 771955380

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Infected: C:\Users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url --> [Trojan.Agent]
Infected: C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 4149608448, free: 1479970816

Downloaded database version: v2014.02.10.08
Downloaded database version: v2014.02.10.09
Downloaded database version: v2014.02.11.01
Downloaded database version: v2014.02.11.02
Downloaded database version: v2014.02.11.03
Downloaded database version: v2014.02.11.04
Downloaded database version: v2014.02.11.05
Downloaded database version: v2014.02.11.06
Downloaded database version: v2014.02.11.07
Downloaded database version: v2014.02.11.08
Downloaded database version: v2014.02.11.09
Downloaded database version: v2014.02.12.01
Downloaded database version: v2014.02.12.02
Downloaded database version: v2014.02.12.03
Downloaded database version: v2014.02.12.04
=======================================
Initializing...
------------ Kernel report ------------
     02/12/2014 20:04:44
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1k62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\Neo_0008.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\setupapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80048dc060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8004673680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80048dc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048dcb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80048dc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004677520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004673680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 165E165D

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 204796557
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204796620  Numsec = 771955380

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Zekira Drake (administrator) on HEARTTRIO3 on 12-02-2014 20:21:22
Running from D:\IMPORTANTFORCOMP
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
( ) C:\Windows\SysWOW64\lxcrcoms.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\Windows\system32\atwtusb.exe
() C:\Windows\system32\atwtusb.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) D:\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\System32\WTMKM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Users\Zekira Drake\AppData\Local\Temp\{6EF394D2-75F8-40E9-9547-ED09D1E3C92F}\InstallFlashPlayer.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [7319784 2010-12-24] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [SoftEther VPN Client UI Helper] - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://godvillegame.com/superhero
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0BC7880628F3CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fil
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Zekira Drake\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://bm-dist.bmcdn.jp/bmcdndist/neffy/NeffyLauncher.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 124.106.6.134

FireFox:
========
FF ProfilePath: C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default
FF user.js: detected! => C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\user.js
FF DefaultSearchEngine: Claro Search
FF SelectedSearchEngine: Claro Search
FF Homepage: hxxp://tweetdeck.twitter.com/|https://www.facebook.com/|hxxp://godvillegame.com/superhero|hxxp://mail.yahoo.com|https://mail.google.com/|hxxp://www.shiftylook.com/comics/klonoa/|hxxp://nekousagiinunezumi.blog118.fc2.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: pmang.jp/pmangsupport-1 - D:\Kuroneko\GameOn\Common files\nppmangsupport.dll (gameon)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: ExHentai Easy - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack [2013-04-25]
FF Extension: New Tabs at the End - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\new-tabs-at-end@forerunnerdesigns.com [2013-01-15]
FF Extension: DownloadHelper - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-27]
FF Extension: Flashget Downloader Extension - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2013-01-16]
FF Extension: Firebug - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\firebug@software.joehewitt.com.xpi [2013-01-15]
FF Extension: Furigana Injector - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\furiganainjector@yayakoshi.net.xpi [2013-02-03]
FF Extension: Imgur Uploader - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\giorgio@gilestro.tk.xpi [2013-04-13]
FF Extension: SmartVideo For YouTube - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\mytube@ashishmishra.in.xpi [2013-06-20]
FF Extension: NicoFox - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\nicofox@littlebtc.xpi [2013-01-15]
FF Extension: Photobucket Uploader - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\pbupload@photobucket.com.xpi [2013-01-15]
FF Extension: Element Properties - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\properties@darktrojan.net.xpi [2013-01-15]
FF Extension: Scriptish - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\scriptish@erikvold.com.xpi [2013-01-15]
FF Extension: YouTube to MP3 - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-04-14]
FF Extension: FlashGot - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-01-15]
FF Extension: DownThemAll! - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-29]
FF Extension: HTML Ruby - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{e10bc159-aa26-41d8-aa24-65de9464ca5a}.xpi [2013-02-04]
FF Extension: Greasemonkey - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-15]

Chrome:
=======
CHR HomePage: hxxp://godvillegame.com/superhero
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Google Update) - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-15]
CHR Extension: (Google Drive) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-15]
CHR Extension: (YouTube) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-15]
CHR Extension: (Google Search) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-15]
CHR Extension: (Google Wallet) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-15]

==================== Services (Whitelisted) =================

R2 lxcr_device; C:\Windows\SysWOW64\lxcrcoms.exe [566192 2006-12-11] ( )
R2 MBAMScheduler; D:\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; D:\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-26] (CACE Technologies, Inc.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 WTService; C:\Windows\system32\atwtusb.exe [914664 2011-01-26] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-09] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0008.sys [28768 2013-12-31] (SoftEther Project at University of Tsukuba, Japan.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 06:38 - 2014-02-11 06:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-11 06:16 - 2014-02-12 20:04 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-11 06:14 - 2014-02-12 20:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-11 06:13 - 2014-02-11 06:13 - 00000626 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 06:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 00:09 - 2014-02-11 00:09 - 00031762 _____ () C:\ComboFix.txt
2014-02-10 23:59 - 2014-02-10 23:59 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Malwarebytes
2014-02-10 23:32 - 2014-02-11 00:09 - 00000000 ____D () C:\Qoobox
2014-02-10 23:32 - 2014-02-10 23:40 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 23:32 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-10 23:32 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-10 23:32 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-10 23:32 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-10 23:32 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-10 23:32 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-10 23:32 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-10 23:32 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-10 19:53 - 2014-02-10 19:53 - 00013542 _____ () C:\Users\Zekira Drake\Desktop\attach.txt
2014-02-10 19:53 - 2014-02-10 19:52 - 00017710 _____ () C:\Users\Zekira Drake\Desktop\dds.txt
2014-02-10 06:00 - 2014-02-10 06:01 - 00002954 _____ () C:\Users\Zekira Drake\Desktop\Rkill.txt
2014-02-10 05:41 - 2014-02-12 20:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-09 23:00 - 2014-02-09 23:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-09 22:44 - 2014-02-12 20:21 - 00000000 ____D () C:\FRST
2014-02-09 22:29 - 2014-02-09 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 22:25 - 2014-02-11 05:38 - 00000000 ____D () C:\Windows\pss
2014-02-09 22:19 - 2014-02-09 22:19 - 00000000 ____D () C:\Users\Blue\AppData\Roaming\Macromedia
2014-02-01 12:34 - 2014-02-10 01:20 - 00000000 ____D () C:\NTKernel
2014-02-01 12:33 - 2014-02-01 12:42 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-01-20 20:49 - 2014-01-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 2400 Series
2014-01-20 20:41 - 2006-11-06 18:05 - 00305152 _____ ( ) C:\Windows\SysWOW64\LXCRhcp.dll
2014-01-20 20:36 - 2014-01-20 20:41 - 00002700 _____ () C:\lxcrcomx.log
2014-01-20 20:34 - 2006-12-11 12:12 - 00566192 _____ ( ) C:\Windows\SysWOW64\lxcrcoms.exe
2014-01-20 20:34 - 2006-12-11 12:12 - 00233392 _____ ( ) C:\Windows\SysWOW64\lxcrih.exe
2014-01-20 20:34 - 2006-12-11 12:12 - 00181168 _____ ( ) C:\Windows\SysWOW64\lxcrppls.exe
2014-01-20 20:34 - 2006-12-11 12:08 - 00002365 _____ () C:\Windows\SysWOW64\lxcr.loc
2014-01-20 20:34 - 2006-11-29 06:26 - 00091136 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsr.dll
2014-01-20 20:34 - 2006-11-29 06:26 - 00023040 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcur.dll
2014-01-20 20:34 - 2006-11-29 06:24 - 00131584 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrjswr.dll
2014-01-20 20:34 - 2006-11-29 06:22 - 00184320 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrinsb.dll
2014-01-20 20:34 - 2006-11-29 06:22 - 00067584 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcub.dll
2014-01-20 20:34 - 2006-11-29 06:21 - 00236032 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrins.dll
2014-01-20 20:34 - 2006-11-29 06:21 - 00097280 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrcu.dll
2014-01-20 20:34 - 2006-11-29 06:20 - 00654336 _____ (Lexmark International, Inc.) C:\Windows\SysWOW64\lxcrutil.dll
2014-01-20 20:34 - 2006-11-28 05:57 - 00385024 _____ () C:\Windows\SysWOW64\lxcrcomx.dll
2014-01-20 20:34 - 2006-11-06 18:56 - 00409600 _____ ( ) C:\Windows\SysWOW64\lxcrpmui.dll
2014-01-20 20:34 - 2006-11-06 18:53 - 01417728 _____ ( ) C:\Windows\SysWOW64\lxcrserv.dll
2014-01-20 20:34 - 2006-11-06 18:38 - 00249856 _____ ( ) C:\Windows\SysWOW64\lxcrcomm.dll
2014-01-20 20:34 - 2006-11-06 18:34 - 00487424 _____ ( ) C:\Windows\SysWOW64\lxcrlmpm.dll
2014-01-20 20:34 - 2006-11-06 18:32 - 00194048 _____ () C:\Windows\SysWOW64\LXCRinst.dll
2014-01-20 20:34 - 2006-11-06 18:31 - 00226816 _____ ( ) C:\Windows\SysWOW64\lxcriesc.dll
2014-01-20 20:34 - 2006-11-06 18:27 - 00010752 _____ ( ) C:\Windows\SysWOW64\lxcrpplc.dll
2014-01-20 20:34 - 2006-11-06 18:25 - 00695808 _____ ( ) C:\Windows\SysWOW64\lxcrcomc.dll
2014-01-20 20:34 - 2006-11-06 18:24 - 00035328 _____ ( ) C:\Windows\SysWOW64\lxcrprox.dll
2014-01-20 20:34 - 2006-11-06 18:14 - 00238592 _____ ( ) C:\Windows\SysWOW64\lxcrinpa.dll
2014-01-20 20:34 - 2006-11-06 18:12 - 01099264 _____ ( ) C:\Windows\SysWOW64\lxcrusb1.dll
2014-01-20 20:34 - 2006-09-06 06:11 - 00064512 _____ (Lexmark International) C:\Windows\SysWOW64\LXCRcfg.dll
2014-01-20 20:34 - 2006-05-09 17:11 - 00983107 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lxcrgf.dll
2014-01-20 20:34 - 2006-02-07 19:47 - 00535647 _____ () C:\Windows\SysWOW64\lxcrhelp.chm
2014-01-20 20:18 - 2014-01-20 20:34 - 00000000 ____D () C:\Program Files (x86) (x86)
2014-01-17 11:08 - 2014-01-17 11:08 - 00000000 ____D () C:\Windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 11:03 - 2013-11-27 09:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-17 11:03 - 2013-11-27 09:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-17 11:03 - 2013-11-26 19:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 11:03 - 2013-11-26 18:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-12 20:21 - 2014-02-09 22:44 - 00000000 ____D () C:\FRST
2014-02-12 20:21 - 2013-01-15 21:24 - 01787232 _____ () C:\Windows\WindowsUpdate.log
2014-02-12 20:16 - 2014-02-10 05:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-12 20:04 - 2014-02-11 06:16 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-12 20:02 - 2014-02-11 06:14 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-12 20:01 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-12 20:01 - 2009-07-14 12:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-12 19:55 - 2013-12-31 14:26 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-02-12 19:54 - 2013-01-16 01:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 19:54 - 2009-07-14 12:51 - 00099716 _____ () C:\Windows\setupact.log
2014-02-12 19:54 - 2009-07-14 10:34 - 00000493 _____ () C:\Windows\win.ini
2014-02-11 21:33 - 2013-05-26 19:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-11 19:17 - 2013-01-16 09:06 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-11 06:41 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-11 06:38 - 2014-02-11 06:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-02-11 06:26 - 2013-12-24 15:54 - 00000000 ___RD () C:\Users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 06:26 - 2013-01-15 21:25 - 00000000 ___RD () C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-11 06:13 - 2014-02-11 06:13 - 00000626 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 05:38 - 2014-02-09 22:25 - 00000000 ____D () C:\Windows\pss
2014-02-11 05:38 - 2010-11-21 11:47 - 00993868 _____ () C:\Windows\PFRO.log
2014-02-11 00:09 - 2014-02-11 00:09 - 00031762 _____ () C:\ComboFix.txt
2014-02-11 00:09 - 2014-02-10 23:32 - 00000000 ____D () C:\Qoobox
2014-02-11 00:07 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-10 23:59 - 2014-02-10 23:59 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Malwarebytes
2014-02-10 23:42 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Default
2014-02-10 23:40 - 2014-02-10 23:32 - 00000000 ____D () C:\Windows\erdnt
2014-02-10 22:09 - 2013-01-21 21:38 - 00423998 _____ () C:\Windows\system32\perfh011.dat
2014-02-10 22:09 - 2013-01-21 21:38 - 00127128 _____ () C:\Windows\system32\perfc011.dat
2014-02-10 22:09 - 2013-01-16 08:27 - 00435644 _____ () C:\Windows\system32\perfh012.dat
2014-02-10 22:09 - 2013-01-16 08:27 - 00125412 _____ () C:\Windows\system32\perfc012.dat
2014-02-10 22:09 - 2009-07-14 13:13 - 01865548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-10 19:53 - 2014-02-10 19:53 - 00013542 _____ () C:\Users\Zekira Drake\Desktop\attach.txt
2014-02-10 19:52 - 2014-02-10 19:53 - 00017710 _____ () C:\Users\Zekira Drake\Desktop\dds.txt
2014-02-10 06:01 - 2014-02-10 06:00 - 00002954 _____ () C:\Users\Zekira Drake\Desktop\Rkill.txt
2014-02-10 01:20 - 2014-02-01 12:34 - 00000000 ____D () C:\NTKernel
2014-02-09 23:00 - 2014-02-09 23:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-09 22:33 - 2013-01-16 09:07 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-02-09 22:29 - 2014-02-09 22:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-09 22:19 - 2014-02-09 22:19 - 00000000 ____D () C:\Users\Blue\AppData\Roaming\Macromedia
2014-02-07 20:22 - 2013-01-15 23:38 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Dropbox
2014-02-02 02:34 - 2013-01-15 23:40 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\uTorrent
2014-02-02 02:33 - 2013-01-16 00:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 02:28 - 2013-01-15 23:31 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA.job
2014-02-01 20:28 - 2013-01-15 23:31 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core.job
2014-02-01 12:42 - 2014-02-01 12:33 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
2014-02-01 12:37 - 2013-01-15 21:41 - 00116288 _____ () C:\Users\Zekira Drake\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 12:35 - 2013-02-01 20:41 - 00000000 ____D () C:\Program Files (x86)\Xvid
2014-02-01 10:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 11:50 - 2009-07-14 11:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-31 10:34 - 2013-01-15 23:44 - 00002409 _____ () C:\Users\Zekira Drake\Desktop\Google Chrome.lnk
2014-01-25 19:09 - 2013-01-16 00:41 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Local\Paint.NET
2014-01-20 21:01 - 2013-01-25 16:29 - 00042447 _____ () C:\lxcr.log
2014-01-20 20:50 - 2013-01-25 16:19 - 00019544 _____ () C:\Windows\SysWOW64\LexFiles.ulf
2014-01-20 20:49 - 2014-01-20 20:49 - 00000000 ____D () C:\Program Files (x86)\Lexmark 2400 Series
2014-01-20 20:41 - 2014-01-20 20:36 - 00002700 _____ () C:\lxcrcomx.log
2014-01-20 20:34 - 2014-01-20 20:18 - 00000000 ____D () C:\Program Files (x86) (x86)
2014-01-20 20:27 - 2013-01-25 16:36 - 00000000 ____D () C:\Program Files\lx_cats
2014-01-19 15:33 - 2010-11-21 11:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 10:27 - 2009-07-14 12:45 - 05073080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 11:08 - 2014-01-17 11:08 - 00000000 ____D () C:\Windows\Temp9EF5B21D-2BFF-7DD6-59B2-5E1A2F666FB7-Signatures
2014-01-17 11:07 - 2013-07-14 07:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 11:04 - 2013-01-16 01:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 10:58 - 2013-01-16 00:31 - 00001040 _____ () C:\Users\Zekira Drake\Desktop\Dropbox.lnk
2014-01-17 10:58 - 2013-01-16 00:29 - 00000000 ____D () C:\Users\Zekira Drake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Zekira Drake\AppData\Local\Temp\BA1AF0E7-6FC2-42AA-B0E7-3A0D5FB2FDF8.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-31 13:29

==================== End Of Log ============================

 

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Zekira Drake at 2014-02-12 20:21:41
Running from D:\IMPORTANTFORCOMP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Anime Studio Debut 8.2 (x32 Version: 8.2 - Smith Micro Software, Inc.)
ASIO4ALL (x32 Version: 2.10 - Michael Tippach)
Bamboo Dock (x32 Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bandicam (x32 Version: 1.8.7.347 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (x32 Version:  - Bandisoft.com)
Bunny Must Die! Chelsea and the 7 Devils (x32 Version:  - Platine Dispositif)
Camtasia Studio 7 (x32 Version: 7.1.1 - TechSmith Corporation)
Cisco Connect (x32 Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Common (x32 Version: 6456440 - GameOn)
CPUID CPU-Z 1.62.0 (Version:  - )
Desura (x32 Version: 100.53 - Desura)
Desura: Bunny Must Die! (x32 Version: Full - Rockin' Android)
Divekick (x32 Version:  - Iron Galaxy Studios)
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (x32 Version:  - )
ffdshow v1.2.4499 [2013-01-04] (x32 Version: 1.2.4499.0 - )
FL Studio 10 (x32 Version:  - Image-Line)
FlashGet3.7 (x32 Version: 3.7.0.1218 - http://www.FlashGet.com)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GlassFish Server Open Source Edition 3.1.2.2 (Version:  - )
Globe Broadband (x32 Version: 11.300.05.01.158 - Huawei Technologies Co.,Ltd)
GOM Player (x32 Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKCU Version: 32.0.1700.102 - Google Inc.)
IL Download Manager (x32 Version:  - Image-Line)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel)
Intel® Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 11 (64-bit) (Version: 1.7.0.110 - Oracle)
K-Lite Codec Pack 9.7.0 (64-bit) (Version: 9.7.0 - )
Lexmark 2400 Series (x32 Version:  - Lexmark International, Inc.)
LINE (x32 Version: 3.1.7.10 - NHN Japan)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Manga Studio Debut 4.0 (x32 Version:  - )
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft AppLocale (x32 Version: 1.0.0 - MS)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0215.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.3.215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (Version:  - )
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
MozBackup 1.5.1 (x32 Version:  - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 17.0.7 (x86 en-US) (x32 Version: 17.0.7 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
My Game Long Name (Version:  - Epic Games, Inc.)
Neffy 1,2,5,0 (x32 Version: 1,2,5,0 - CDNetworks)
NetBeans IDE 7.2.1 (Version: 7.2.1 - NetBeans.org)
Nokia Connectivity Cable Driver (x32 Version: 7.1.78.0 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Notepad++ (x32 Version: 6.2.3 - )
NVIDIA 3D Vision Controller Driver 326.01 (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
OpenMG Limited Patch 4.7-07-14-05-01 (x32 Version:  - )
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (x32 Version: 12.0.27.0 - Nokia)
Pmangンインストールマネージャー (x32 Version: 1.0.1.1 - GameOn,Pmang)
Pokemon Online 2.0.1 (x32 Version:  - Dreambelievers)
puush (x32 Version: 1.0.0.0 - Dean Herbert)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
ShareX 8.2.0.655 (Version: 8.2.0.655 - ShareX Developers)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skullgirls Beta (x32 Version:  - )
SoftEther VPN Client (Version: 2.00.9387 - SoftEther Project)
SonicStage 4.3 (x32 Version: 4.3 - Sony Corporation)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (x32 Version:  - )
Tablet Driver With Macrokey Manager (Version:  - )
Tournament Maker (x32 Version:  - )
TweetDeck (x32 Version: 1.5.3 - Twitter, Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Vegas Pro 11.0 (64-bit) (Version: 11.0.371 - Sony)
Wacom (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (x32 Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Nokia Modem  (02/25/2011 4.7) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (Version: 4.20.0 - win.rar GmbH)
Wireshark 1.6.4 (x32 Version: 1.6.4 - The Wireshark developer community, http://www.wireshark.org)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (x32 Version:  - )
XSplit Broadcaster (x32 Version: 1.3.1306.2101 - SplitMediaLabs)
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)

==================== Restore Points  =========================

31-01-2014 02:36:39 Windows Update
31-01-2014 03:49:07 Removed BlueStacks Notification Center
10-02-2014 15:32:51 ComboFix created restore point
10-02-2014 22:26:25 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-14 10:34 - 2014-02-10 23:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00C38B47-68C5-46FA-B313-3E2E01FBE4E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core => C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15] (Google Inc.)
Task: {1FE56C71-47CD-47C2-BF71-F4E78D35A5F2} - System32\Tasks\{63D0EEAF-F336-4198-9A0C-CF8B82AD65D3} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {28057D0F-96AB-478B-A4F0-6ED7AA907908} - System32\Tasks\{065462A1-79FE-4C8A-9BA1-0157F1CB7411} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {2DBC0B3C-7FDB-4B59-92BC-00F62E94B9DC} - System32\Tasks\{388E5D3D-D5F6-4C2B-BC53-3C99EA703809} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {3D404419-B414-4035-BE4D-8CA7B790A4FE} - System32\Tasks\{42CBBB1A-E7DD-4F59-A800-455CFCBDE8DF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {4BAAF485-F2D3-47B7-804E-B39CE05949C2} - System32\Tasks\{C762C502-7934-48DC-81C3-F5F31D483B15} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {68E676EE-8284-4E01-867F-382E1E4F3FC4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA => C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-15] (Google Inc.)
Task: {69BFC958-818E-4D0C-B749-2E949C62DB1E} - System32\Tasks\{27D54A95-E340-43DB-8953-35E35EACEB5C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {9E57F7BE-7761-4CE5-B058-BD82ACFDA433} - System32\Tasks\{DFC7EA6F-AA0F-4AEB-B6D3-20823CBD10A8} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {A7E84B81-F368-459C-BF6D-8DDBBAD9B205} - System32\Tasks\{FFE363DD-6FBC-4F4F-BAEA-43A7726B0A75} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B4113ACC-979A-46D8-8BBB-BDDD8420294C} - System32\Tasks\{33CC0F5E-D837-44D5-B3EE-B8CAABC03DEF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B634D40D-18F5-4E48-A522-1850B4120E36} - System32\Tasks\{DAF76825-9D26-49B0-A1A3-2C2A6F645212} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B66D939D-D19B-4A34-9F64-706B6E18F7A0} - System32\Tasks\{CFA57F57-B610-4F65-AEB2-95DB61B8CA6C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {FD816F9A-268F-4E3E-86A6-2DC020F5F4D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-14] (Adobe Systems Incorporated)
Task: {FE0AA8FE-BB8D-4341-AAEB-42E2AE6673EA} - System32\Tasks\{36F219C4-EE36-482C-8CE1-B875D0DB7DFB} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core.job => C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA.job => C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-18 23:24 - 2012-06-18 23:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-01-15 21:36 - 2010-12-24 23:30 - 07319784 _____ () C:\Windows\System32\WTMKM.exe
2013-06-25 20:50 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-11-16 10:47 - 2013-12-21 02:23 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72791711.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72791711.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 07:56:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:22:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 07:21:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/11/2014 07:19:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 06:14:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a
Exception code: 0xc0000005
Fault offset: 0x0001604c
Faulting process id: 0x13c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (02/11/2014 06:14:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a
Exception code: 0xc0000005
Fault offset: 0x0001604c
Faulting process id: 0x51c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (02/11/2014 05:40:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 00:04:20 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (02/11/2014 00:04:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server

Error: (02/11/2014 00:04:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
   Instantiating VSS server


System errors:
=============
Error: (02/12/2014 07:56:36 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (02/12/2014 07:56:36 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/458506735/

Error: (02/12/2014 07:56:36 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (02/12/2014 07:56:36 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/458506735/

Error: (02/11/2014 07:19:25 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (02/11/2014 07:19:25 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/458506735/

Error: (02/11/2014 07:19:25 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (02/11/2014 07:19:25 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/458506735/

Error: (02/11/2014 05:41:01 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7

Error: (02/11/2014 05:41:01 AM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/458506735/


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-10 23:39:06.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-10 23:39:06.152
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3957.38 MB
Available physical RAM: 1633.7 MB
Total Pagefile: 7912.93 MB
Available Pagefile: 5497.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:33.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Hataraku) (Fixed) (Total:368.1 GB) (Free:27.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 165E165D)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=368 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

 

 

 

 

 

 

I ran fixdamage.exe. Internet, WUpdate, and WFirewall are working at the very least, and I noticed that my Firewall permissions have been turned to maximum security (I normally put it at minimum security)... I guess I'll leave it like this for now.

 

While it doesn't seem like my Program Files are all broken, my one concern is the fact that everytime I try to run Microsoft Security Essentials, I get the "Windows cannot access the specified..." error everytime. Weirdly enough it's only for msseces.exe which is MSE's main executable file; the other files within it are fine.

 

 

 

 

I highly doubt that fixdamage will fix my start-on-boot / startup programs (I still think Windows boots waaaaaaaaaaay too fast), though I don't really think there's a way to fix that if it's already truncated. I guess I'll just remember what other stuff I may have possibly had on boot and just fix them manually, and I should at least be thankful for the faster booting lol!

 

I'll try re-installing some of my broken programs soon; it was my main damage concern when this attacked me. Actually, until I can assure myself that I'm clear, I shouldn't do this.


Edited by Zekira G. Drake, 12 February 2014 - 07:29 AM.


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 12 February 2014 - 02:22 PM

Hi Zekira G. Drake

Did you run TDSSKiller ?

If so can you post me the log it creates. This should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 February 2014 - 07:17 PM

No, I have not run TDSSKiller at all. Or at least I don't recall ever running that tool...

 

EDIT: Well... according to the above logs I apparently have. I'll get back to you as soon as I can.


Edited by Zekira G. Drake, 12 February 2014 - 07:20 PM.


#10 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 14 February 2014 - 07:20 AM

TDSSKiller

 

06:33:23.0809 1028  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:33:25.0165 1028  ============================================================
06:33:25.0165 1028  Current date / time: 2014/02/11 06:33:25.0165
06:33:25.0165 1028  SystemInfo:
06:33:25.0165 1028  
06:33:25.0165 1028  OS Version: 6.1.7601 ServicePack: 1.0
06:33:25.0165 1028  Product type: Workstation
06:33:25.0165 1028  ComputerName: HEARTTRIO3
06:33:25.0165 1028  UserName: Zekira Drake
06:33:25.0165 1028  Windows directory: C:\Windows
06:33:25.0165 1028  System windows directory: C:\Windows
06:33:25.0165 1028  Running under WOW64
06:33:25.0165 1028  Processor architecture: Intel x64
06:33:25.0165 1028  Number of processors: 4
06:33:25.0165 1028  Page size: 0x1000
06:33:25.0165 1028  Boot type: Normal boot
06:33:25.0166 1028  ============================================================
06:33:26.0035 1028  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:33:26.0040 1028  ============================================================
06:33:26.0040 1028  \Device\Harddisk0\DR0:
06:33:26.0040 1028  MBR partitions:
06:33:26.0040 1028  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
06:33:26.0053 1028  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x2E031A75
06:33:26.0053 1028  ============================================================
06:33:26.0078 1028  C: <-> \Device\Harddisk0\DR0\Partition1
06:33:26.0098 1028  D: <-> \Device\Harddisk0\DR0\Partition2
06:33:26.0098 1028  ============================================================
06:33:26.0098 1028  Initialize success
06:33:26.0098 1028  ============================================================
06:36:13.0001 3480  ============================================================
06:36:13.0001 3480  Scan started
06:36:13.0001 3480  Mode: Manual;
06:36:13.0001 3480  ============================================================
06:36:13.0991 3480  ================ Scan system memory ========================
06:36:13.0991 3480  System memory - ok
06:36:13.0992 3480  ================ Scan services =============================
06:36:14.0064 3480  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:36:14.0067 3480  1394ohci - ok
06:36:14.0088 3480  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:36:14.0092 3480  ACPI - ok
06:36:14.0106 3480  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:36:14.0106 3480  AcpiPmi - ok
06:36:14.0166 3480  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:36:14.0166 3480  AdobeARMservice - ok
06:36:14.0347 3480  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:36:14.0349 3480  AdobeFlashPlayerUpdateSvc - ok
06:36:14.0392 3480  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
06:36:14.0396 3480  adp94xx - ok
06:36:14.0407 3480  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
06:36:14.0411 3480  adpahci - ok
06:36:14.0421 3480  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
06:36:14.0423 3480  adpu320 - ok
06:36:14.0449 3480  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:36:14.0450 3480  AeLookupSvc - ok
06:36:14.0480 3480  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
06:36:14.0484 3480  AFD - ok
06:36:14.0493 3480  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
06:36:14.0494 3480  agp440 - ok
06:36:14.0505 3480  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
06:36:14.0507 3480  ALG - ok
06:36:14.0529 3480  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:36:14.0530 3480  aliide - ok
06:36:14.0555 3480  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
06:36:14.0556 3480  amdide - ok
06:36:14.0569 3480  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
06:36:14.0570 3480  AmdK8 - ok
06:36:14.0578 3480  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
06:36:14.0579 3480  AmdPPM - ok
06:36:14.0598 3480  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
06:36:14.0600 3480  amdsata - ok
06:36:14.0622 3480  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
06:36:14.0624 3480  amdsbs - ok
06:36:14.0640 3480  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
06:36:14.0641 3480  amdxata - ok
06:36:14.0659 3480  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
06:36:14.0661 3480  AppID - ok
06:36:14.0671 3480  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:36:14.0672 3480  AppIDSvc - ok
06:36:14.0701 3480  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
06:36:14.0702 3480  Appinfo - ok
06:36:14.0721 3480  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
06:36:14.0723 3480  AppMgmt - ok
06:36:14.0737 3480  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
06:36:14.0739 3480  arc - ok
06:36:14.0747 3480  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
06:36:14.0749 3480  arcsas - ok
06:36:14.0832 3480  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:36:14.0834 3480  aspnet_state - ok
06:36:14.0854 3480  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:36:14.0855 3480  AsyncMac - ok
06:36:14.0880 3480  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
06:36:14.0881 3480  atapi - ok
06:36:14.0912 3480  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:36:14.0918 3480  AudioEndpointBuilder - ok
06:36:14.0926 3480  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:36:14.0929 3480  AudioSrv - ok
06:36:14.0954 3480  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:36:14.0956 3480  AxInstSV - ok
06:36:14.0971 3480  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
06:36:14.0976 3480  b06bdrv - ok
06:36:14.0995 3480  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:36:14.0997 3480  b57nd60a - ok
06:36:15.0003 3480  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:36:15.0004 3480  BDESVC - ok
06:36:15.0017 3480  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:36:15.0018 3480  Beep - ok
06:36:15.0042 3480  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
06:36:15.0048 3480  BFE - ok
06:36:15.0069 3480  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
06:36:15.0077 3480  BITS - ok
06:36:15.0096 3480  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
06:36:15.0097 3480  blbdrive - ok
06:36:15.0115 3480  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:36:15.0117 3480  bowser - ok
06:36:15.0120 3480  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
06:36:15.0121 3480  BrFiltLo - ok
06:36:15.0124 3480  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
06:36:15.0125 3480  BrFiltUp - ok
06:36:15.0147 3480  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
06:36:15.0148 3480  BridgeMP - ok
06:36:15.0172 3480  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
06:36:15.0174 3480  Browser - ok
06:36:15.0186 3480  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:36:15.0189 3480  Brserid - ok
06:36:15.0193 3480  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:36:15.0194 3480  BrSerWdm - ok
06:36:15.0197 3480  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:36:15.0198 3480  BrUsbMdm - ok
06:36:15.0201 3480  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:36:15.0203 3480  BrUsbSer - ok
06:36:15.0213 3480  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
06:36:15.0214 3480  BTHMODEM - ok
06:36:15.0244 3480  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
06:36:15.0245 3480  bthserv - ok
06:36:15.0256 3480  catchme - ok
06:36:15.0272 3480  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:36:15.0274 3480  cdfs - ok
06:36:15.0296 3480  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
06:36:15.0298 3480  cdrom - ok
06:36:15.0318 3480  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
06:36:15.0320 3480  CertPropSvc - ok
06:36:15.0332 3480  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
06:36:15.0333 3480  circlass - ok
06:36:15.0345 3480  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
06:36:15.0348 3480  CLFS - ok
06:36:15.0394 3480  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:36:15.0395 3480  clr_optimization_v2.0.50727_32 - ok
06:36:15.0417 3480  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:36:15.0418 3480  clr_optimization_v2.0.50727_64 - ok
06:36:15.0493 3480  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:36:15.0494 3480  clr_optimization_v4.0.30319_32 - ok
06:36:15.0500 3480  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:36:15.0502 3480  clr_optimization_v4.0.30319_64 - ok
06:36:15.0516 3480  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
06:36:15.0517 3480  CmBatt - ok
06:36:15.0540 3480  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:36:15.0541 3480  cmdide - ok
06:36:15.0575 3480  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
06:36:15.0579 3480  CNG - ok
06:36:15.0596 3480  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
06:36:15.0597 3480  Compbatt - ok
06:36:15.0622 3480  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
06:36:15.0623 3480  CompositeBus - ok
06:36:15.0630 3480  COMSysApp - ok
06:36:15.0652 3480  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
06:36:15.0654 3480  crcdisk - ok
06:36:15.0683 3480  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:36:15.0685 3480  CryptSvc - ok
06:36:15.0708 3480  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
06:36:15.0713 3480  CSC - ok
06:36:15.0729 3480  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
06:36:15.0736 3480  CscService - ok
06:36:15.0762 3480  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:36:15.0766 3480  DcomLaunch - ok
06:36:15.0792 3480  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
06:36:15.0796 3480  defragsvc - ok
06:36:15.0881 3480  [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
06:36:15.0883 3480  Desura Install Service - ok
06:36:15.0903 3480  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:36:15.0905 3480  DfsC - ok
06:36:15.0937 3480  [ E428DFFA96FAD07D8CA3C9082563A225 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
06:36:15.0939 3480  dg_ssudbus - ok
06:36:15.0965 3480  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:36:15.0968 3480  Dhcp - ok
06:36:15.0977 3480  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
06:36:15.0979 3480  discache - ok
06:36:15.0998 3480  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
06:36:16.0000 3480  Disk - ok
06:36:16.0014 3480  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
06:36:16.0015 3480  dmvsc - ok
06:36:16.0032 3480  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:36:16.0034 3480  Dnscache - ok
06:36:16.0049 3480  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:36:16.0052 3480  dot3svc - ok
06:36:16.0065 3480  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
06:36:16.0067 3480  DPS - ok
06:36:16.0113 3480  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:36:16.0114 3480  drmkaud - ok
06:36:16.0154 3480  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:36:16.0163 3480  DXGKrnl - ok
06:36:16.0194 3480  [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
06:36:16.0198 3480  e1kexpress - ok
06:36:16.0201 3480  EagleX64 - ok
06:36:16.0220 3480  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
06:36:16.0222 3480  EapHost - ok
06:36:16.0274 3480  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
06:36:16.0317 3480  ebdrv - ok
06:36:16.0354 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
06:36:16.0356 3480  EFS - ok
06:36:16.0403 3480  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:36:16.0410 3480  ehRecvr - ok
06:36:16.0418 3480  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
06:36:16.0419 3480  ehSched - ok
06:36:16.0436 3480  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
06:36:16.0441 3480  elxstor - ok
06:36:16.0449 3480  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:36:16.0450 3480  ErrDev - ok
06:36:16.0475 3480  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
06:36:16.0479 3480  EventSystem - ok
06:36:16.0488 3480  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
06:36:16.0490 3480  exfat - ok
06:36:16.0505 3480  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:36:16.0507 3480  fastfat - ok
06:36:16.0525 3480  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
06:36:16.0532 3480  Fax - ok
06:36:16.0543 3480  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
06:36:16.0544 3480  fdc - ok
06:36:16.0552 3480  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
06:36:16.0554 3480  fdPHost - ok
06:36:16.0562 3480  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:36:16.0563 3480  FDResPub - ok
06:36:16.0570 3480  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:36:16.0572 3480  FileInfo - ok
06:36:16.0581 3480  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:36:16.0582 3480  Filetrace - ok
06:36:16.0593 3480  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
06:36:16.0594 3480  flpydisk - ok
06:36:16.0608 3480  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:36:16.0610 3480  FltMgr - ok
06:36:16.0644 3480  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
06:36:16.0662 3480  FontCache - ok
06:36:16.0706 3480  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:36:16.0707 3480  FontCache3.0.0.0 - ok
06:36:16.0718 3480  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:36:16.0719 3480  FsDepends - ok
06:36:16.0736 3480  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:36:16.0737 3480  Fs_Rec - ok
06:36:16.0769 3480  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:36:16.0772 3480  fvevol - ok
06:36:16.0793 3480  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
06:36:16.0795 3480  gagp30kx - ok
06:36:16.0823 3480  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
06:36:16.0830 3480  gpsvc - ok
06:36:16.0845 3480  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:36:16.0846 3480  hcw85cir - ok
06:36:16.0873 3480  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:36:16.0877 3480  HdAudAddService - ok
06:36:16.0892 3480  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
06:36:16.0895 3480  HDAudBus - ok
06:36:16.0914 3480  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
06:36:16.0915 3480  HECIx64 - ok
06:36:16.0922 3480  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
06:36:16.0923 3480  HidBatt - ok
06:36:16.0927 3480  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
06:36:16.0928 3480  HidBth - ok
06:36:16.0940 3480  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
06:36:16.0941 3480  HidIr - ok
06:36:16.0964 3480  [ 46BBE8EA221461A65F18A078528F4B2C ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
06:36:16.0965 3480  hidkmdf - ok
06:36:16.0989 3480  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
06:36:16.0990 3480  hidserv - ok
06:36:17.0017 3480  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
06:36:17.0019 3480  HidUsb - ok
06:36:17.0041 3480  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:36:17.0043 3480  hkmsvc - ok
06:36:17.0058 3480  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:36:17.0061 3480  HomeGroupListener - ok
06:36:17.0083 3480  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:36:17.0085 3480  HomeGroupProvider - ok
06:36:17.0110 3480  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:36:17.0111 3480  HpSAMD - ok
06:36:17.0144 3480  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:36:17.0150 3480  HTTP - ok
06:36:17.0193 3480  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
06:36:17.0195 3480  hwdatacard - ok
06:36:17.0202 3480  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:36:17.0204 3480  hwpolicy - ok
06:36:17.0237 3480  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:36:17.0239 3480  i8042prt - ok
06:36:17.0272 3480  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:36:17.0276 3480  iaStorV - ok
06:36:17.0329 3480  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
06:36:17.0331 3480  IDriverT - ok
06:36:17.0373 3480  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:36:17.0381 3480  idsvc - ok
06:36:17.0405 3480  IEEtwCollectorService - ok
06:36:17.0427 3480  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
06:36:17.0429 3480  iirsp - ok
06:36:17.0459 3480  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
06:36:17.0467 3480  IKEEXT - ok
06:36:17.0544 3480  [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:36:17.0611 3480  IntcAzAudAddService - ok
06:36:17.0647 3480  [ 7F8C8EBD02EBDF83C9E9E9F8BDB1F579 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
06:36:17.0648 3480  Intel® PROSet Monitoring Service - ok
06:36:17.0672 3480  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
06:36:17.0673 3480  intelide - ok
06:36:17.0701 3480  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:36:17.0702 3480  intelppm - ok
06:36:17.0723 3480  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:36:17.0725 3480  IPBusEnum - ok
06:36:17.0744 3480  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:36:17.0746 3480  IpFilterDriver - ok
06:36:17.0780 3480  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:36:17.0785 3480  iphlpsvc - ok
06:36:17.0796 3480  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:36:17.0798 3480  IPMIDRV - ok
06:36:17.0802 3480  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:36:17.0803 3480  IPNAT - ok
06:36:17.0812 3480  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:36:17.0813 3480  IRENUM - ok
06:36:17.0823 3480  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:36:17.0825 3480  isapnp - ok
06:36:17.0842 3480  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:36:17.0845 3480  iScsiPrt - ok
06:36:17.0892 3480  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
06:36:17.0894 3480  ivusb - ok
06:36:17.0916 3480  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:36:17.0918 3480  kbdclass - ok
06:36:17.0933 3480  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
06:36:17.0935 3480  kbdhid - ok
06:36:17.0945 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
06:36:17.0946 3480  KeyIso - ok
06:36:17.0973 3480  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:36:17.0974 3480  KSecDD - ok
06:36:17.0988 3480  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:36:17.0990 3480  KSecPkg - ok
06:36:18.0003 3480  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
06:36:18.0004 3480  ksthunk - ok
06:36:18.0027 3480  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:36:18.0031 3480  KtmRm - ok
06:36:18.0055 3480  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
06:36:18.0058 3480  LanmanServer - ok
06:36:18.0073 3480  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:36:18.0076 3480  LanmanWorkstation - ok
06:36:18.0092 3480  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:36:18.0094 3480  lltdio - ok
06:36:18.0106 3480  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:36:18.0110 3480  lltdsvc - ok
06:36:18.0125 3480  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:36:18.0126 3480  lmhosts - ok
06:36:18.0167 3480  [ 73A1F958FCAC3438046DBB829DC92FE6 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
06:36:18.0168 3480  LMS - ok
06:36:18.0193 3480  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
06:36:18.0195 3480  LSI_FC - ok
06:36:18.0217 3480  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
06:36:18.0219 3480  LSI_SAS - ok
06:36:18.0230 3480  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
06:36:18.0232 3480  LSI_SAS2 - ok
06:36:18.0251 3480  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
06:36:18.0252 3480  LSI_SCSI - ok
06:36:18.0265 3480  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
06:36:18.0267 3480  luafv - ok
06:36:18.0322 3480  lxcr_device - ok
06:36:18.0340 3480  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:36:18.0342 3480  Mcx2Svc - ok
06:36:18.0353 3480  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
06:36:18.0355 3480  megasas - ok
06:36:18.0370 3480  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
06:36:18.0373 3480  MegaSR - ok
06:36:18.0432 3480  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:36:18.0434 3480  Microsoft Office Groove Audit Service - ok
06:36:18.0463 3480  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
06:36:18.0465 3480  MMCSS - ok
06:36:18.0474 3480  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
06:36:18.0475 3480  Modem - ok
06:36:18.0493 3480  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:36:18.0494 3480  monitor - ok
06:36:18.0515 3480  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
06:36:18.0517 3480  MotioninJoyXFilter - ok
06:36:18.0528 3480  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:36:18.0530 3480  mouclass - ok
06:36:18.0559 3480  [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
06:36:18.0560 3480  moufiltr - ok
06:36:18.0576 3480  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:36:18.0577 3480  mouhid - ok
06:36:18.0582 3480  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:36:18.0584 3480  mountmgr - ok
06:36:18.0612 3480  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:36:18.0614 3480  MozillaMaintenance - ok
06:36:18.0654 3480  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
06:36:18.0657 3480  MpFilter - ok
06:36:18.0670 3480  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:36:18.0673 3480  mpio - ok
06:36:18.0687 3480  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:36:18.0688 3480  mpsdrv - ok
06:36:18.0715 3480  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:36:18.0723 3480  MpsSvc - ok
06:36:18.0752 3480  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:36:18.0754 3480  MRxDAV - ok
06:36:18.0772 3480  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:36:18.0774 3480  mrxsmb - ok
06:36:18.0790 3480  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:36:18.0793 3480  mrxsmb10 - ok
06:36:18.0801 3480  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:36:18.0803 3480  mrxsmb20 - ok
06:36:18.0824 3480  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:36:18.0826 3480  msahci - ok
06:36:18.0874 3480  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
06:36:18.0875 3480  MSCSPTISRV - ok
06:36:18.0898 3480  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:36:18.0900 3480  msdsm - ok
06:36:18.0915 3480  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
06:36:18.0917 3480  MSDTC - ok
06:36:18.0935 3480  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:36:18.0937 3480  Msfs - ok
06:36:18.0951 3480  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:36:18.0953 3480  mshidkmdf - ok
06:36:18.0966 3480  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:36:18.0967 3480  msisadrv - ok
06:36:18.0990 3480  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:36:18.0992 3480  MSiSCSI - ok
06:36:18.0995 3480  MSIServer - ok
06:36:19.0016 3480  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:36:19.0017 3480  MSKSSRV - ok
06:36:19.0078 3480  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
06:36:19.0078 3480  Suspicious file (NoAccess): c:\Program Files\Microsoft Security Client\MsMpEng.exe. md5: 66238063B53E51ADDA16764BAB9A3F7C
06:36:19.0078 3480  MsMpSvc ( LockedFile.Multi.Generic ) - warning
06:36:19.0079 3480  MsMpSvc - detected LockedFile.Multi.Generic (1)
06:36:19.0096 3480  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:36:19.0097 3480  MSPCLOCK - ok
06:36:19.0103 3480  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:36:19.0104 3480  MSPQM - ok
06:36:19.0118 3480  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:36:19.0122 3480  MsRPC - ok
06:36:19.0131 3480  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
06:36:19.0132 3480  mssmbios - ok
06:36:19.0143 3480  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:36:19.0144 3480  MSTEE - ok
06:36:19.0155 3480  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
06:36:19.0156 3480  MTConfig - ok
06:36:19.0169 3480  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
06:36:19.0171 3480  Mup - ok
06:36:19.0198 3480  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
06:36:19.0203 3480  napagent - ok
06:36:19.0222 3480  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:36:19.0225 3480  NativeWifiP - ok
06:36:19.0252 3480  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:36:19.0261 3480  NDIS - ok
06:36:19.0271 3480  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:36:19.0273 3480  NdisCap - ok
06:36:19.0365 3480  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:36:19.0366 3480  NdisTapi - ok
06:36:19.0379 3480  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:36:19.0380 3480  Ndisuio - ok
06:36:19.0392 3480  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:36:19.0394 3480  NdisWan - ok
06:36:19.0409 3480  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:36:19.0410 3480  NDProxy - ok
06:36:19.0442 3480  [ AC9AE6D15307A627D5F8574A3A788525 ] Neo_VPN         C:\Windows\system32\DRIVERS\Neo_0008.sys
06:36:19.0443 3480  Neo_VPN - ok
06:36:19.0447 3480  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:36:19.0448 3480  NetBIOS - ok
06:36:19.0457 3480  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:36:19.0459 3480  NetBT - ok
06:36:19.0469 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
06:36:19.0470 3480  Netlogon - ok
06:36:19.0489 3480  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
06:36:19.0493 3480  Netman - ok
06:36:19.0558 3480  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:36:19.0560 3480  NetMsmqActivator - ok
06:36:19.0573 3480  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:36:19.0574 3480  NetPipeActivator - ok
06:36:19.0588 3480  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
06:36:19.0593 3480  netprofm - ok
06:36:19.0608 3480  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:36:19.0609 3480  NetTcpActivator - ok
06:36:19.0612 3480  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:36:19.0613 3480  NetTcpPortSharing - ok
06:36:19.0630 3480  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
06:36:19.0632 3480  nfrd960 - ok
06:36:19.0671 3480  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:36:19.0673 3480  NisDrv - ok
06:36:19.0683 3480  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
06:36:19.0683 3480  Suspicious file (NoAccess): c:\Program Files\Microsoft Security Client\NisSrv.exe. md5: 869A808253726EA11939EC4FE76346A4
06:36:19.0688 3480  NisSrv ( LockedFile.Multi.Generic ) - warning
06:36:19.0688 3480  NisSrv - detected LockedFile.Multi.Generic (1)
06:36:19.0722 3480  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:36:19.0726 3480  NlaSvc - ok
06:36:19.0742 3480  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
06:36:19.0743 3480  nmwcd - ok
06:36:19.0760 3480  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
06:36:19.0761 3480  nmwcdc - ok
06:36:19.0788 3480  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
06:36:19.0789 3480  NPF - ok
06:36:19.0797 3480  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:36:19.0798 3480  Npfs - ok
06:36:19.0818 3480  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
06:36:19.0819 3480  nsi - ok
06:36:19.0840 3480  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:36:19.0841 3480  nsiproxy - ok
06:36:19.0882 3480  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:36:19.0908 3480  Ntfs - ok
06:36:19.0920 3480  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
06:36:19.0921 3480  Null - ok
06:36:20.0103 3480  [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:36:20.0256 3480  nvlddmkm - ok
06:36:20.0298 3480  [ 1C7C6D7481CABD4EF38A81F5B68F02E8 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
06:36:20.0304 3480  NvNetworkService - ok
06:36:20.0330 3480  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:36:20.0332 3480  nvraid - ok
06:36:20.0346 3480  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:36:20.0348 3480  nvstor - ok
06:36:20.0611 3480  [ 7A03646D5330A790A9D47D9F9C38758D ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
06:36:20.0671 3480  NvStreamSvc - ok
06:36:20.0709 3480  [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
06:36:20.0713 3480  nvsvc - ok
06:36:20.0721 3480  [ 09216A70CC364D0974F606F6F2109210 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
06:36:20.0723 3480  nvvad_WaveExtensible - ok
06:36:20.0738 3480  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:36:20.0739 3480  nv_agp - ok
06:36:20.0782 3480  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:36:20.0786 3480  odserv - ok
06:36:20.0798 3480  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:36:20.0800 3480  ohci1394 - ok
06:36:20.0836 3480  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:36:20.0838 3480  ose - ok
06:36:20.0863 3480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:36:20.0867 3480  p2pimsvc - ok
06:36:20.0882 3480  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
06:36:20.0887 3480  p2psvc - ok
06:36:20.0906 3480  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
06:36:20.0907 3480  PACSPTISVR - ok
06:36:20.0930 3480  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
06:36:20.0931 3480  Parport - ok
06:36:20.0954 3480  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:36:20.0955 3480  partmgr - ok
06:36:20.0966 3480  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:36:20.0968 3480  PcaSvc - ok
06:36:20.0982 3480  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
06:36:20.0984 3480  pccsmcfd - ok
06:36:20.0995 3480  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
06:36:20.0997 3480  pci - ok
06:36:21.0017 3480  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
06:36:21.0018 3480  pciide - ok
06:36:21.0032 3480  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
06:36:21.0035 3480  pcmcia - ok
06:36:21.0045 3480  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
06:36:21.0046 3480  pcw - ok
06:36:21.0061 3480  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:36:21.0067 3480  PEAUTH - ok
06:36:21.0102 3480  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
06:36:21.0127 3480  PeerDistSvc - ok
06:36:21.0164 3480  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:36:21.0165 3480  PerfHost - ok
06:36:21.0206 3480  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
06:36:21.0231 3480  pla - ok
06:36:21.0255 3480  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:36:21.0259 3480  PlugPlay - ok
06:36:21.0272 3480  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:36:21.0273 3480  PNRPAutoReg - ok
06:36:21.0288 3480  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:36:21.0290 3480  PNRPsvc - ok
06:36:21.0317 3480  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:36:21.0322 3480  PolicyAgent - ok
06:36:21.0346 3480  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
06:36:21.0349 3480  Power - ok
06:36:21.0375 3480  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:36:21.0377 3480  PptpMiniport - ok
06:36:21.0386 3480  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
06:36:21.0387 3480  Processor - ok
06:36:21.0406 3480  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
06:36:21.0410 3480  ProfSvc - ok
06:36:21.0416 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
06:36:21.0417 3480  ProtectedStorage - ok
06:36:21.0436 3480  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:36:21.0437 3480  Psched - ok
06:36:21.0473 3480  [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
06:36:21.0474 3480  PxHlpa64 - ok
06:36:21.0507 3480  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
06:36:21.0533 3480  ql2300 - ok
06:36:21.0547 3480  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
06:36:21.0549 3480  ql40xx - ok
06:36:21.0571 3480  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
06:36:21.0574 3480  QWAVE - ok
06:36:21.0586 3480  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:36:21.0588 3480  QWAVEdrv - ok
06:36:21.0597 3480  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:36:21.0598 3480  RasAcd - ok
06:36:21.0616 3480  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:36:21.0617 3480  RasAgileVpn - ok
06:36:21.0633 3480  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
06:36:21.0636 3480  RasAuto - ok
06:36:21.0652 3480  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:36:21.0654 3480  Rasl2tp - ok
06:36:21.0665 3480  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
06:36:21.0668 3480  RasMan - ok
06:36:21.0680 3480  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:36:21.0682 3480  RasPppoe - ok
06:36:21.0708 3480  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:36:21.0709 3480  RasSstp - ok
06:36:21.0724 3480  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:36:21.0727 3480  rdbss - ok
06:36:21.0733 3480  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
06:36:21.0734 3480  rdpbus - ok
06:36:21.0753 3480  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:36:21.0754 3480  RDPCDD - ok
06:36:21.0776 3480  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
06:36:21.0778 3480  RDPDR - ok
06:36:21.0782 3480  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:36:21.0783 3480  RDPENCDD - ok
06:36:21.0793 3480  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:36:21.0794 3480  RDPREFMP - ok
06:36:21.0813 3480  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:36:21.0814 3480  RdpVideoMiniport - ok
06:36:21.0836 3480  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:36:21.0838 3480  RDPWD - ok
06:36:21.0843 3480  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:36:21.0846 3480  rdyboost - ok
06:36:21.0872 3480  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:36:21.0874 3480  RemoteAccess - ok
06:36:21.0895 3480  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:36:21.0898 3480  RemoteRegistry - ok
06:36:21.0917 3480  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
06:36:21.0919 3480  rpcapd - ok
06:36:21.0930 3480  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:36:21.0933 3480  RpcEptMapper - ok
06:36:21.0943 3480  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
06:36:21.0945 3480  RpcLocator - ok
06:36:21.0965 3480  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
06:36:21.0968 3480  RpcSs - ok
06:36:21.0978 3480  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:36:21.0980 3480  rspndr - ok
06:36:21.0999 3480  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
06:36:22.0000 3480  s3cap - ok
06:36:22.0008 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
06:36:22.0008 3480  SamSs - ok
06:36:22.0024 3480  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:36:22.0026 3480  sbp2port - ok
06:36:22.0042 3480  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:36:22.0045 3480  SCardSvr - ok
06:36:22.0056 3480  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:36:22.0057 3480  scfilter - ok
06:36:22.0081 3480  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
06:36:22.0099 3480  Schedule - ok
06:36:22.0120 3480  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:36:22.0121 3480  SCPolicySvc - ok
06:36:22.0135 3480  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:36:22.0137 3480  SDRSVC - ok
06:36:22.0165 3480  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:36:22.0166 3480  secdrv - ok
06:36:22.0179 3480  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
06:36:22.0181 3480  seclogon - ok
06:36:22.0195 3480  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
06:36:22.0197 3480  SENS - ok
06:36:22.0206 3480  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:36:22.0208 3480  SensrSvc - ok
06:36:22.0218 3480  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
06:36:22.0219 3480  Serenum - ok
06:36:22.0237 3480  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
06:36:22.0239 3480  Serial - ok
06:36:22.0262 3480  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
06:36:22.0264 3480  sermouse - ok
06:36:22.0304 3480  [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
06:36:22.0311 3480  ServiceLayer - ok
06:36:22.0329 3480  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
06:36:22.0332 3480  SessionEnv - ok
06:36:22.0449 3480  [ 18DA01E5CFF313D23F678772A7C858E3 ] SEVPNCLIENT     C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
06:36:22.0466 3480  SEVPNCLIENT - ok
06:36:22.0479 3480  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:36:22.0480 3480  sffdisk - ok
06:36:22.0494 3480  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:36:22.0495 3480  sffp_mmc - ok
06:36:22.0498 3480  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:36:22.0499 3480  sffp_sd - ok
06:36:22.0506 3480  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
06:36:22.0507 3480  sfloppy - ok
06:36:22.0529 3480  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:36:22.0533 3480  SharedAccess - ok
06:36:22.0558 3480  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:36:22.0562 3480  ShellHWDetection - ok
06:36:22.0571 3480  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
06:36:22.0573 3480  SiSRaid2 - ok
06:36:22.0585 3480  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
06:36:22.0587 3480  SiSRaid4 - ok
06:36:22.0609 3480  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:36:22.0611 3480  Smb - ok
06:36:22.0624 3480  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:36:22.0626 3480  SNMPTRAP - ok
06:36:22.0657 3480  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
06:36:22.0658 3480  SonicStage Back-End Service - ok
06:36:22.0667 3480  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:36:22.0668 3480  spldr - ok
06:36:22.0692 3480  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
06:36:22.0698 3480  Spooler - ok
06:36:22.0751 3480  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
06:36:22.0802 3480  sppsvc - ok
06:36:22.0813 3480  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:36:22.0816 3480  sppuinotify - ok
06:36:22.0839 3480  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
06:36:22.0841 3480  SPTISRV - ok
06:36:22.0867 3480  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:36:22.0872 3480  srv - ok
06:36:22.0884 3480  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:36:22.0888 3480  srv2 - ok
06:36:22.0906 3480  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:36:22.0908 3480  srvnet - ok
06:36:22.0934 3480  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:36:22.0937 3480  SSDPSRV - ok
06:36:22.0953 3480  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
06:36:22.0955 3480  SSScsiSV - ok
06:36:22.0966 3480  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:36:22.0968 3480  SstpSvc - ok
06:36:23.0002 3480  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
06:36:23.0004 3480  ssudmdm - ok
06:36:23.0041 3480  [ 3248B5CC4AA7942EE7BC26F1EB00210B ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
06:36:23.0044 3480  ssudserd - ok
06:36:23.0053 3480  Steam Client Service - ok
06:36:23.0109 3480  [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
06:36:23.0111 3480  Stereo Service - ok
06:36:23.0128 3480  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
06:36:23.0129 3480  stexstor - ok
06:36:23.0156 3480  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
06:36:23.0163 3480  stisvc - ok
06:36:23.0184 3480  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
06:36:23.0186 3480  storflt - ok
06:36:23.0194 3480  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
06:36:23.0195 3480  storvsc - ok
06:36:23.0205 3480  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
06:36:23.0206 3480  swenum - ok
06:36:23.0220 3480  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
06:36:23.0225 3480  swprv - ok
06:36:23.0241 3480  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
06:36:23.0242 3480  Synth3dVsc - ok
06:36:23.0273 3480  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
06:36:23.0298 3480  SysMain - ok
06:36:23.0308 3480  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:36:23.0311 3480  TabletInputService - ok
06:36:23.0322 3480  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:36:23.0326 3480  TapiSrv - ok
06:36:23.0339 3480  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
06:36:23.0341 3480  TBS - ok
06:36:23.0396 3480  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:36:23.0421 3480  Tcpip - ok
06:36:23.0462 3480  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:36:23.0470 3480  TCPIP6 - ok
06:36:23.0492 3480  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:36:23.0493 3480  tcpipreg - ok
06:36:23.0505 3480  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:36:23.0507 3480  TDPIPE - ok
06:36:23.0526 3480  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:36:23.0527 3480  TDTCP - ok
06:36:23.0550 3480  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:36:23.0552 3480  tdx - ok
06:36:23.0558 3480  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
06:36:23.0559 3480  TermDD - ok
06:36:23.0576 3480  [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt        C:\Windows\system32\drivers\terminpt.sys
06:36:23.0578 3480  terminpt - ok
06:36:23.0611 3480  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
06:36:23.0618 3480  TermService - ok
06:36:23.0628 3480  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
06:36:23.0630 3480  Themes - ok
06:36:23.0649 3480  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
06:36:23.0650 3480  THREADORDER - ok
06:36:23.0658 3480  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
06:36:23.0660 3480  TrkWks - ok
06:36:23.0701 3480  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:36:23.0703 3480  TrustedInstaller - ok
06:36:23.0729 3480  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:36:23.0730 3480  tssecsrv - ok
06:36:23.0749 3480  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:36:23.0750 3480  TsUsbFlt - ok
06:36:23.0759 3480  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
06:36:23.0761 3480  TsUsbGD - ok
06:36:23.0777 3480  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
06:36:23.0779 3480  tsusbhub - ok
06:36:23.0803 3480  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:36:23.0805 3480  tunnel - ok
06:36:23.0815 3480  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
06:36:23.0817 3480  uagp35 - ok
06:36:23.0834 3480  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:36:23.0838 3480  udfs - ok
06:36:23.0855 3480  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:36:23.0857 3480  UI0Detect - ok
06:36:23.0868 3480  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:36:23.0869 3480  uliagpkx - ok
06:36:23.0882 3480  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
06:36:23.0883 3480  umbus - ok
06:36:23.0896 3480  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
06:36:23.0897 3480  UmPass - ok
06:36:23.0913 3480  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
06:36:23.0916 3480  UmRdpService - ok
06:36:23.0983 3480  [ F51C224B79D338BDE125FD8035D2418B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
06:36:23.0994 3480  UNS - ok
06:36:24.0019 3480  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
06:36:24.0024 3480  upnphost - ok
06:36:24.0060 3480  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
06:36:24.0062 3480  upperdev - ok
06:36:24.0084 3480  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
06:36:24.0086 3480  usbccgp - ok
06:36:24.0110 3480  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:36:24.0112 3480  usbcir - ok
06:36:24.0136 3480  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
06:36:24.0138 3480  usbehci - ok
06:36:24.0159 3480  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
06:36:24.0162 3480  usbhub - ok
06:36:24.0190 3480  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
06:36:24.0192 3480  usbohci - ok
06:36:24.0219 3480  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
06:36:24.0220 3480  usbprint - ok
06:36:24.0246 3480  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
06:36:24.0248 3480  usbscan - ok
06:36:24.0270 3480  [ B57B4F0BEC4270A281B9F8537EB2FA04 ] usbser          C:\Windows\system32\drivers\usbser.sys
06:36:24.0271 3480  usbser - ok
06:36:24.0285 3480  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
06:36:24.0286 3480  UsbserFilt - ok
06:36:24.0306 3480  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:36:24.0308 3480  USBSTOR - ok
06:36:24.0332 3480  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:36:24.0333 3480  usbuhci - ok
06:36:24.0362 3480  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
06:36:24.0364 3480  usbvideo - ok
06:36:24.0381 3480  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
06:36:24.0383 3480  UxSms - ok
06:36:24.0397 3480  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
06:36:24.0397 3480  VaultSvc - ok
06:36:24.0422 3480  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:36:24.0423 3480  vdrvroot - ok
06:36:24.0442 3480  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
06:36:24.0448 3480  vds - ok
06:36:24.0459 3480  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:36:24.0461 3480  vga - ok
06:36:24.0475 3480  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:36:24.0477 3480  VgaSave - ok
06:36:24.0479 3480  VGPU - ok
06:36:24.0494 3480  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:36:24.0497 3480  vhdmp - ok
06:36:24.0523 3480  [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
06:36:24.0525 3480  vhidmini - ok
06:36:24.0548 3480  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:36:24.0549 3480  viaide - ok
06:36:24.0573 3480  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
06:36:24.0576 3480  vmbus - ok
06:36:24.0592 3480  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
06:36:24.0593 3480  VMBusHID - ok
06:36:24.0611 3480  vmci - ok
06:36:24.0615 3480  VMnetAdapter - ok
06:36:24.0628 3480  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:36:24.0629 3480  volmgr - ok
06:36:24.0641 3480  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:36:24.0645 3480  volmgrx - ok
06:36:24.0655 3480  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:36:24.0659 3480  volsnap - ok
06:36:24.0674 3480  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
06:36:24.0677 3480  vsmraid - ok
06:36:24.0720 3480  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
06:36:24.0746 3480  VSS - ok
06:36:24.0762 3480  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
06:36:24.0763 3480  vwifibus - ok
06:36:24.0776 3480  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
06:36:24.0780 3480  W32Time - ok
06:36:24.0808 3480  [ FDA15A0510F84FA46452B74529147A15 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
06:36:24.0815 3480  WacHidRouter - ok
06:36:24.0842 3480  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
06:36:24.0843 3480  WacomPen - ok
06:36:24.0867 3480  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
06:36:24.0869 3480  wacomrouterfilter - ok
06:36:24.0888 3480  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:36:24.0890 3480  WANARP - ok
06:36:24.0895 3480  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:36:24.0896 3480  Wanarpv6 - ok
06:36:24.0931 3480  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
06:36:24.0949 3480  WatAdminSvc - ok
06:36:24.0985 3480  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
06:36:25.0011 3480  wbengine - ok
06:36:25.0026 3480  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:36:25.0029 3480  WbioSrvc - ok
06:36:25.0046 3480  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:36:25.0051 3480  wcncsvc - ok
06:36:25.0063 3480  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:36:25.0066 3480  WcsPlugInService - ok
06:36:25.0083 3480  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
06:36:25.0084 3480  Wd - ok
06:36:25.0117 3480  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
06:36:25.0119 3480  WDC_SAM - ok
06:36:25.0153 3480  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:36:25.0160 3480  Wdf01000 - ok
06:36:25.0175 3480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:36:25.0177 3480  WdiServiceHost - ok
06:36:25.0180 3480  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:36:25.0182 3480  WdiSystemHost - ok
06:36:25.0209 3480  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
06:36:25.0212 3480  WebClient - ok
06:36:25.0230 3480  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:36:25.0234 3480  Wecsvc - ok
06:36:25.0249 3480  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:36:25.0251 3480  wercplsupport - ok
06:36:25.0265 3480  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:36:25.0267 3480  WerSvc - ok
06:36:25.0283 3480  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:36:25.0284 3480  WfpLwf - ok
06:36:25.0300 3480  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:36:25.0301 3480  WIMMount - ok
06:36:25.0321 3480  WinDefend - ok
06:36:25.0335 3480  WinHttpAutoProxySvc - ok
06:36:25.0371 3480  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:36:25.0373 3480  Winmgmt - ok
06:36:25.0414 3480  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
06:36:25.0449 3480  WinRM - ok
06:36:25.0480 3480  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:36:25.0481 3480  WinUsb - ok
06:36:25.0504 3480  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:36:25.0513 3480  Wlansvc - ok
06:36:25.0525 3480  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
06:36:25.0526 3480  WmiAcpi - ok
06:36:25.0542 3480  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:36:25.0545 3480  wmiApSrv - ok
06:36:25.0569 3480  WMPNetworkSvc - ok
06:36:25.0582 3480  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:36:25.0584 3480  WPCSvc - ok
06:36:25.0599 3480  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:36:25.0602 3480  WPDBusEnum - ok
06:36:25.0614 3480  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:36:25.0615 3480  ws2ifsl - ok
06:36:25.0627 3480  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
06:36:25.0629 3480  wscsvc - ok
06:36:25.0632 3480  WSearch - ok
06:36:25.0687 3480  [ FF3F745A22B0C9C2EF1600762E8858A1 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
06:36:25.0690 3480  WTabletServiceCon - ok
06:36:25.0700 3480  WTService - ok
06:36:25.0745 3480  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:36:25.0779 3480  wuauserv - ok
06:36:25.0799 3480  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:36:25.0801 3480  WudfPf - ok
06:36:25.0813 3480  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:36:25.0816 3480  WUDFRd - ok
06:36:25.0827 3480  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:36:25.0829 3480  wudfsvc - ok
06:36:25.0858 3480  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:36:25.0861 3480  WwanSvc - ok
06:36:25.0885 3480  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
06:36:25.0886 3480  xusb21 - ok
06:36:25.0895 3480  ================ Scan global ===============================
06:36:25.0908 3480  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:36:25.0937 3480  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
06:36:25.0943 3480  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
06:36:25.0962 3480  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:36:25.0977 3480  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:36:25.0981 3480  [Global] - ok
06:36:25.0981 3480  ================ Scan MBR ==================================
06:36:25.0993 3480  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:36:26.0299 3480  \Device\Harddisk0\DR0 - ok
06:36:26.0300 3480  ================ Scan VBR ==================================
06:36:26.0310 3480  [ 2522036E6FA17AC1E3FBF4B556DEBCE5 ] \Device\Harddisk0\DR0\Partition1
06:36:26.0311 3480  \Device\Harddisk0\DR0\Partition1 - ok
06:36:26.0327 3480  [ C0647F4755F77CBA2CB9B2C394D410F7 ] \Device\Harddisk0\DR0\Partition2
06:36:26.0329 3480  \Device\Harddisk0\DR0\Partition2 - ok
06:36:26.0329 3480  ============================================================
06:36:26.0329 3480  Scan finished
06:36:26.0329 3480  ============================================================
06:36:26.0336 4676  Detected object count: 2
06:36:26.0336 4676  Actual detected object count: 2
06:36:41.0674 4676  MsMpSvc ( LockedFile.Multi.Generic ) - skipped by user
06:36:41.0674 4676  MsMpSvc ( LockedFile.Multi.Generic ) - User select action: Skip
06:36:41.0674 4676  NisSrv ( LockedFile.Multi.Generic ) - skipped by user
06:36:41.0675 4676  NisSrv ( LockedFile.Multi.Generic ) - User select action: Skip
06:37:13.0589 4724  ============================================================
06:37:13.0589 4724  Scan started
06:37:13.0589 4724  Mode: Manual;
06:37:13.0589 4724  ============================================================
06:37:14.0529 4724  ================ Scan system memory ========================
06:37:14.0529 4724  System memory - ok
06:37:14.0531 4724  ================ Scan services =============================
06:37:14.0595 4724  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
06:37:14.0597 4724  1394ohci - ok
06:37:14.0611 4724  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
06:37:14.0612 4724  ACPI - ok
06:37:14.0617 4724  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
06:37:14.0617 4724  AcpiPmi - ok
06:37:14.0679 4724  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:37:14.0680 4724  AdobeARMservice - ok
06:37:14.0761 4724  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:37:14.0762 4724  AdobeFlashPlayerUpdateSvc - ok
06:37:14.0789 4724  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
06:37:14.0791 4724  adp94xx - ok
06:37:14.0805 4724  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
06:37:14.0806 4724  adpahci - ok
06:37:14.0818 4724  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
06:37:14.0819 4724  adpu320 - ok
06:37:14.0838 4724  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
06:37:14.0838 4724  AeLookupSvc - ok
06:37:14.0869 4724  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
06:37:14.0871 4724  AFD - ok
06:37:14.0882 4724  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
06:37:14.0882 4724  agp440 - ok
06:37:14.0894 4724  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
06:37:14.0895 4724  ALG - ok
06:37:14.0918 4724  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
06:37:14.0919 4724  aliide - ok
06:37:14.0944 4724  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
06:37:14.0944 4724  amdide - ok
06:37:14.0948 4724  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
06:37:14.0948 4724  AmdK8 - ok
06:37:14.0951 4724  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
06:37:14.0952 4724  AmdPPM - ok
06:37:14.0970 4724  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
06:37:14.0971 4724  amdsata - ok
06:37:14.0995 4724  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
06:37:14.0996 4724  amdsbs - ok
06:37:15.0004 4724  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
06:37:15.0004 4724  amdxata - ok
06:37:15.0015 4724  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
06:37:15.0015 4724  AppID - ok
06:37:15.0026 4724  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
06:37:15.0027 4724  AppIDSvc - ok
06:37:15.0048 4724  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
06:37:15.0049 4724  Appinfo - ok
06:37:15.0069 4724  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
06:37:15.0070 4724  AppMgmt - ok
06:37:15.0085 4724  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
06:37:15.0085 4724  arc - ok
06:37:15.0095 4724  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
06:37:15.0095 4724  arcsas - ok
06:37:15.0271 4724  [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:37:15.0272 4724  aspnet_state - ok
06:37:15.0285 4724  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
06:37:15.0285 4724  AsyncMac - ok
06:37:15.0311 4724  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
06:37:15.0311 4724  atapi - ok
06:37:15.0351 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:37:15.0354 4724  AudioEndpointBuilder - ok
06:37:15.0362 4724  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
06:37:15.0365 4724  AudioSrv - ok
06:37:15.0377 4724  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
06:37:15.0377 4724  AxInstSV - ok
06:37:15.0394 4724  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
06:37:15.0396 4724  b06bdrv - ok
06:37:15.0409 4724  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
06:37:15.0410 4724  b57nd60a - ok
06:37:15.0415 4724  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
06:37:15.0416 4724  BDESVC - ok
06:37:15.0423 4724  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
06:37:15.0423 4724  Beep - ok
06:37:15.0439 4724  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
06:37:15.0442 4724  BFE - ok
06:37:15.0466 4724  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
06:37:15.0470 4724  BITS - ok
06:37:15.0477 4724  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
06:37:15.0477 4724  blbdrive - ok
06:37:15.0496 4724  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
06:37:15.0497 4724  bowser - ok
06:37:15.0500 4724  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
06:37:15.0500 4724  BrFiltLo - ok
06:37:15.0503 4724  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
06:37:15.0503 4724  BrFiltUp - ok
06:37:15.0506 4724  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
06:37:15.0507 4724  BridgeMP - ok
06:37:15.0527 4724  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
06:37:15.0528 4724  Browser - ok
06:37:15.0542 4724  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
06:37:15.0543 4724  Brserid - ok
06:37:15.0546 4724  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
06:37:15.0547 4724  BrSerWdm - ok
06:37:15.0550 4724  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
06:37:15.0550 4724  BrUsbMdm - ok
06:37:15.0553 4724  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
06:37:15.0553 4724  BrUsbSer - ok
06:37:15.0556 4724  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
06:37:15.0557 4724  BTHMODEM - ok
06:37:15.0583 4724  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
06:37:15.0583 4724  bthserv - ok
06:37:15.0585 4724  catchme - ok
06:37:15.0595 4724  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
06:37:15.0596 4724  cdfs - ok
06:37:15.0610 4724  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
06:37:15.0611 4724  cdrom - ok
06:37:15.0624 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
06:37:15.0625 4724  CertPropSvc - ok
06:37:15.0637 4724  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
06:37:15.0638 4724  circlass - ok
06:37:15.0650 4724  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
06:37:15.0652 4724  CLFS - ok
06:37:15.0700 4724  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:37:15.0700 4724  clr_optimization_v2.0.50727_32 - ok
06:37:15.0722 4724  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:37:15.0723 4724  clr_optimization_v2.0.50727_64 - ok
06:37:15.0782 4724  [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:37:15.0782 4724  clr_optimization_v4.0.30319_32 - ok
06:37:15.0798 4724  [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:37:15.0799 4724  clr_optimization_v4.0.30319_64 - ok
06:37:15.0802 4724  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
06:37:15.0802 4724  CmBatt - ok
06:37:15.0829 4724  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
06:37:15.0829 4724  cmdide - ok
06:37:15.0856 4724  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
06:37:15.0857 4724  CNG - ok
06:37:15.0876 4724  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
06:37:15.0877 4724  Compbatt - ok
06:37:15.0886 4724  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
06:37:15.0886 4724  CompositeBus - ok
06:37:15.0889 4724  COMSysApp - ok
06:37:15.0900 4724  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
06:37:15.0900 4724  crcdisk - ok
06:37:15.0930 4724  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
06:37:15.0931 4724  CryptSvc - ok
06:37:15.0955 4724  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
06:37:15.0957 4724  CSC - ok
06:37:15.0977 4724  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
06:37:15.0980 4724  CscService - ok
06:37:16.0010 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
06:37:16.0013 4724  DcomLaunch - ok
06:37:16.0040 4724  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
06:37:16.0041 4724  defragsvc - ok
06:37:16.0195 4724  [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
06:37:16.0196 4724  Desura Install Service - ok
06:37:16.0209 4724  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
06:37:16.0209 4724  DfsC - ok
06:37:16.0234 4724  [ E428DFFA96FAD07D8CA3C9082563A225 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
06:37:16.0235 4724  dg_ssudbus - ok
06:37:16.0245 4724  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
06:37:16.0247 4724  Dhcp - ok
06:37:16.0258 4724  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
06:37:16.0259 4724  discache - ok
06:37:16.0270 4724  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
06:37:16.0271 4724  Disk - ok
06:37:16.0286 4724  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
06:37:16.0287 4724  dmvsc - ok
06:37:16.0305 4724  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
06:37:16.0306 4724  Dnscache - ok
06:37:16.0321 4724  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
06:37:16.0323 4724  dot3svc - ok
06:37:16.0337 4724  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
06:37:16.0338 4724  DPS - ok
06:37:16.0368 4724  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
06:37:16.0369 4724  drmkaud - ok
06:37:16.0485 4724  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
06:37:16.0489 4724  DXGKrnl - ok
06:37:16.0508 4724  [ 324FCD2DD8A4229DDEF3CC954FF12FA5 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k62x64.sys
06:37:16.0510 4724  e1kexpress - ok
06:37:16.0513 4724  EagleX64 - ok
06:37:16.0526 4724  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
06:37:16.0527 4724  EapHost - ok
06:37:16.0580 4724  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
06:37:16.0593 4724  ebdrv - ok
06:37:16.0618 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
06:37:16.0619 4724  EFS - ok
06:37:16.0659 4724  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
06:37:16.0662 4724  ehRecvr - ok
06:37:16.0674 4724  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
06:37:16.0674 4724  ehSched - ok
06:37:16.0692 4724  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
06:37:16.0695 4724  elxstor - ok
06:37:16.0705 4724  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
06:37:16.0705 4724  ErrDev - ok
06:37:16.0731 4724  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
06:37:16.0733 4724  EventSystem - ok
06:37:16.0744 4724  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
06:37:16.0745 4724  exfat - ok
06:37:16.0760 4724  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
06:37:16.0761 4724  fastfat - ok
06:37:16.0781 4724  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
06:37:16.0784 4724  Fax - ok
06:37:16.0790 4724  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
06:37:16.0791 4724  fdc - ok
06:37:16.0808 4724  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
06:37:16.0808 4724  fdPHost - ok
06:37:16.0817 4724  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
06:37:16.0818 4724  FDResPub - ok
06:37:16.0843 4724  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
06:37:16.0843 4724  FileInfo - ok
06:37:16.0853 4724  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
06:37:16.0854 4724  Filetrace - ok
06:37:16.0865 4724  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
06:37:16.0866 4724  flpydisk - ok
06:37:16.0888 4724  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
06:37:16.0890 4724  FltMgr - ok
06:37:16.0917 4724  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
06:37:16.0922 4724  FontCache - ok
06:37:16.0962 4724  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:37:16.0962 4724  FontCache3.0.0.0 - ok
06:37:16.0973 4724  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
06:37:16.0974 4724  FsDepends - ok
06:37:16.0992 4724  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
06:37:16.0992 4724  Fs_Rec - ok
06:37:17.0017 4724  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
06:37:17.0018 4724  fvevol - ok
06:37:17.0033 4724  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
06:37:17.0033 4724  gagp30kx - ok
06:37:17.0062 4724  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
06:37:17.0066 4724  gpsvc - ok
06:37:17.0076 4724  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
06:37:17.0076 4724  hcw85cir - ok
06:37:17.0096 4724  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:37:17.0098 4724  HdAudAddService - ok
06:37:17.0106 4724  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
06:37:17.0107 4724  HDAudBus - ok
06:37:17.0128 4724  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
06:37:17.0128 4724  HECIx64 - ok
06:37:17.0131 4724  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
06:37:17.0132 4724  HidBatt - ok
06:37:17.0135 4724  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
06:37:17.0136 4724  HidBth - ok
06:37:17.0148 4724  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
06:37:17.0149 4724  HidIr - ok
06:37:17.0170 4724  [ 46BBE8EA221461A65F18A078528F4B2C ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
06:37:17.0170 4724  hidkmdf - ok
06:37:17.0186 4724  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
06:37:17.0187 4724  hidserv - ok
06:37:17.0206 4724  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
06:37:17.0206 4724  HidUsb - ok
06:37:17.0222 4724  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
06:37:17.0223 4724  hkmsvc - ok
06:37:17.0246 4724  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:37:17.0247 4724  HomeGroupListener - ok
06:37:17.0271 4724  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:37:17.0273 4724  HomeGroupProvider - ok
06:37:17.0298 4724  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
06:37:17.0298 4724  HpSAMD - ok
06:37:17.0315 4724  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
06:37:17.0319 4724  HTTP - ok
06:37:17.0348 4724  [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
06:37:17.0349 4724  hwdatacard - ok
06:37:17.0357 4724  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
06:37:17.0358 4724  hwpolicy - ok
06:37:17.0367 4724  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
06:37:17.0368 4724  i8042prt - ok
06:37:17.0394 4724  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
06:37:17.0396 4724  iaStorV - ok
06:37:17.0442 4724  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
06:37:17.0443 4724  IDriverT - ok
06:37:17.0486 4724  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:37:17.0490 4724  idsvc - ok
06:37:17.0493 4724  IEEtwCollectorService - ok
06:37:17.0515 4724  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
06:37:17.0516 4724  iirsp - ok
06:37:17.0547 4724  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
06:37:17.0551 4724  IKEEXT - ok
06:37:17.0623 4724  [ 5F6A3EA5BD7CA861863A3A06CECC115C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:37:17.0639 4724  IntcAzAudAddService - ok
06:37:17.0660 4724  [ 7F8C8EBD02EBDF83C9E9E9F8BDB1F579 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
06:37:17.0662 4724  Intel® PROSet Monitoring Service - ok
06:37:17.0685 4724  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
06:37:17.0685 4724  intelide - ok
06:37:17.0698 4724  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
06:37:17.0698 4724  intelppm - ok
06:37:17.0719 4724  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
06:37:17.0720 4724  IPBusEnum - ok
06:37:17.0732 4724  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:37:17.0733 4724  IpFilterDriver - ok
06:37:17.0760 4724  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
06:37:17.0762 4724  iphlpsvc - ok
06:37:17.0766 4724  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
06:37:17.0767 4724  IPMIDRV - ok
06:37:17.0770 4724  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
06:37:17.0771 4724  IPNAT - ok
06:37:17.0784 4724  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
06:37:17.0784 4724  IRENUM - ok
06:37:17.0795 4724  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
06:37:17.0795 4724  isapnp - ok
06:37:17.0822 4724  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
06:37:17.0823 4724  iScsiPrt - ok
06:37:17.0856 4724  [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb           C:\Windows\system32\DRIVERS\ivusb.sys
06:37:17.0856 4724  ivusb - ok
06:37:17.0871 4724  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
06:37:17.0872 4724  kbdclass - ok
06:37:17.0880 4724  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
06:37:17.0881 4724  kbdhid - ok
06:37:17.0892 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
06:37:17.0893 4724  KeyIso - ok
06:37:17.0919 4724  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
06:37:17.0920 4724  KSecDD - ok
06:37:17.0935 4724  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
06:37:17.0935 4724  KSecPkg - ok
06:37:17.0942 4724  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
06:37:17.0942 4724  ksthunk - ok
06:37:17.0965 4724  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
06:37:17.0967 4724  KtmRm - ok
06:37:17.0985 4724  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
06:37:17.0987 4724  LanmanServer - ok
06:37:18.0004 4724  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:37:18.0005 4724  LanmanWorkstation - ok
06:37:18.0022 4724  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
06:37:18.0022 4724  lltdio - ok
06:37:18.0036 4724  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
06:37:18.0038 4724  lltdsvc - ok
06:37:18.0046 4724  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
06:37:18.0047 4724  lmhosts - ok
06:37:18.0080 4724  [ 73A1F958FCAC3438046DBB829DC92FE6 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
06:37:18.0082 4724  LMS - ok
06:37:18.0098 4724  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
06:37:18.0099 4724  LSI_FC - ok
06:37:18.0122 4724  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
06:37:18.0123 4724  LSI_SAS - ok
06:37:18.0135 4724  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
06:37:18.0136 4724  LSI_SAS2 - ok
06:37:18.0147 4724  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
06:37:18.0148 4724  LSI_SCSI - ok
06:37:18.0162 4724  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
06:37:18.0163 4724  luafv - ok
06:37:18.0203 4724  lxcr_device - ok
06:37:18.0220 4724  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
06:37:18.0221 4724  Mcx2Svc - ok
06:37:18.0233 4724  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
06:37:18.0234 4724  megasas - ok
06:37:18.0250 4724  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
06:37:18.0251 4724  MegaSR - ok
06:37:18.0306 4724  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:37:18.0306 4724  Microsoft Office Groove Audit Service - ok
06:37:18.0334 4724  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
06:37:18.0335 4724  MMCSS - ok
06:37:18.0346 4724  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
06:37:18.0346 4724  Modem - ok
06:37:18.0356 4724  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
06:37:18.0357 4724  monitor - ok
06:37:18.0378 4724  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
06:37:18.0379 4724  MotioninJoyXFilter - ok
06:37:18.0392 4724  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
06:37:18.0392 4724  mouclass - ok
06:37:18.0414 4724  [ 21B7ACEA1BB49C3371DD5427BF309D6A ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
06:37:18.0414 4724  moufiltr - ok
06:37:18.0423 4724  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
06:37:18.0423 4724  mouhid - ok
06:37:18.0438 4724  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
06:37:18.0438 4724  mountmgr - ok
06:37:18.0467 4724  [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:37:18.0468 4724  MozillaMaintenance - ok
06:37:18.0493 4724  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
06:37:18.0495 4724  MpFilter - ok
06:37:18.0509 4724  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
06:37:18.0510 4724  mpio - ok
06:37:18.0525 4724  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
06:37:18.0526 4724  mpsdrv - ok
06:37:18.0553 4724  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
06:37:18.0557 4724  MpsSvc - ok
06:37:18.0583 4724  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
06:37:18.0583 4724  MRxDAV - ok
06:37:18.0603 4724  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
06:37:18.0603 4724  mrxsmb - ok
06:37:18.0612 4724  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:37:18.0613 4724  mrxsmb10 - ok
06:37:18.0623 4724  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:37:18.0624 4724  mrxsmb20 - ok
06:37:18.0646 4724  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
06:37:18.0647 4724  msahci - ok
06:37:18.0687 4724  [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D ] MSCSPTISRV      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
06:37:18.0688 4724  MSCSPTISRV - ok
06:37:18.0711 4724  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
06:37:18.0712 4724  msdsm - ok
06:37:18.0720 4724  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
06:37:18.0721 4724  MSDTC - ok
06:37:18.0732 4724  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
06:37:18.0733 4724  Msfs - ok
06:37:18.0740 4724  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
06:37:18.0740 4724  mshidkmdf - ok
06:37:18.0754 4724  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
06:37:18.0755 4724  msisadrv - ok
06:37:18.0778 4724  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
06:37:18.0779 4724  MSiSCSI - ok
06:37:18.0782 4724  MSIServer - ok
06:37:18.0788 4724  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
06:37:18.0788 4724  MSKSSRV - ok
06:37:18.0842 4724  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
06:37:18.0842 4724  Suspicious file (NoAccess): c:\Program Files\Microsoft Security Client\MsMpEng.exe. md5: 66238063B53E51ADDA16764BAB9A3F7C
06:37:18.0842 4724  MsMpSvc ( LockedFile.Multi.Generic ) - warning
06:37:18.0842 4724  MsMpSvc - detected LockedFile.Multi.Generic (1)
06:37:18.0851 4724  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
06:37:18.0851 4724  MSPCLOCK - ok
06:37:18.0858 4724  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
06:37:18.0858 4724  MSPQM - ok
06:37:18.0874 4724  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
06:37:18.0875 4724  MsRPC - ok
06:37:18.0886 4724  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
06:37:18.0886 4724  mssmbios - ok
06:37:18.0898 4724  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
06:37:18.0899 4724  MSTEE - ok
06:37:18.0927 4724  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
06:37:18.0928 4724  MTConfig - ok
06:37:18.0941 4724  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
06:37:18.0942 4724  Mup - ok
06:37:18.0962 4724  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
06:37:18.0965 4724  napagent - ok
06:37:18.0977 4724  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
06:37:18.0979 4724  NativeWifiP - ok
06:37:19.0007 4724  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
06:37:19.0011 4724  NDIS - ok
06:37:19.0018 4724  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
06:37:19.0018 4724  NdisCap - ok
06:37:19.0029 4724  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
06:37:19.0029 4724  NdisTapi - ok
06:37:19.0051 4724  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
06:37:19.0051 4724  Ndisuio - ok
06:37:19.0064 4724  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
06:37:19.0065 4724  NdisWan - ok
06:37:19.0072 4724  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
06:37:19.0073 4724  NDProxy - ok
06:37:19.0097 4724  [ AC9AE6D15307A627D5F8574A3A788525 ] Neo_VPN         C:\Windows\system32\DRIVERS\Neo_0008.sys
06:37:19.0098 4724  Neo_VPN - ok
06:37:19.0103 4724  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
06:37:19.0103 4724  NetBIOS - ok
06:37:19.0112 4724  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
06:37:19.0113 4724  NetBT - ok
06:37:19.0124 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
06:37:19.0125 4724  Netlogon - ok
06:37:19.0144 4724  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
06:37:19.0146 4724  Netman - ok
06:37:19.0205 4724  [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:37:19.0206 4724  NetMsmqActivator - ok
06:37:19.0209 4724  [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:37:19.0210 4724  NetPipeActivator - ok
06:37:19.0227 4724  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
06:37:19.0230 4724  netprofm - ok
06:37:19.0233 4724  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:37:19.0234 4724  NetTcpActivator - ok
06:37:19.0237 4724  [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
06:37:19.0238 4724  NetTcpPortSharing - ok
06:37:19.0252 4724  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
06:37:19.0253 4724  nfrd960 - ok
06:37:19.0285 4724  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
06:37:19.0286 4724  NisDrv - ok
06:37:19.0297 4724  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
06:37:19.0297 4724  Suspicious file (NoAccess): c:\Program Files\Microsoft Security Client\NisSrv.exe. md5: 869A808253726EA11939EC4FE76346A4
06:37:19.0297 4724  NisSrv ( LockedFile.Multi.Generic ) - warning
06:37:19.0297 4724  NisSrv - detected LockedFile.Multi.Generic (1)
06:37:19.0319 4724  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
06:37:19.0322 4724  NlaSvc - ok
06:37:19.0331 4724  [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd           C:\Windows\system32\drivers\ccdcmbx64.sys
06:37:19.0331 4724  nmwcd - ok
06:37:19.0341 4724  [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
06:37:19.0341 4724  nmwcdc - ok
06:37:19.0368 4724  [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF             C:\Windows\system32\drivers\npf.sys
06:37:19.0369 4724  NPF - ok
06:37:19.0377 4724  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
06:37:19.0378 4724  Npfs - ok
06:37:19.0398 4724  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
06:37:19.0399 4724  nsi - ok
06:37:19.0420 4724  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
06:37:19.0421 4724  nsiproxy - ok
06:37:19.0462 4724  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
06:37:19.0469 4724  Ntfs - ok
06:37:19.0484 4724  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
06:37:19.0484 4724  Null - ok
06:37:19.0783 4724  [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:37:19.0833 4724  nvlddmkm - ok
06:37:19.0879 4724  [ 1C7C6D7481CABD4EF38A81F5B68F02E8 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
06:37:19.0885 4724  NvNetworkService - ok
06:37:19.0902 4724  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
06:37:19.0903 4724  nvraid - ok
06:37:19.0926 4724  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
06:37:19.0927 4724  nvstor - ok
06:37:20.0174 4724  [ 7A03646D5330A790A9D47D9F9C38758D ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
06:37:20.0235 4724  NvStreamSvc - ok
06:37:20.0272 4724  [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
06:37:20.0277 4724  nvsvc - ok
06:37:20.0285 4724  [ 09216A70CC364D0974F606F6F2109210 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
06:37:20.0286 4724  nvvad_WaveExtensible - ok
06:37:20.0301 4724  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
06:37:20.0302 4724  nv_agp - ok
06:37:20.0354 4724  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:37:20.0356 4724  odserv - ok
06:37:20.0370 4724  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
06:37:20.0371 4724  ohci1394 - ok
06:37:20.0392 4724  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:37:20.0392 4724  ose - ok
06:37:20.0419 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
06:37:20.0421 4724  p2pimsvc - ok
06:37:20.0438 4724  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
06:37:20.0440 4724  p2psvc - ok
06:37:20.0461 4724  [ 753A8F339F231D2B857E2CCD51A6E6CA ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
06:37:20.0462 4724  PACSPTISVR - ok
06:37:20.0485 4724  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
06:37:20.0486 4724  Parport - ok
06:37:20.0509 4724  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
06:37:20.0510 4724  partmgr - ok
06:37:20.0521 4724  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
06:37:20.0523 4724  PcaSvc - ok
06:37:20.0538 4724  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
06:37:20.0538 4724  pccsmcfd - ok
06:37:20.0550 4724  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
06:37:20.0551 4724  pci - ok
06:37:20.0572 4724  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
06:37:20.0573 4724  pciide - ok
06:37:20.0588 4724  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
06:37:20.0589 4724  pcmcia - ok
06:37:20.0600 4724  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
06:37:20.0601 4724  pcw - ok
06:37:20.0617 4724  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
06:37:20.0620 4724  PEAUTH - ok
06:37:20.0649 4724  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
06:37:20.0656 4724  PeerDistSvc - ok
06:37:20.0694 4724  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
06:37:20.0695 4724  PerfHost - ok
06:37:20.0736 4724  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
06:37:20.0743 4724  pla - ok
06:37:20.0761 4724  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
06:37:20.0763 4724  PlugPlay - ok
06:37:20.0777 4724  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
06:37:20.0778 4724  PNRPAutoReg - ok
06:37:20.0793 4724  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
06:37:20.0795 4724  PNRPsvc - ok
06:37:20.0822 4724  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
06:37:20.0825 4724  PolicyAgent - ok
06:37:20.0851 4724  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
06:37:20.0853 4724  Power - ok
06:37:20.0873 4724  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
06:37:20.0873 4724  PptpMiniport - ok
06:37:20.0891 4724  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
06:37:20.0892 4724  Processor - ok
06:37:20.0912 4724  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
06:37:20.0914 4724  ProfSvc - ok
06:37:20.0922 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
06:37:20.0923 4724  ProtectedStorage - ok
06:37:20.0933 4724  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
06:37:20.0934 4724  Psched - ok
06:37:20.0962 4724  [ 5D6C8E778F0218FCD2CCA0EFBC9766CA ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
06:37:20.0962 4724  PxHlpa64 - ok
06:37:20.0987 4724  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
06:37:20.0994 4724  ql2300 - ok
06:37:21.0011 4724  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
06:37:21.0011 4724  ql40xx - ok
06:37:21.0035 4724  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
06:37:21.0036 4724  QWAVE - ok
06:37:21.0050 4724  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
06:37:21.0051 4724  QWAVEdrv - ok
06:37:21.0061 4724  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
06:37:21.0062 4724  RasAcd - ok
06:37:21.0072 4724  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
06:37:21.0072 4724  RasAgileVpn - ok
06:37:21.0089 4724  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
06:37:21.0090 4724  RasAuto - ok
06:37:21.0107 4724  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
06:37:21.0108 4724  Rasl2tp - ok
06:37:21.0120 4724  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
06:37:21.0123 4724  RasMan - ok
06:37:21.0136 4724  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
06:37:21.0136 4724  RasPppoe - ok
06:37:21.0147 4724  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
06:37:21.0148 4724  RasSstp - ok
06:37:21.0163 4724  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
06:37:21.0164 4724  rdbss - ok
06:37:21.0172 4724  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
06:37:21.0173 4724  rdpbus - ok
06:37:21.0184 4724  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
06:37:21.0184 4724  RDPCDD - ok
06:37:21.0207 4724  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
06:37:21.0208 4724  RDPDR - ok
06:37:21.0211 4724  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
06:37:21.0212 4724  RDPENCDD - ok
06:37:21.0223 4724  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
06:37:21.0224 4724  RDPREFMP - ok
06:37:21.0243 4724  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:37:21.0244 4724  RdpVideoMiniport - ok
06:37:21.0267 4724  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
06:37:21.0268 4724  RDPWD - ok
06:37:21.0282 4724  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
06:37:21.0283 4724  rdyboost - ok
06:37:21.0302 4724  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
06:37:21.0303 4724  RemoteAccess - ok
06:37:21.0326 4724  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
06:37:21.0327 4724  RemoteRegistry - ok
06:37:21.0347 4724  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
06:37:21.0348 4724  rpcapd - ok
06:37:21.0361 4724  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
06:37:21.0362 4724  RpcEptMapper - ok
06:37:21.0383 4724  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
06:37:21.0383 4724  RpcLocator - ok
06:37:21.0404 4724  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
06:37:21.0407 4724  RpcSs - ok
06:37:21.0425 4724  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
06:37:21.0426 4724  rspndr - ok
06:37:21.0446 4724  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
06:37:21.0446 4724  s3cap - ok
06:37:21.0455 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
06:37:21.0456 4724  SamSs - ok
06:37:21.0463 4724  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
06:37:21.0464 4724  sbp2port - ok
06:37:21.0481 4724  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
06:37:21.0483 4724  SCardSvr - ok
06:37:21.0495 4724  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
06:37:21.0495 4724  scfilter - ok
06:37:21.0537 4724  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
06:37:21.0543 4724  Schedule - ok
06:37:21.0568 4724  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
06:37:21.0568 4724  SCPolicySvc - ok
06:37:21.0582 4724  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
06:37:21.0583 4724  SDRSVC - ok
06:37:21.0595 4724  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
06:37:21.0596 4724  secdrv - ok
06:37:21.0610 4724  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
06:37:21.0611 4724  seclogon - ok
06:37:21.0626 4724  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
06:37:21.0627 4724  SENS - ok
06:37:21.0637 4724  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
06:37:21.0638 4724  SensrSvc - ok
06:37:21.0648 4724  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
06:37:21.0649 4724  Serenum - ok
06:37:21.0659 4724  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
06:37:21.0660 4724  Serial - ok
06:37:21.0668 4724  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
06:37:21.0669 4724  sermouse - ok
06:37:21.0710 4724  [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
06:37:21.0713 4724  ServiceLayer - ok
06:37:21.0735 4724  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
06:37:21.0736 4724  SessionEnv - ok
06:37:21.0837 4724  [ 18DA01E5CFF313D23F678772A7C858E3 ] SEVPNCLIENT     C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
06:37:21.0856 4724  SEVPNCLIENT - ok
06:37:21.0863 4724  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
06:37:21.0863 4724  sffdisk - ok
06:37:21.0866 4724  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
06:37:21.0867 4724  sffp_mmc - ok
06:37:21.0869 4724  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
06:37:21.0870 4724  sffp_sd - ok
06:37:21.0878 4724  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
06:37:21.0879 4724  sfloppy - ok
06:37:21.0918 4724  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
06:37:21.0920 4724  SharedAccess - ok
06:37:21.0947 4724  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:37:21.0949 4724  ShellHWDetection - ok
06:37:21.0960 4724  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
06:37:21.0961 4724  SiSRaid2 - ok
06:37:21.0974 4724  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
06:37:21.0975 4724  SiSRaid4 - ok
06:37:21.0978 4724  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
06:37:21.0979 4724  Smb - ok
06:37:21.0996 4724  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
06:37:21.0998 4724  SNMPTRAP - ok
06:37:22.0021 4724  [ 977AAA4398D7D6FA65D973F5B3F54E40 ] SonicStage Back-End Service C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
06:37:22.0022 4724  SonicStage Back-End Service - ok
06:37:22.0047 4724  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
06:37:22.0048 4724  spldr - ok
06:37:22.0072 4724  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
06:37:22.0076 4724  Spooler - ok
06:37:22.0132 4724  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
06:37:22.0147 4724  sppsvc - ok
06:37:22.0161 4724  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
06:37:22.0162 4724  sppuinotify - ok
06:37:22.0187 4724  [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1 ] SPTISRV         C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
06:37:22.0187 4724  SPTISRV - ok
06:37:22.0206 4724  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
06:37:22.0209 4724  srv - ok
06:37:22.0216 4724  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
06:37:22.0218 4724  srv2 - ok
06:37:22.0228 4724  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
06:37:22.0229 4724  srvnet - ok
06:37:22.0240 4724  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
06:37:22.0242 4724  SSDPSRV - ok
06:37:22.0276 4724  [ 756E371B3B86A3D3039926D32EAC0E8D ] SSScsiSV        C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
06:37:22.0276 4724  SSScsiSV - ok
06:37:22.0288 4724  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
06:37:22.0290 4724  SstpSvc - ok
06:37:22.0324 4724  [ AAF6F247F1DC370C593B4430974EAD9C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
06:37:22.0325 4724  ssudmdm - ok
06:37:22.0355 4724  [ 3248B5CC4AA7942EE7BC26F1EB00210B ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
06:37:22.0357 4724  ssudserd - ok
06:37:22.0367 4724  Steam Client Service - ok
06:37:22.0423 4724  [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
06:37:22.0425 4724  Stereo Service - ok
06:37:22.0442 4724  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
06:37:22.0443 4724  stexstor - ok
06:37:22.0462 4724  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
06:37:22.0466 4724  stisvc - ok
06:37:22.0482 4724  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
06:37:22.0482 4724  storflt - ok
06:37:22.0491 4724  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
06:37:22.0491 4724  storvsc - ok
06:37:22.0502 4724  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
06:37:22.0503 4724  swenum - ok
06:37:22.0526 4724  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
06:37:22.0529 4724  swprv - ok
06:37:22.0547 4724  [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
06:37:22.0547 4724  Synth3dVsc - ok
06:37:22.0578 4724  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
06:37:22.0586 4724  SysMain - ok
06:37:22.0598 4724  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:37:22.0599 4724  TabletInputService - ok
06:37:22.0612 4724  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
06:37:22.0614 4724  TapiSrv - ok
06:37:22.0628 4724  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
06:37:22.0630 4724  TBS - ok
06:37:22.0685 4724  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
06:37:22.0693 4724  Tcpip - ok
06:37:22.0726 4724  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
06:37:22.0734 4724  TCPIP6 - ok
06:37:22.0756 4724  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
06:37:22.0756 4724  tcpipreg - ok
06:37:22.0770 4724  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
06:37:22.0770 4724  TDPIPE - ok
06:37:22.0790 4724  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
06:37:22.0791 4724  TDTCP - ok
06:37:22.0814 4724  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
06:37:22.0815 4724  tdx - ok
06:37:22.0822 4724  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
06:37:22.0823 4724  TermDD - ok
06:37:22.0832 4724  [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt        C:\Windows\system32\drivers\terminpt.sys
06:37:22.0833 4724  terminpt - ok
06:37:22.0867 4724  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
06:37:22.0871 4724  TermService - ok
06:37:22.0883 4724  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
06:37:22.0885 4724  Themes - ok
06:37:22.0904 4724  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
06:37:22.0905 4724  THREADORDER - ok
06:37:22.0914 4724  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
06:37:22.0915 4724  TrkWks - ok
06:37:22.0956 4724  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:37:22.0957 4724  TrustedInstaller - ok
06:37:22.0985 4724  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
06:37:22.0985 4724  tssecsrv - ok
06:37:22.0996 4724  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
06:37:22.0997 4724  TsUsbFlt - ok
06:37:23.0007 4724  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
06:37:23.0007 4724  TsUsbGD - ok
06:37:23.0024 4724  [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
06:37:23.0025 4724  tsusbhub - ok
06:37:23.0051 4724  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
06:37:23.0052 4724  tunnel - ok
06:37:23.0063 4724  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
06:37:23.0064 4724  uagp35 - ok
06:37:23.0082 4724  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
06:37:23.0083 4724  udfs - ok
06:37:23.0103 4724  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
06:37:23.0104 4724  UI0Detect - ok
06:37:23.0115 4724  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
06:37:23.0116 4724  uliagpkx - ok
06:37:23.0129 4724  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
06:37:23.0130 4724  umbus - ok
06:37:23.0133 4724  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
06:37:23.0133 4724  UmPass - ok
06:37:23.0152 4724  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
06:37:23.0154 4724  UmRdpService - ok
06:37:23.0222 4724  [ F51C224B79D338BDE125FD8035D2418B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
06:37:23.0233 4724  UNS - ok
06:37:23.0258 4724  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
06:37:23.0261 4724  upnphost - ok
06:37:23.0283 4724  [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
06:37:23.0283 4724  upperdev - ok
06:37:23.0307 4724  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
06:37:23.0307 4724  usbccgp - ok
06:37:23.0324 4724  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
06:37:23.0325 4724  usbcir - ok
06:37:23.0351 4724  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
06:37:23.0351 4724  usbehci - ok
06:37:23.0365 4724  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
06:37:23.0366 4724  usbhub - ok
06:37:23.0405 4724  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
06:37:23.0405 4724  usbohci - ok
06:37:23.0425 4724  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
06:37:23.0425 4724  usbprint - ok
06:37:23.0436 4724  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
06:37:23.0437 4724  usbscan - ok
06:37:23.0450 4724  [ B57B4F0BEC4270A281B9F8537EB2FA04 ] usbser          C:\Windows\system32\drivers\usbser.sys
06:37:23.0451 4724  usbser - ok
06:37:23.0466 4724  [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
06:37:23.0466 4724  UsbserFilt - ok
06:37:23.0487 4724  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:37:23.0488 4724  USBSTOR - ok
06:37:23.0513 4724  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
06:37:23.0513 4724  usbuhci - ok
06:37:23.0526 4724  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
06:37:23.0527 4724  usbvideo - ok
06:37:23.0545 4724  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
06:37:23.0547 4724  UxSms - ok
06:37:23.0552 4724  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
06:37:23.0553 4724  VaultSvc - ok
06:37:23.0570 4724  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
06:37:23.0570 4724  vdrvroot - ok
06:37:23.0590 4724  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
06:37:23.0593 4724  vds - ok
06:37:23.0607 4724  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
06:37:23.0607 4724  vga - ok
06:37:23.0615 4724  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
06:37:23.0615 4724  VgaSave - ok
06:37:23.0618 4724  VGPU - ok
06:37:23.0633 4724  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
06:37:23.0634 4724  vhdmp - ok
06:37:23.0654 4724  [ C2C95D62C90CA809240112B41C1765F2 ] vhidmini        C:\Windows\system32\DRIVERS\walvhid.sys
06:37:23.0655 4724  vhidmini - ok
06:37:23.0679 4724  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
06:37:23.0679 4724  viaide - ok
06:37:23.0704 4724  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
06:37:23.0706 4724  vmbus - ok
06:37:23.0715 4724  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
06:37:23.0715 4724  VMBusHID - ok
06:37:23.0717 4724  vmci - ok
06:37:23.0720 4724  VMnetAdapter - ok
06:37:23.0734 4724  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
06:37:23.0735 4724  volmgr - ok
06:37:23.0747 4724  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
06:37:23.0749 4724  volmgrx - ok
06:37:23.0761 4724  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
06:37:23.0763 4724  volsnap - ok
06:37:23.0780 4724  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
06:37:23.0781 4724  vsmraid - ok
06:37:23.0826 4724  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
06:37:23.0834 4724  VSS - ok
06:37:23.0843 4724  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
06:37:23.0844 4724  vwifibus - ok
06:37:23.0873 4724  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
06:37:23.0876 4724  W32Time - ok
06:37:23.0898 4724  [ FDA15A0510F84FA46452B74529147A15 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
06:37:23.0898 4724  WacHidRouter - ok
06:37:23.0907 4724  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
06:37:23.0907 4724  WacomPen - ok
06:37:23.0915 4724  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
06:37:23.0915 4724  wacomrouterfilter - ok
06:37:23.0927 4724  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
06:37:23.0928 4724  WANARP - ok
06:37:23.0931 4724  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
06:37:23.0932 4724  Wanarpv6 - ok
06:37:23.0962 4724  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
06:37:23.0968 4724  WatAdminSvc - ok
06:37:24.0000 4724  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
06:37:24.0007 4724  wbengine - ok
06:37:24.0024 4724  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
06:37:24.0025 4724  WbioSrvc - ok
06:37:24.0044 4724  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
06:37:24.0046 4724  wcncsvc - ok
06:37:24.0061 4724  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:37:24.0062 4724  WcsPlugInService - ok
06:37:24.0081 4724  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
06:37:24.0081 4724  Wd - ok
06:37:24.0106 4724  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
06:37:24.0107 4724  WDC_SAM - ok
06:37:24.0143 4724  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
06:37:24.0146 4724  Wdf01000 - ok
06:37:24.0156 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
06:37:24.0158 4724  WdiServiceHost - ok
06:37:24.0161 4724  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
06:37:24.0162 4724  WdiSystemHost - ok
06:37:24.0190 4724  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
06:37:24.0192 4724  WebClient - ok
06:37:24.0219 4724  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
06:37:24.0221 4724  Wecsvc - ok
06:37:24.0230 4724  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
06:37:24.0232 4724  wercplsupport - ok
06:37:24.0238 4724  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
06:37:24.0239 4724  WerSvc - ok
06:37:24.0248 4724  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
06:37:24.0248 4724  WfpLwf - ok
06:37:24.0264 4724  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
06:37:24.0265 4724  WIMMount - ok
06:37:24.0285 4724  WinDefend - ok
06:37:24.0290 4724  WinHttpAutoProxySvc - ok
06:37:24.0327 4724  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
06:37:24.0328 4724  Winmgmt - ok
06:37:24.0371 4724  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
06:37:24.0380 4724  WinRM - ok
06:37:24.0403 4724  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
06:37:24.0403 4724  WinUsb - ok
06:37:24.0427 4724  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
06:37:24.0432 4724  Wlansvc - ok
06:37:24.0439 4724  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
06:37:24.0440 4724  WmiAcpi - ok
06:37:24.0456 4724  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
06:37:24.0458 4724  wmiApSrv - ok
06:37:24.0476 4724  WMPNetworkSvc - ok
06:37:24.0488 4724  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
06:37:24.0489 4724  WPCSvc - ok
06:37:24.0505 4724  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
06:37:24.0507 4724  WPDBusEnum - ok
06:37:24.0520 4724  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
06:37:24.0521 4724  ws2ifsl - ok
06:37:24.0533 4724  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
06:37:24.0535 4724  wscsvc - ok
06:37:24.0537 4724  WSearch - ok
06:37:24.0585 4724  [ FF3F745A22B0C9C2EF1600762E8858A1 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
06:37:24.0588 4724  WTabletServiceCon - ok
06:37:24.0591 4724  WTService - ok
06:37:24.0634 4724  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
06:37:24.0645 4724  wuauserv - ok
06:37:24.0664 4724  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
06:37:24.0664 4724  WudfPf - ok
06:37:24.0678 4724  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
06:37:24.0679 4724  WUDFRd - ok
06:37:24.0691 4724  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
06:37:24.0693 4724  wudfsvc - ok
06:37:24.0722 4724  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
06:37:24.0725 4724  WwanSvc - ok
06:37:24.0749 4724  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
06:37:24.0750 4724  xusb21 - ok
06:37:24.0753 4724  ================ Scan global ===============================
06:37:24.0764 4724  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:37:24.0785 4724  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
06:37:24.0791 4724  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
06:37:24.0810 4724  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:37:24.0825 4724  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:37:24.0827 4724  [Global] - ok
06:37:24.0828 4724  ================ Scan MBR ==================================
06:37:24.0833 4724  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:37:25.0149 4724  \Device\Harddisk0\DR0 - ok
06:37:25.0150 4724  ================ Scan VBR ==================================
06:37:25.0151 4724  [ 2522036E6FA17AC1E3FBF4B556DEBCE5 ] \Device\Harddisk0\DR0\Partition1
06:37:25.0152 4724  \Device\Harddisk0\DR0\Partition1 - ok
06:37:25.0167 4724  [ C0647F4755F77CBA2CB9B2C394D410F7 ] \Device\Harddisk0\DR0\Partition2
06:37:25.0169 4724  \Device\Harddisk0\DR0\Partition2 - ok
06:37:25.0169 4724  ============================================================
06:37:25.0169 4724  Scan finished
06:37:25.0169 4724  ============================================================
06:37:25.0175 3408  Detected object count: 2
06:37:25.0175 3408  Actual detected object count: 2
06:38:43.0041 3408  c:\Program Files\Microsoft Security Client\MsMpEng.exe - copied to quarantine
06:38:43.0050 3408  HKLM\SYSTEM\ControlSet001\services\MsMpSvc - will be deleted on reboot
06:38:43.0056 3408  HKLM\SYSTEM\ControlSet001\control\safeboot\Minimal\MsMpSvc - will be deleted on reboot
06:38:43.0056 3408  HKLM\SYSTEM\ControlSet001\control\safeboot\Network\MsMpSvc - will be deleted on reboot
06:38:43.0088 3408  HKLM\SYSTEM\ControlSet002\services\MsMpSvc - will be deleted on reboot
06:38:43.0098 3408  HKLM\SYSTEM\ControlSet002\control\safeboot\Minimal\MsMpSvc - will be deleted on reboot
06:38:43.0099 3408  HKLM\SYSTEM\ControlSet002\control\safeboot\Network\MsMpSvc - will be deleted on reboot
06:38:43.0214 3408  c:\Program Files\Microsoft Security Client\MsMpEng.exe - will be deleted on reboot
06:38:43.0214 3408  MsMpSvc ( LockedFile.Multi.Generic ) - User select action: Delete
06:38:43.0246 3408  c:\Program Files\Microsoft Security Client\NisSrv.exe - copied to quarantine
06:38:43.0246 3408  HKLM\SYSTEM\ControlSet001\services\NisSrv - will be deleted on reboot
06:38:43.0255 3408  HKLM\SYSTEM\ControlSet002\services\NisSrv - will be deleted on reboot
06:38:43.0259 3408  c:\Program Files\Microsoft Security Client\NisSrv.exe - will be deleted on reboot
06:38:43.0259 3408  NisSrv ( LockedFile.Multi.Generic ) - User select action: Delete
06:39:14.0444 3820  Deinitialize success
 



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 14 February 2014 - 04:05 PM

Hi Zekira G. Drake


Step 1

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 2


Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 
Start
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
FF DefaultSearchEngine: Claro Search
FF SelectedSearchEngine: Claro Search
C:\Users\Zekira Drake\AppData\Local\Temp\BA1AF0E7-6FC2-42AA-B0E7-3A0D5FB2FDF8.exe
Task: {1FE56C71-47CD-47C2-BF71-F4E78D35A5F2} - System32\Tasks\{63D0EEAF-F336-4198-9A0C-CF8B82AD65D3} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {28057D0F-96AB-478B-A4F0-6ED7AA907908} - System32\Tasks\{065462A1-79FE-4C8A-9BA1-0157F1CB7411} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {2DBC0B3C-7FDB-4B59-92BC-00F62E94B9DC} - System32\Tasks\{388E5D3D-D5F6-4C2B-BC53-3C99EA703809} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {3D404419-B414-4035-BE4D-8CA7B790A4FE} - System32\Tasks\{42CBBB1A-E7DD-4F59-A800-455CFCBDE8DF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {4BAAF485-F2D3-47B7-804E-B39CE05949C2} - System32\Tasks\{C762C502-7934-48DC-81C3-F5F31D483B15} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {69BFC958-818E-4D0C-B749-2E949C62DB1E} - System32\Tasks\{27D54A95-E340-43DB-8953-35E35EACEB5C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {9E57F7BE-7761-4CE5-B058-BD82ACFDA433} - System32\Tasks\{DFC7EA6F-AA0F-4AEB-B6D3-20823CBD10A8} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {A7E84B81-F368-459C-BF6D-8DDBBAD9B205} - System32\Tasks\{FFE363DD-6FBC-4F4F-BAEA-43A7726B0A75} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B4113ACC-979A-46D8-8BBB-BDDD8420294C} - System32\Tasks\{33CC0F5E-D837-44D5-B3EE-B8CAABC03DEF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B634D40D-18F5-4E48-A522-1850B4120E36} - System32\Tasks\{DAF76825-9D26-49B0-A1A3-2C2A6F645212} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B66D939D-D19B-4A34-9F64-706B6E18F7A0} - System32\Tasks\{CFA57F57-B610-4F65-AEB2-95DB61B8CA6C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {FE0AA8FE-BB8D-4341-AAEB-42E2AE6673EA} - System32\Tasks\{36F219C4-EE36-482C-8CE1-B875D0DB7DFB} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
 D:\2ndgen\F\School\College\COMPRO1\10927999.exe
Folder: C:\TDSSKiller_Quarantine
Folder: C:\NTKernel
File: C:\Windows\system.ini
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 14 February 2014 - 05:30 PM

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Zekira Drake at 2014-02-15 06:24:03 Run:1
Running from D:\IMPORTANTFORCOMP
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
FF DefaultSearchEngine: Claro Search
FF SelectedSearchEngine: Claro Search
C:\Users\Zekira Drake\AppData\Local\Temp\BA1AF0E7-6FC2-42AA-B0E7-3A0D5FB2FDF8.exe
Task: {1FE56C71-47CD-47C2-BF71-F4E78D35A5F2} - System32\Tasks\{63D0EEAF-F336-4198-9A0C-CF8B82AD65D3} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {28057D0F-96AB-478B-A4F0-6ED7AA907908} - System32\Tasks\{065462A1-79FE-4C8A-9BA1-0157F1CB7411} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {2DBC0B3C-7FDB-4B59-92BC-00F62E94B9DC} - System32\Tasks\{388E5D3D-D5F6-4C2B-BC53-3C99EA703809} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {3D404419-B414-4035-BE4D-8CA7B790A4FE} - System32\Tasks\{42CBBB1A-E7DD-4F59-A800-455CFCBDE8DF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {4BAAF485-F2D3-47B7-804E-B39CE05949C2} - System32\Tasks\{C762C502-7934-48DC-81C3-F5F31D483B15} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {69BFC958-818E-4D0C-B749-2E949C62DB1E} - System32\Tasks\{27D54A95-E340-43DB-8953-35E35EACEB5C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {9E57F7BE-7761-4CE5-B058-BD82ACFDA433} - System32\Tasks\{DFC7EA6F-AA0F-4AEB-B6D3-20823CBD10A8} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {A7E84B81-F368-459C-BF6D-8DDBBAD9B205} - System32\Tasks\{FFE363DD-6FBC-4F4F-BAEA-43A7726B0A75} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B4113ACC-979A-46D8-8BBB-BDDD8420294C} - System32\Tasks\{33CC0F5E-D837-44D5-B3EE-B8CAABC03DEF} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B634D40D-18F5-4E48-A522-1850B4120E36} - System32\Tasks\{DAF76825-9D26-49B0-A1A3-2C2A6F645212} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {B66D939D-D19B-4A34-9F64-706B6E18F7A0} - System32\Tasks\{CFA57F57-B610-4F65-AEB2-95DB61B8CA6C} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
Task: {FE0AA8FE-BB8D-4341-AAEB-42E2AE6673EA} - System32\Tasks\{36F219C4-EE36-482C-8CE1-B875D0DB7DFB} => D:\2ndgen\F\School\College\COMPRO1\10927999.exe [2009-08-20] ()
 D:\2ndgen\F\School\College\COMPRO1\10927999.exe
Folder: C:\TDSSKiller_Quarantine
Folder: C:\NTKernel
File: C:\Windows\system.ini
*****************

HKU\S-1-5-21-1224801478-1470400727-1307533331-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Unable to delete value
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Zekira Drake\AppData\Local\Temp\BA1AF0E7-6FC2-42AA-B0E7-3A0D5FB2FDF8.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FE56C71-47CD-47C2-BF71-F4E78D35A5F2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FE56C71-47CD-47C2-BF71-F4E78D35A5F2} => Key deleted successfully.
C:\Windows\System32\Tasks\{63D0EEAF-F336-4198-9A0C-CF8B82AD65D3} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63D0EEAF-F336-4198-9A0C-CF8B82AD65D3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28057D0F-96AB-478B-A4F0-6ED7AA907908} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28057D0F-96AB-478B-A4F0-6ED7AA907908} => Key deleted successfully.
C:\Windows\System32\Tasks\{065462A1-79FE-4C8A-9BA1-0157F1CB7411} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{065462A1-79FE-4C8A-9BA1-0157F1CB7411} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DBC0B3C-7FDB-4B59-92BC-00F62E94B9DC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DBC0B3C-7FDB-4B59-92BC-00F62E94B9DC} => Key deleted successfully.
C:\Windows\System32\Tasks\{388E5D3D-D5F6-4C2B-BC53-3C99EA703809} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{388E5D3D-D5F6-4C2B-BC53-3C99EA703809} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D404419-B414-4035-BE4D-8CA7B790A4FE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D404419-B414-4035-BE4D-8CA7B790A4FE} => Key deleted successfully.
C:\Windows\System32\Tasks\{42CBBB1A-E7DD-4F59-A800-455CFCBDE8DF} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42CBBB1A-E7DD-4F59-A800-455CFCBDE8DF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BAAF485-F2D3-47B7-804E-B39CE05949C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BAAF485-F2D3-47B7-804E-B39CE05949C2} => Key deleted successfully.
C:\Windows\System32\Tasks\{C762C502-7934-48DC-81C3-F5F31D483B15} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C762C502-7934-48DC-81C3-F5F31D483B15} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69BFC958-818E-4D0C-B749-2E949C62DB1E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69BFC958-818E-4D0C-B749-2E949C62DB1E} => Key deleted successfully.
C:\Windows\System32\Tasks\{27D54A95-E340-43DB-8953-35E35EACEB5C} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{27D54A95-E340-43DB-8953-35E35EACEB5C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E57F7BE-7761-4CE5-B058-BD82ACFDA433} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E57F7BE-7761-4CE5-B058-BD82ACFDA433} => Key deleted successfully.
C:\Windows\System32\Tasks\{DFC7EA6F-AA0F-4AEB-B6D3-20823CBD10A8} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DFC7EA6F-AA0F-4AEB-B6D3-20823CBD10A8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7E84B81-F368-459C-BF6D-8DDBBAD9B205} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7E84B81-F368-459C-BF6D-8DDBBAD9B205} => Key deleted successfully.
C:\Windows\System32\Tasks\{FFE363DD-6FBC-4F4F-BAEA-43A7726B0A75} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FFE363DD-6FBC-4F4F-BAEA-43A7726B0A75} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4113ACC-979A-46D8-8BBB-BDDD8420294C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4113ACC-979A-46D8-8BBB-BDDD8420294C} => Key deleted successfully.
C:\Windows\System32\Tasks\{33CC0F5E-D837-44D5-B3EE-B8CAABC03DEF} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33CC0F5E-D837-44D5-B3EE-B8CAABC03DEF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B634D40D-18F5-4E48-A522-1850B4120E36} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B634D40D-18F5-4E48-A522-1850B4120E36} => Key deleted successfully.
C:\Windows\System32\Tasks\{DAF76825-9D26-49B0-A1A3-2C2A6F645212} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DAF76825-9D26-49B0-A1A3-2C2A6F645212} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B66D939D-D19B-4A34-9F64-706B6E18F7A0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B66D939D-D19B-4A34-9F64-706B6E18F7A0} => Key deleted successfully.
C:\Windows\System32\Tasks\{CFA57F57-B610-4F65-AEB2-95DB61B8CA6C} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFA57F57-B610-4F65-AEB2-95DB61B8CA6C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE0AA8FE-BB8D-4341-AAEB-42E2AE6673EA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE0AA8FE-BB8D-4341-AAEB-42E2AE6673EA} => Key deleted successfully.
C:\Windows\System32\Tasks\{36F219C4-EE36-482C-8CE1-B875D0DB7DFB} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{36F219C4-EE36-482C-8CE1-B875D0DB7DFB} => Key deleted successfully.
D:\2ndgen\F\School\College\COMPRO1\10927999.exe => Moved successfully.

========================= Folder: C:\TDSSKiller_Quarantine ========================

2014-02-11 06:38 - 2014-02-11 06:38 - 0000000 ____D () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25
2014-02-11 06:38 - 2014-02-11 06:38 - 0000000 ____D () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000
2014-02-11 06:38 - 2014-02-11 06:38 - 0000000 ____D () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001
2014-02-11 06:38 - 2014-02-11 06:38 - 0000000 ____D () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000\svc0000
2014-02-11 06:38 - 2014-02-11 06:38 - 0000000 ____D () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001\svc0000
2014-02-11 06:38 - 2014-02-11 06:38 - 0000108 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001\object.ini
2014-02-11 06:38 - 2014-02-11 06:38 - 0000378 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001\svc0000\object.ini
2014-02-11 06:38 - 2014-02-11 06:38 - 0366600 _____ (Microsoft Corporation) C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001\svc0000\tsk0000.dta
2014-02-11 06:38 - 2014-02-11 06:38 - 0000266 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0001\svc0000\tsk0000.ini
2014-02-11 06:38 - 2014-02-11 06:38 - 0000108 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000\object.ini
2014-02-11 06:38 - 2014-02-11 06:38 - 0000378 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000\svc0000\object.ini
2014-02-11 06:38 - 2014-02-11 06:38 - 0023808 _____ (Microsoft Corporation) C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000\svc0000\tsk0000.dta
2014-02-11 06:38 - 2014-02-11 06:38 - 0000268 _____ () C:\TDSSKiller_Quarantine\11.02.2014_06.33.25\susp0000\svc0000\tsk0000.ini

====== End of Folder: ======


========================= Folder: C:\NTKernel ========================

2014-02-05 22:45 - 2014-02-05 22:45 - 1511936 _____ () C:\NTKernel\load32

====== End of Folder: ======


========================= File: C:\Windows\system.ini ========================

MD5: 3CF3D4A45CC2AF973DBC30EC8D33252B
Creation and modification date: 2009-07-14 10:34 - 2014-02-11 00:07
Size: 0000215
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======


==== End of Fixlog ====

 

 

 

 

 

 

 

Also, noted about the P2P Networking.



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 15 February 2014 - 01:43 PM

Hi Zekira G. Drake

Step 1

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    C:\NTKernel;vs
    type C:\Windows\system.ini;b
    emptyclsid;
    autoclean;
    autoruns;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 Zekira G. Drake

Zekira G. Drake
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 15 February 2014 - 08:42 PM

zoek-results.log

 

Zoek.exe v5.0.0.0 Updated 15-February-2014
Tool run by Zekira Drake on Sun 02/16/2014 at  9:23:11.83.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\IMPORTANTFORCOMP\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/16/2014 09:24:33 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
D:\IMPORTANTFORCOMP\zoek.exe
C:\Windows\SysWOW64\cmd.exe
D:\2ndgen\F\EDIT\PaintTool SAI English Pack\PaintTool SAI English Pack\start-sai.exe
D:\2ndgen\F\EDIT\PaintTool SAI English Pack\PaintTool SAI English Pack\sai.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default

---- Lines claro removed from prefs.js ----
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "3061d10c00000000000000270e0c4ae9");
user_pref("extensions.claro.instlDay", "15698");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.3.10");
user_pref("extensions.claro.vrsni", "1.8.3.10");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.3.100:01:42");
---- Lines claro removed from user.js ----

user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.id", "3061d10c00000000000000270e0c4ae9");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.instlDay", "15698");
user_pref("extensions.claro.vrsn", "1.8.3.10");
user_pref("extensions.claro.vrsni", "1.8.3.10");
user_pref("extensions.claro_i.vrsnTs", "1.8.3.100:01:42");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro.tlbrId", "claro");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.admin", false);

---- FireFox user.js and prefs.js backups ----

user_20140216_0930_.backup
prefs_20140216_0930_.backup

ProfilePath: C:\Users\ZEKIRA~1\AppData\Roaming\Thunderbird\Profiles\2rakfzsc.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140216_0930_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\ProgramData\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\Zekira Drake\.android deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\bProtector_extensions.sqlite deleted
C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\bprotector_prefs.js deleted
C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\jetpack deleted
C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack deleted

==== Files Found In C:\NTKernel ======================

2014-02-05 14:45:21    1511936    ----a-w-    BE80E79A332789AEE24C39B456F566B7    C:\NTKernel\load32

==== System Specs ======================

Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3958 MB
CPU Info: Intel® Core™ i3 CPU         530  @ 2.93GHz
CPU Speed: 2943.1 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce 9500 GT | NVIDIA GeForce 9500 GT | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1360 X 768 - 32 bit
Network: Network Present
Network Adapters: VPN Client Adapter - VPN | Intel® 82578DC Gigabit Network Connection
CD / DVD Drives: 1x (S: | ) S: ATAPI   iHAS524   B
Ports: COM5 | COM1 | COM11 | COM10 LPT1
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  97.7GB | D:  368.1GB
Hard Disks - Free: C:  33.7GB | D:  28.5GB
Manufacturer *: Intel Corp.
BIOS Info: AT/AT COMPATIBLE | 11/19/09 | _ASUS_ - 1072009
Time Zone: China Standard Time
Motherboard *: Intel Corporation DH55TC
Country: Republic of the Philippines
Language: ENP

==== System Specs (Software) ======================

Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    27.0.1
Internet Explorer Version: 11.0.9600.16518
Mozilla Firefox version: 27.0.1 (x86 en-US)
Google Chrome version: 32.0.1700.102
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_45 (32-bit)
Flash Player version: 12.0.0.44

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-02-10 15:32:49    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2014-02-10 15:32:49    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2014-02-10 15:32:49    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2014-02-10 15:32:49    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2014-02-10 15:32:49    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
====== C:\Users\ZEKIRA~1\AppData\Local\Temp ====
2014-02-16 01:11:28    A5E90F64E3FC04AC2912B8BBB757AA2C    8864    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{CE8C40BE-E68A-43EC-AF99-92BC413315B3}\SetupRes.dll
2014-02-16 01:11:28    93812FDC01AA864195816CD814445F95    241984    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{CE8C40BE-E68A-43EC-AF99-92BC413315B3}\SqmApi.dll
2014-02-16 01:11:28    51BE151E57B55935B969210FA1D07D47    1100160    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{CE8C40BE-E68A-43EC-AF99-92BC413315B3}\Setup.exe
2014-02-16 01:11:28    2923B7A997CDF1741D7F12A4EB555E6B    185664    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{CE8C40BE-E68A-43EC-AF99-92BC413315B3}\EppManifest.dll
2014-02-16 01:10:49    A5E90F64E3FC04AC2912B8BBB757AA2C    8864    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{E1D08F81-FF38-484E-AFA3-5FDEB752D6C3}\SetupRes.dll
2014-02-16 01:10:49    93812FDC01AA864195816CD814445F95    241984    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{E1D08F81-FF38-484E-AFA3-5FDEB752D6C3}\SqmApi.dll
2014-02-16 01:10:49    51BE151E57B55935B969210FA1D07D47    1100160    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{E1D08F81-FF38-484E-AFA3-5FDEB752D6C3}\Setup.exe
2014-02-16 01:10:49    2923B7A997CDF1741D7F12A4EB555E6B    185664    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{E1D08F81-FF38-484E-AFA3-5FDEB752D6C3}\EppManifest.dll
2014-02-16 00:52:43    B65E4819F3DB6787A6CCF1034F4E84F0    5555768    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\VPN_B795\B7091C83.dll
2014-02-16 00:52:43    B65E4819F3DB6787A6CCF1034F4E84F0    5555768    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\VPN_4263\B7091C83.dll
2014-02-16 00:52:43    AA2C08CE85653B1A0D2E4AB407FA176C    167424    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\VPN_4263\0FC343C0.dll
====== Java Cache =====
2014-01-27 12:39:03    4FF89A65EF2C1BAA8666DE0614D0A627    469    ----a-w-    C:\Users\Zekira Drake\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4de63de6-4fdda4ff
====== C:\Windows\SysWOW64 =====
2014-02-14 22:21:18    5CFA81C05054018FC91F75C6AABB7EE8    5693440    ----a-w-    C:\Windows\SysWOW64\mstscax.dll
2014-02-12 12:29:20    AB5EFB103DB01C1912C9D2F545EA5621    17920    ----a-w-    C:\Windows\SysWOW64\wksprtPS.dll
2014-02-12 12:29:20    8DEEE20D8D30E9B0FBDCA31E58A027BD    53248    ----a-w-    C:\Windows\SysWOW64\tsgqec.dll
2014-02-12 12:29:20    4676AAA9DDF52A50C829FEDB4EA81E54    1068544    ----a-w-    C:\Windows\SysWOW64\mstsc.exe
2014-02-12 12:29:20    2EFB1279E7BEA7D12D9F4D6508D27880    50176    ----a-w-    C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-12 12:29:19    5E676B296B762E211D83B87635F2C330    855552    ----a-w-    C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-12 12:23:58    3D485254E43EF4E4F707346B5731EA9A    454656    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2014-02-12 12:23:24    B8F28AAC003060E3B125D2447CFC19E2    164864    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2014-02-12 12:23:24    B5B3334F177CED627C2D7FE38235B6B1    2724864    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 12:23:23    85AC8EB265EDCAD86D651D45C5E3AB83    440832    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2014-02-12 12:23:21    C9D1131E2163CE932DF3EAAF0EEA3673    524288    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 12:23:21    7D6B20C69CC8EECB8F31D4FAF913BBE8    112128    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 12:23:21    6A06EB11F1E5BDAA795DAE7838F9FE20    43008    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 12:23:21    408805B8083896DC95E6340F4016BEBD    61952    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2014-02-12 12:23:21    0E7B7C9F483300F9FF97C6A1E4BC4F57    32768    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2014-02-12 12:23:20    260D6B421E5551E8BA75D16B5CA90D9A    51200    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 12:23:20    0F739443669F3A48F1B2325995117BFE    553472    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 12:23:19    5DD49C02D059C1E6E47A8FB4A076C9B1    703488    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 12:23:19    34CBED7698D557DDB43F8732FBC2ACB9    2168320    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2014-02-12 12:23:18    9C89246184979A070B0C6CCF61C68136    1820160    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2014-02-12 12:23:18    5D9DC6332A4FC66388B09BBE7CF53750    1156096    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2014-02-12 12:23:18    40E68599FE3A10F816217D3789FCE74E    1964032    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 12:23:15    C863E5A2417DF0F2A31ED32C3B2CB23F    17103872    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-02-12 12:23:15    79FA7D8B488F90EDE325963379A6F738    11266048    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2014-02-12 12:23:14    99280392987A1A96C756A9F38C4CE396    4244480    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2014-02-12 12:21:28    E01D2AC63453534DB8AD1EA97DEE9C3A    594944    ----a-w-    C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:21:28    6142C5540C8D2764D59CBC11AF4A5900    572416    ----a-w-    C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:21:27    0F5FEF37588AF457E02125674F171A4F    508928    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:21:26    BBCE3E9E74C7CEA47FA4115B360AC2C6    423936    ----a-w-    C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:21:26    9158DBE2F8483434FC72F320690C9DB8    87040    ----a-w-    C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:21:26    7FA485555BF802FE3DB5598004DBDFAC    390144    ----a-w-    C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:21:26    58712A48D31B40EBCB35B47205F87771    87040    ----a-w-    C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:21:26    12A9F24DC9F465DA79AC2272D829A81E    428032    ----a-w-    C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:21:26    08D323750350A8A29611D1004C0CF319    510976    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:21:16    EA093130471090037BB70A4AF86FAD1B    420008    ----a-w-    C:\Windows\SysWOW64\locale.nls
2014-02-12 12:21:11    E4561704CBFA193761743E5AF746C669    1237504    ----a-w-    C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:21:10    17B06F23237FCD731FA2E10ECD6EDFE1    2048    ----a-w-    C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:21:05    AAB5D8C5ABE71873DC19ED004EF25009    792576    ----a-w-    C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-12 12:21:03    D96106CF60505734B14F6AE80AAA4B07    1987584    ----a-w-    C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:21:03    14800BD31701A5047AC3145BB1E698AE    3419136    ----a-w-    C:\Windows\SysWOW64\d2d1.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-14 22:21:18    8F273C46BF2261BB872B3766521C9C2A    6573056    ----a-w-    C:\Windows\Sysnative\mstscax.dll
2014-02-12 12:29:23    DDED7C5558B3AE09F568945281A9A6D1    44544    ----a-w-    C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-02-12 12:29:20    FEC6178962DFF33074D39CA907971405    12800    ----a-w-    C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-12 12:29:20    8E75B1112C374EBDF18FD640DA2F0655    1147392    ----a-w-    C:\Windows\Sysnative\mstsc.exe
2014-02-12 12:29:20    7BD2E6E2458A5B95F8341244C7FC7DD4    18944    ----a-w-    C:\Windows\Sysnative\wksprtPS.dll
2014-02-12 12:29:20    79EE5ECB4BE89343E4CF1E48F7769F59    420864    ----a-w-    C:\Windows\Sysnative\wksprt.exe
2014-02-12 12:29:20    5289A00E2D21BB3A7D6761646543ED5C    62976    ----a-w-    C:\Windows\Sysnative\tsgqec.dll
2014-02-12 12:29:20    149A388C17F04AD1F99B477A43BE1A9F    56832    ----a-w-    C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-02-12 12:29:20    108C257D765AAD2E6EC46557DA0B02BD    13824    ----a-w-    C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 12:29:20    0D2C2FAC4F29B5868D39B7267058CFEF    83968    ----a-w-    C:\Windows\Sysnative\TSWbPrxy.exe
2014-02-12 12:29:19    A4420969E5AB94856E5C0C02E6099D3F    1057280    ----a-w-    C:\Windows\Sysnative\rdvidcrl.dll
2014-02-12 12:23:58    F67C7D80745379DC4C5332EFFE5AC696    548864    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2014-02-12 12:23:24    94C59DD02BC7EA0E421055B9946CA861    2724864    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2014-02-12 12:23:23    63B5E990896BA81D604032A48CC80A5C    574976    ----a-w-    C:\Windows\Sysnative\ieui.dll
2014-02-12 12:23:23    1D1D7F52EC84294859642A4309FE648E    195584    ----a-w-    C:\Windows\Sysnative\msrating.dll
2014-02-12 12:23:22    FD08F8BA2437A85F500EFFE3FD3158A6    33792    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2014-02-12 12:23:22    E77092C38028EB0A5C461B3436E0A6D5    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2014-02-12 12:23:22    27516B54E116D5EF8B0129B5C829A87C    218624    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2014-02-12 12:23:21    CDE728C8FB1D6E132CED44835FA44C87    627200    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2014-02-12 12:23:21    C1E2C16D58D76323800C3EE5E2C5095A    66048    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2014-02-12 12:23:21    99ED8FBAFD325550D07A32664D9E3CC8    53760    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2014-02-12 12:23:21    338415F2E9A188875B6E43B5269620B0    139264    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2014-02-12 12:23:20    FCFAEDF0AA1A78A1875FDB798598408B    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2014-02-12 12:23:20    E129D34089E70215B65EA611F802FA9A    111616    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2014-02-12 12:23:20    D016F5092E4FFC41147E8555A71D2DDE    23170048    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-02-12 12:23:20    3906C9640406FC0FC00A324947C74893    708608    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2014-02-12 12:23:19    F348B2D0983C91392632B4291C517AA4    817664    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2014-02-12 12:23:18    6300AD525D639CECBB3D144B6D7B30F9    2765824    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2014-02-12 12:23:18    263B6E451526A90FF8B1CEC759F22956    2334208    ----a-w-    C:\Windows\Sysnative\wininet.dll
2014-02-12 12:23:18    22874047B810B5B174C68ACD7C0B6510    1393664    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2014-02-12 12:23:17    DB02F4D37E5F7F07A0D0F9FAA68249EE    13051392    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2014-02-12 12:23:17    83296DE8CFFEADA636DCC1AB2E3BF643    2041856    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2014-02-12 12:23:14    5922EEA922D3AD686342F866CAEE851F    5768704    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2014-02-12 12:21:28    1B3741488AA7E237961A29D1E7A44C0A    626176    ----a-w-    C:\Windows\Sysnative\RMActivate.exe
2014-02-12 12:21:28    17CF3B3F68272BD40C878D4DBAB0EBC9    658432    ----a-w-    C:\Windows\Sysnative\RMActivate_isv.exe
2014-02-12 12:21:27    297926B15AE5390409F1007EB28A8EFB    552960    ----a-w-    C:\Windows\Sysnative\RMActivate_ssp_isv.exe
2014-02-12 12:21:27    03F8F411F118CFDA508E77C747BB05EA    553984    ----a-w-    C:\Windows\Sysnative\RMActivate_ssp.exe
2014-02-12 12:21:26    DC6DD779F35BB42E2E76FDFEC565C251    123392    ----a-w-    C:\Windows\Sysnative\secproc_ssp_isv.dll
2014-02-12 12:21:26    C6AC2C91541D24F9E236A670C0CA793D    528384    ----a-w-    C:\Windows\Sysnative\msdrm.dll
2014-02-12 12:21:26    B41B1FEDEBBD955B4E25676B42087885    123392    ----a-w-    C:\Windows\Sysnative\secproc_ssp.dll
2014-02-12 12:21:26    5693212AB2EBCACBBE05EC3A642113E2    485888    ----a-w-    C:\Windows\Sysnative\secproc_isv.dll
2014-02-12 12:21:26    399FC1B75790EE606A6FD9F2FB4C891C    488448    ----a-w-    C:\Windows\Sysnative\secproc.dll
2014-02-12 12:21:16    EA093130471090037BB70A4AF86FAD1B    420008    ----a-w-    C:\Windows\Sysnative\locale.nls
2014-02-12 12:21:11    0D298133C359AB8CB9EB4FA178BF3947    1882112    ----a-w-    C:\Windows\Sysnative\msxml3.dll
2014-02-12 12:21:10    CD2C20CC3B385A32701F78C0ACBBE9F3    2048    ----a-w-    C:\Windows\Sysnative\msxml3r.dll
2014-02-12 12:21:05    9E2EDE952A3EC44754A829F048CE93A0    1030144    ----a-w-    C:\Windows\Sysnative\TSWorkspace.dll
2014-02-12 12:21:03    E8710B5DDA963E6BA198DF5FB209E72A    2565120    ----a-w-    C:\Windows\Sysnative\d3d10warp.dll
2014-02-12 12:21:03    C676E5EA388AF7C4C031F56F9B42E362    3928064    ----a-w-    C:\Windows\Sysnative\d2d1.dll
====== C:\Windows\Sysnative\drivers =====
2014-02-12 12:29:20    E9981ECE8D894CEF7038FD1D040EB426    56832    ----a-w-    C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-02-10 22:16:12    F24BD06AE917F57408999F79E91FD6BC    119000    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-01-17 03:03:16    18A85013A3E0F7E1755365D287443965    53248    ----a-w-    C:\Windows\Sysnative\drivers\usbehci.sys
2014-01-17 03:03:16    12FEB33791920678F8433701C822BCFD    325120    ----a-w-    C:\Windows\Sysnative\drivers\usbport.sys
2014-01-17 03:03:15    FFA06EF43987ED0DD42AD59B260C0C78    7808    ----a-w-    C:\Windows\Sysnative\drivers\usbd.sys
2014-01-17 03:03:15    DD253AFC3BC6CBA412342DE60C3647F3    30720    ----a-w-    C:\Windows\Sysnative\drivers\usbuhci.sys
2014-01-17 03:03:15    DCA68B0943D6FA415F0C56C92158A83A    99840    ----a-w-    C:\Windows\Sysnative\drivers\usbccgp.sys
2014-01-17 03:03:15    8D1196CFBB223621F2C67D45710F25BA    343040    ----a-w-    C:\Windows\Sysnative\drivers\usbhub.sys
2014-01-17 03:03:15    765A92D428A8DB88B960DA5A8D6089DC    25600    ----a-w-    C:\Windows\Sysnative\drivers\usbohci.sys
2014-01-17 03:03:14    3555BA97171CD153118F73FDCCC8BFDE    376768    ----a-w-    C:\Windows\Sysnative\drivers\netio.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-02-09 15:00:48    --------    d-----w-    C:\PROGRA~2\ESET
2014-01-20 12:49:54    --------    d-----w-    C:\PROGRA~2\Lexmark 2400 Series
======= C: =====
====== C:\Users\Zekira Drake\AppData\Roaming ======
2014-02-10 16:09:03    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2014-02-10 16:09:03    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2014-02-10 16:09:03    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2014-02-10 16:09:03    --------    d-----w-    C:\Users\Blue\AppData\Local\temp
2014-02-01 04:34:55    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Adobe
2014-02-01 04:33:43    --------    d-----w-    C:\Users\Zekira Drake\AppData\Roaming\sol-fa-soft
====== C:\Users\Zekira Drake ======
2014-02-10 15:42:06    --------    d-----w-    C:\Users\Public\AppData
2014-01-20 12:49:11    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2400 Series

====== C: exe-files ==
2014-02-16 01:11:28    51BE151E57B55935B969210FA1D07D47    1100160    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{CE8C40BE-E68A-43EC-AF99-92BC413315B3}\Setup.exe
2014-02-16 01:10:49    51BE151E57B55935B969210FA1D07D47    1100160    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Temp\{E1D08F81-FF38-484E-AFA3-5FDEB752D6C3}\Setup.exe
2014-02-15 12:15:30    5FFDA96330357A914A69D79BE1988A38    571816    ----a-w-    C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
2014-02-14 22:24:02    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9030AE5\FRST64[1].exe
2014-02-14 22:23:50    27B99B9BD35BD4018792CD4C000D9AC1    2152960    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMGLXGWB\FRST64[1].exe
2014-02-14 11:38:24    B0AB350E3E98C7FB1E4930F762D0477B    3273016    ----a-w-    C:\Users\Zekira Drake\AppData\Local\NVIDIA\NvBackend\Packages\000057eb\DAO.17845377.exe
2014-02-12 12:29:20    8E75B1112C374EBDF18FD640DA2F0655    1147392    ----a-w-    C:\Windows\System32\mstsc.exe
2014-02-12 12:29:20    79EE5ECB4BE89343E4CF1E48F7769F59    420864    ----a-w-    C:\Windows\System32\wksprt.exe
2014-02-12 12:29:20    4676AAA9DDF52A50C829FEDB4EA81E54    1068544    ----a-w-    C:\Windows\SysWOW64\mstsc.exe
2014-02-12 12:29:20    108C257D765AAD2E6EC46557DA0B02BD    13824    ----a-w-    C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-12 12:29:20    0D2C2FAC4F29B5868D39B7267058CFEF    83968    ----a-w-    C:\Windows\System32\TSWbPrxy.exe
2014-02-12 12:23:22    27516B54E116D5EF8B0129B5C829A87C    218624    ----a-w-    C:\Windows\System32\ie4uinit.exe
2014-02-12 12:23:21    AFAB9B381886ABE3490689B7633A858F    482816    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-02-12 12:23:21    9E8F9FDD407DDE997965EEFD9E635CCF    469504    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-02-12 12:23:21    7D6B20C69CC8EECB8F31D4FAF913BBE8    112128    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 12:23:21    338415F2E9A188875B6E43B5269620B0    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-12 12:23:20    E129D34089E70215B65EA611F802FA9A    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-12 12:23:18    C6E1178294BDEAB1CACF50427688DF05    806104    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-02-12 12:23:18    4263F6C131E513CEA1AE82B5B81A4E1A    808152    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-02-12 12:21:28    E01D2AC63453534DB8AD1EA97DEE9C3A    594944    ----a-w-    C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:21:28    6142C5540C8D2764D59CBC11AF4A5900    572416    ----a-w-    C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:21:28    1B3741488AA7E237961A29D1E7A44C0A    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2014-02-12 12:21:28    17CF3B3F68272BD40C878D4DBAB0EBC9    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2014-02-12 12:21:27    297926B15AE5390409F1007EB28A8EFB    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-12 12:21:27    0F5FEF37588AF457E02125674F171A4F    508928    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:21:27    03F8F411F118CFDA508E77C747BB05EA    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2014-02-12 12:21:26    08D323750350A8A29611D1004C0CF319    510976    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:19:09    E2C49707671DA28E14A715391E829F5A    2151424    ----a-w-    C:\Users\Zekira Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYSUG32Q\FRST64[1].exe
2014-02-12 11:59:47    69BAC259A78561327ECFDE108BB5B686    3241056    ----a-w-    C:\Users\Zekira Drake\AppData\Local\NVIDIA\NvBackend\Packages\000057d2\DAO.17829829.exe
2014-02-10 15:32:49    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2014-02-10 15:32:49    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2014-02-10 15:32:49    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2014-02-10 15:32:49    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2014-02-10 15:32:49    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2014-02-09 15:01:09    CE0D0B11986FD2C0247AE88A59B36A6E    579904    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-02-09 15:01:09    BDB7D97012F9B3102DB72AA76A24942A    546944    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-02-09 15:01:09    7C9EEC809FB9CDA26EFC245C001EA980    2347384    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-02-09 15:01:09    7ABF8849E76732C357F419B1AF5668F2    546944    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-02-09 15:01:09    6D4ED8A5C071F29730A6F0B943FEEA3A    122584    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-02-09 14:19:18    EFBB12554A646E87E72B65C1621E8877    3238136    ----a-w-    C:\Users\Blue\AppData\Local\NVIDIA\NvBackend\Packages\000057aa\DAO.17777837.exe
=== C: other files ==
2014-02-12 12:29:20    E9981ECE8D894CEF7038FD1D040EB426    56832    ----a-w-    C:\Windows\System32\drivers\TsUsbFlt.sys
2014-02-10 22:16:12    F24BD06AE917F57408999F79E91FD6BC    119000    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1224801478-1470400727-1307533331-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe  /MINIMIZED"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe  /MINIMIZED"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacrokeyManager"="WTMKM.exe"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"SoftEther VPN Client UI Helper"="C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe /uihelp"

==== Startup Folders ======================

2014-02-01 04:35:12    71    ----a-w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
2014-02-01 04:35:12    71    ----a-w-    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
2013-12-31 06:27:15    1999    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/12/2014 20:31]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core.job --a------ C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [01/15/2013 23:31]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA.job --a------ C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe [01/15/2013 23:31]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000Core" [C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1224801478-1470400727-1307533331-1000UA" [C:\Users\Zekira Drake\AppData\Local\Google\Update\GoogleUpdate.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\ZEKIRA~1\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default
- New Tabs at the End - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\extensions\new-tabs-at-end@forerunnerdesigns.com
- DownloadHelper - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flashget Downloader Extension - C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
- New Tabs at the End - %ProfilePath%\extensions\new-tabs-at-end@forerunnerdesigns.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flashget Downloader Extension - %ProfilePath%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- Furigana Injector - %ProfilePath%\extensions\furiganainjector@yayakoshi.net.xpi
- Imgur Uploader - %ProfilePath%\extensions\giorgio@gilestro.tk.xpi
- SmartVideo For YouTube - %ProfilePath%\extensions\mytube@ashishmishra.in.xpi
- NicoFox - %ProfilePath%\extensions\nicofox@littlebtc.xpi
- Photobucket Uploader em:version1.3.9 - %ProfilePath%\extensions\pbupload@photobucket.com.xpi
- Element Properties - %ProfilePath%\extensions\properties@darktrojan.net.xpi
- Scriptish - %ProfilePath%\extensions\scriptish@erikvold.com.xpi
- YouTube to MP3 - %ProfilePath%\extensions\youtube2mp3@mondayx.de.xpi
- FlashGot - %ProfilePath%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- HTML Ruby - %ProfilePath%\extensions\{e10bc159-aa26-41d8-aa24-65de9464ca5a}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ProfilePath: C:\Users\ZEKIRA~1\AppData\Roaming\Thunderbird\Profiles\2rakfzsc.default
- MinimizeToTray revived MinTrayR - C:\Users\Zekira Drake\AppData\Roaming\Thunderbird\Profiles\2rakfzsc.default\extensions\mintrayr@tn123.ath.cx
- MinimizeToTray revived MinTrayR - %ProfilePath%\extensions\mintrayr@tn123.ath.cx
- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Zekira Drake\AppData\Roaming\Mozilla\Firefox\Profiles\fa7uzgds.default
FD6ACD9D85177259D442A0C4AC15F7B8    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll -    Shockwave Flash
C36444D7301A8C881FC7296B092609C7    - C:\Users\Zekira Drake\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll -    Google Update
87132527E2256CF6683A18C4EB34DD3B    - C:\Windows\system32\Wat\npWatWeb.dll -    Windows Activation Technologies
6682B63B8124A303AF586E943665DD40    - D:\Kuroneko\GameOn\Common files\nppmangsupport.dll -    pmangsupport
2147C8ED020B1CE3B82BBDD3C49C8F81    - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll -    WacomTabletPlugin


==== Chrome Look ======================

Google Docs - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://godvillegame.com/superhero"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://godvillegame.com/superhero"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== HijackThis Entries ======================

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Zekira Drake\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Global Startup: SoftEther VPN Client Manager Startup.lnk = C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://bm-dist.bmcdn.jp/bmcdndist/neffy/NeffyLauncher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Desura Install Service - Desura Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: lxcr_device -   - C:\Windows\SysWOW64\lxcrcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoftEther VPN Client (SEVPNCLIENT) - SoftEther Project at University of Tsukuba, Japan. - C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe (file missing)

==== Sysinternals Autoruns Log ======================

HKLM\System\CurrentControlSet\Services
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     11/22/2013 00:55
   AdobeFlashPlayerUpdateSvc
     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     12.0.0.44
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     1/28/2014 09:56
   Desura Install Service
     C:\Program Files (x86)\Common Files\Desura\desura_service.exe
     Desura
     Desura Pty Ltd
     0.0.14.16
     c:\program files (x86)\common files\desura\desura_service.exe
     11/14/2011 00:03
   IDriverT
     "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
     Provides support for the Running Object Table for InstallShield Drivers
     Macrovision Corporation
     11.50.0.42618
     c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe
     11/14/2005 15:06
   Intel® PROSet Monitoring Service
     C:\Windows\system32\IProsetMonitor.exe
     The Intel® PROSet Monitoring Service actively monitors changes to the system and updates affected network devices to keep them running in optimal condition.  Stopping this service may negatively affect the performance of the network devices on the system.
     Intel Corporation
     17.5.101.0
     c:\windows\system32\iprosetmonitor.exe
     11/21/2012 14:31
   LMS
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
     Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces.
     Intel Corporation
     6.1.0.1044
     c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
     4/14/2010 10:43
   lxcr_device
     C:\Windows\SysWOW64\lxcrcoms.exe -service
     Printer Communication System
      
     99.99.99.99
     c:\windows\syswow64\lxcrcoms.exe
     11/7/2006 06:27
   MozillaMaintenance
     "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     27.0.1.5156
     c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
     2/13/2014 06:23
   MSCSPTISRV
     "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"
     MSCSPTISRV Module
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\mscsptisrv.exe
     12/14/2006 01:21
   NvNetworkService
     "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
     NVIDIA Network Service
     NVIDIA Corporation
     1.0.0.1
     c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe
     12/6/2013 23:09
   NvStreamSvc
     "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
     Service for SHIELD Streaming
     NVIDIA Corporation
     1.6.85.0
     c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe
     12/9/2013 22:19
   nvsvc
     "C:\Windows\system32\nvvsvc.exe"
     Provides system and desktop level support to the NVIDIA display driver
     NVIDIA Corporation
     8.17.13.3165
     c:\windows\system32\nvvsvc.exe
     10/23/2013 16:05
   PACSPTISVR
     "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"
     PACSPTISVR Module
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\pacsptisvr.exe
     12/14/2006 00:46
   rpcapd
     "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini"
     Allows to capture traffic on this machine from a remote machine.
     CACE Technologies, Inc.
     4.1.0.2001
     c:\program files (x86)\winpcap\rpcapd.exe
     6/26/2010 00:47
   ServiceLayer
     "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
     ServiceLayer Module
     Nokia
     12.0.27.0
     c:\program files (x86)\pc connectivity solution\servicelayer.exe
     6/11/2012 16:31
   SEVPNCLIENT
     "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /service
     This manages the Virtual Network Adapter device driver and connection service for the SoftEther VPN Client. When this service is stopped, it will not be possible to use SoftEther VPN Client on this computer to connect to a SoftEther VPN Server.
     SoftEther Project at University of Tsukuba, Japan.
     2.0.0.9387
     c:\program files\softether vpn client\vpnclient_x64.exe
     9/16/2013 11:48
   SonicStage Back-End Service
     "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe"
     SonicStage Back-End Service Module
     Sony Corporation
     4.3.1.14020
     c:\program files (x86)\common files\sony shared\avlib\ssbesvc.exe
     2/2/2007 18:05
   SPTISRV
     "C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe"
     SPTISRV Module
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\sptisrv.exe
     12/14/2006 01:02
   SSScsiSV
     C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
     SonicStage Scsi I/F Server
     Sony Corporation
     4.3.1.14020
     c:\program files (x86)\common files\sony shared\avlib\ssscsisv.exe
     2/2/2007 18:07
   Steam Client Service
     "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
     Steam Client Service monitors and updates Steam content
     Valve Corporation
     2.8.75.99
     c:\program files (x86)\common files\steam\steamservice.exe
     1/26/2014 05:44
   Stereo Service
     "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
     Provides system support for NVIDIA Stereoscopic 3D driver
     NVIDIA Corporation
     7.17.13.3165
     c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe
     10/23/2013 15:38
   UNS
     "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
     Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device.
     Intel Corporation
     6.1.0.1044
     c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
     4/14/2010 10:45
   WTabletServiceCon
     C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
     Driver for Wacom Tablets
     Wacom Technology, Corp.
     5.3.2.1
     c:\program files\tablet\pen\wtabletservicecon.exe
     12/12/2012 05:06
   WTService
     C:\Windows\system32\atwtusb.exe -s
     User Mode Tablet Driver
     2.51.3.1
     c:\windows\system32\atwtusb.exe
     1/26/2011 14:21

HKLM\System\CurrentControlSet\Services
   adp94xx
     \SystemRoot\system32\drivers\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     12/6/2008 07:54
   adpahci
     \SystemRoot\system32\drivers\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     5/2/2007 01:30
   adpu320
     \SystemRoot\system32\drivers\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver (X64)
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     2/28/2007 08:04
   aliide
     \SystemRoot\system32\drivers\aliide.sys
     ALi mini IDE Driver
     Acer Laboratories Inc.
     1.2.0.0
     c:\windows\system32\drivers\aliide.sys
     7/14/2009 07:19
   amdsata
     \SystemRoot\system32\drivers\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdsata.sys
     3/19/2010 08:45
   amdsbs
     \SystemRoot\system32\drivers\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.6.1540.127
     c:\windows\system32\drivers\amdsbs.sys
     3/21/2009 02:36
   amdxata
     system32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.2.5
     c:\windows\system32\drivers\amdxata.sys
     3/20/2010 00:18
   arc
     \SystemRoot\system32\drivers\arc.sys
     Adaptec RAID Storport Driver
     Adaptec, Inc.
     5.2.0.10384
     c:\windows\system32\drivers\arc.sys
     5/25/2007 05:27
   arcsas
     \SystemRoot\system32\drivers\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     Adaptec, Inc.
     5.2.0.16119
     c:\windows\system32\drivers\arcsas.sys
     1/15/2009 03:27
   b06bdrv
     \SystemRoot\system32\drivers\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     4.8.2.0
     c:\windows\system32\drivers\bxvbda.sys
     2/14/2009 06:18
   b57nd60a
     system32\DRIVERS\b57nd60a.sys
     Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.
     Broadcom Corporation
     10.100.4.0
     c:\windows\system32\drivers\b57nd60a.sys
     4/26/2009 19:14
   BrFiltLo
     \SystemRoot\system32\drivers\BrFiltLo.sys
     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver
     Brother Industries, Ltd.
     1.10.0.2
     c:\windows\system32\drivers\brfiltlo.sys
     8/7/2006 09:51
   BrFiltUp
     \SystemRoot\system32\drivers\BrFiltUp.sys
     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver
     Brother Industries, Ltd.
     1.4.0.1
     c:\windows\system32\drivers\brfiltup.sys
     8/7/2006 09:51
   Brserid
     \SystemRoot\System32\Drivers\Brserid.sys
     Brotehr Serial I/F Driver (WDM)
     Brother Industries Ltd.
     1.0.1.6
     c:\windows\system32\drivers\brserid.sys
     8/7/2006 09:51
   BrSerWdm
     \SystemRoot\System32\Drivers\BrSerWdm.sys
     Brother Serial driver (WDM version)
     Brother Industries Ltd.
     1.0.0.20
     c:\windows\system32\drivers\brserwdm.sys
     8/7/2006 09:51
   BrUsbMdm
     \SystemRoot\System32\Drivers\BrUsbMdm.sys
     Brother USB MDM Driver
     Brother Industries Ltd.
     1.0.0.12
     c:\windows\system32\drivers\brusbmdm.sys
     8/7/2006 09:51
   BrUsbSer
     \SystemRoot\System32\Drivers\BrUsbSer.sys
     Brother USB Serial Driver
     Brother Industries Ltd.
     1.0.1.3
     c:\windows\system32\drivers\brusbser.sys
     8/9/2006 20:11
   catchme
     \??\C:\ComboFix\catchme.sys
     File not found: C:\ComboFix\catchme.sys
     
   cmdide
     \SystemRoot\system32\drivers\cmdide.sys
     CMD PCI IDE Bus Driver
     CMD Technology, Inc.
     2.0.7.0
     c:\windows\system32\drivers\cmdide.sys
     7/14/2009 07:19
   dg_ssudbus
     system32\DRIVERS\ssudbus.sys
     SAMSUNG USB Composite Device Driver (MSS Ver.3)
     DEVGURU Co., LTD.(www.devguru.co.kr)
     2.11.1.0
     c:\windows\system32\drivers\ssudbus.sys
     8/14/2013 14:47
   e1kexpress
     system32\DRIVERS\e1k62x64.sys
     Intel® Gigabit Adapter NDIS 6.x driver
     Intel Corporation
     11.16.87.0
     c:\windows\system32\drivers\e1k62x64.sys
     2/2/2012 17:42
   EagleX64
     \??\C:\Windows\system32\drivers\EagleX64.sys
     File not found: C:\Windows\system32\drivers\EagleX64.sys
     
   ebdrv
     \SystemRoot\system32\drivers\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     4.8.13.0
     c:\windows\system32\drivers\evbda.sys
     1/1/2009 00:29
   elxstor
     \SystemRoot\system32\drivers\elxstor.sys
     Storport Miniport Driver for LightPulse HBAs
     Emulex
     7.2.10.211
     c:\windows\system32\drivers\elxstor.sys
     2/4/2009 06:52
   hcw85cir
     \SystemRoot\system32\drivers\hcw85cir.sys
     Hauppauge WinTV 885 Consumer IR Driver for eHome
     Hauppauge Computer Works, Inc.
     1.31.27127.0
     c:\windows\system32\drivers\hcw85cir.sys
     5/11/2009 16:26
   HECIx64
     system32\DRIVERS\HECIx64.sys
     Intel® Management Engine Interface
     Intel Corporation
     6.0.0.1179
     c:\windows\system32\drivers\hecix64.sys
     9/18/2009 03:54
   hidkmdf
     system32\DRIVERS\hidkmdf.sys
     Filter Driver for HID-KMDF Interface
     Windows ® Win 7 DDK provider
     6.1.7600.16385
     c:\windows\system32\drivers\hidkmdf.sys
     8/25/2011 03:48
   HpSAMD
     \SystemRoot\system32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     6.12.6.64
     c:\windows\system32\drivers\hpsamd.sys
     4/21/2010 02:32
   hwdatacard
     system32\DRIVERS\ewusbmdm.sys
     USB Modem/Serial Device Driver
     Huawei Technologies Co., Ltd.
     2.0.3.819
     c:\windows\system32\drivers\ewusbmdm.sys
     7/24/2008 12:04
   iaStorV
     \SystemRoot\system32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1014
     c:\windows\system32\drivers\iastorv.sys
     6/11/2010 08:46
   iirsp
     \SystemRoot\system32\drivers\iirsp.sys
     Intel/ICP Raid Storport Driver
     Intel Corp./ICP vortex GmbH
     5.4.22.0
     c:\windows\system32\drivers\iirsp.sys
     12/14/2005 05:47
   IntcAzAudAddService
     system32\drivers\RTKVHD64.sys
     Realtek® High Definition Audio Function Driver
     Realtek Semiconductor Corp.
     6.0.1.6602
     c:\windows\system32\drivers\rtkvhd64.sys
     3/27/2012 17:01
   ivusb
     system32\DRIVERS\ivusb.sys
     Initio Default Vendor Specific Device Driver
     Initio Corporation
     2.13.2009.128
     c:\windows\system32\drivers\ivusb.sys
     5/14/2010 10:42
   LSI_FC
     \SystemRoot\system32\drivers\lsi_fc.sys
     LSI Fusion-MPT FC Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_fc.sys
     12/10/2008 06:46
   LSI_SAS
     \SystemRoot\system32\drivers\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.28.3.52
     c:\windows\system32\drivers\lsi_sas.sys
     5/19/2009 08:20
   LSI_SAS2
     \SystemRoot\system32\drivers\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.2.71
     c:\windows\system32\drivers\lsi_sas2.sys
     5/19/2009 08:31
   LSI_SCSI
     \SystemRoot\system32\drivers\lsi_scsi.sys
     LSI Fusion-MPT SCSI Driver (StorPort)
     LSI Corporation
     1.28.3.67
     c:\windows\system32\drivers\lsi_scsi.sys
     4/17/2009 06:13
   megasas
     \SystemRoot\system32\drivers\megasas.sys
     MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64
     LSI Corporation
     4.5.1.64
     c:\windows\system32\drivers\megasas.sys
     5/19/2009 09:09
   MegaSR
     \SystemRoot\system32\drivers\MegaSR.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     13.5.409.2009
     c:\windows\system32\drivers\megasr.sys
     5/19/2009 09:25
   MotioninJoyXFilter
     system32\DRIVERS\MijXfilt.sys
     MotioninJoy DS3 driver
     MotioninJoy
     0.50.0.2
     c:\windows\system32\drivers\mijxfilt.sys
     5/12/2012 12:27
   moufiltr
     system32\DRIVERS\moufiltr.sys
     Mouse Filter Driver
     Windows ® Codename Longhorn DDK provider
     6.0.6001.18000
     c:\windows\system32\drivers\moufiltr.sys
     3/9/2009 11:16
   Neo_VPN
     system32\DRIVERS\Neo_0008.sys
     VPN Client Adapter - VPN
     SoftEther Project at University of Tsukuba, Japan.
     4.2.0.9387
     c:\windows\system32\drivers\neo_0008.sys
     9/16/2013 11:48
   nfrd960
     \SystemRoot\system32\drivers\nfrd960.sys
     IBM ServeRAID Controller Driver
     IBM Corporation
     7.10.0.0
     c:\windows\system32\drivers\nfrd960.sys
     6/7/2006 05:11
   nmwcd
     system32\drivers\ccdcmbx64.sys
     Nokia USB Phone Bus Driver
     Nokia
     7.1.32.71
     c:\windows\system32\drivers\ccdcmbx64.sys
     10/5/2011 21:11
   nmwcdc
     system32\drivers\ccdcmbox64.sys
     Nokia USB Phone Bus Driver
     Nokia
     7.1.32.71
     c:\windows\system32\drivers\ccdcmbox64.sys
     10/5/2011 21:11
   NPF
     system32\drivers\npf.sys
     npf.sys (NT5/6 AMD64) Kernel Driver
     CACE Technologies, Inc.
     4.1.0.2001
     c:\windows\system32\drivers\npf.sys
     6/26/2010 00:50
   nvlddmkm
     system32\DRIVERS\nvlddmkm.sys
     NVIDIA Windows Kernel Mode Driver, Version 331.65
     NVIDIA Corporation
     9.18.13.3165
     c:\windows\system32\drivers\nvlddmkm.sys
     10/23/2013 14:21
   nvraid
     \SystemRoot\system32\drivers\nvraid.sys
     NVIDIAr nForce™ RAID Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvraid.sys
     3/20/2010 04:59
   nvstor
     \SystemRoot\system32\drivers\nvstor.sys
     NVIDIAr nForce™ Sata Performance Driver
     NVIDIA Corporation
     10.6.0.18
     c:\windows\system32\drivers\nvstor.sys
     3/20/2010 04:45
   nvvad_WaveExtensible
     system32\drivers\nvvad64v.sys
     NVIDIA Virtual Audio Driver
     NVIDIA Corporation
     1.2.19.0
     c:\windows\system32\drivers\nvvad64v.sys
     12/5/2013 07:10
   pccsmcfd
     system32\DRIVERS\pccsmcfdx64.sys
     PCCS Mode Change Filter Driver
     Nokia
     7.1.2.0
     c:\windows\system32\drivers\pccsmcfdx64.sys
     5/31/2012 14:12
   PxHlpa64
     System32\Drivers\PxHlpa64.sys
     Px Engine Device Driver for 64-bit Windows
     Sonic Solutions
     3.0.43.9
     c:\windows\system32\drivers\pxhlpa64.sys
     10/19/2006 01:34
   ql2300
     \SystemRoot\system32\drivers\ql2300.sys
     QLogic Fibre Channel Stor Miniport Driver
     QLogic Corporation
     9.1.8.6
     c:\windows\system32\drivers\ql2300.sys
     1/23/2009 07:05
   ql40xx
     \SystemRoot\system32\drivers\ql40xx.sys
     QLogic iSCSI Storport Miniport Driver
     QLogic Corporation
     2.1.3.20
     c:\windows\system32\drivers\ql40xx.sys
     5/19/2009 09:18
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     9/13/2006 21:18
   SiSRaid2
     \SystemRoot\system32\drivers\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     9/25/2008 02:28
   SiSRaid4
     \SystemRoot\system32\drivers\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     10/2/2008 05:56
   ssudmdm
     system32\DRIVERS\ssudmdm.sys
     SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
     DEVGURU Co., LTD.(www.devguru.co.kr)
     2.11.1.0
     c:\windows\system32\drivers\ssudmdm.sys
     8/14/2013 14:47
   ssudserd
     system32\DRIVERS\ssudserd.sys
     SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
     DEVGURU Co., LTD.(www.devguru.co.kr)
     2.11.1.0
     c:\windows\system32\drivers\ssudserd.sys
     8/14/2013 14:47
   stexstor
     \SystemRoot\system32\drivers\stexstor.sys
     Promise  SuperTrak EX Series Driver for Windows
     Promise Technology
     5.0.1.1
     c:\windows\system32\drivers\stexstor.sys
     2/18/2009 07:03
   upperdev
     system32\DRIVERS\usbser_lowerfltx64.sys
     Filter Driver for Nokia USB Phone Bus Driver
     Nokia
     7.1.32.71
     c:\windows\system32\drivers\usbser_lowerfltx64.sys
     10/5/2011 21:11
   UsbserFilt
     system32\DRIVERS\usbser_lowerfltjx64.sys
     Filter Driver for Nokia USB Phone Bus Driver
     Nokia
     7.1.32.71
     c:\windows\system32\drivers\usbser_lowerfltjx64.sys
     10/5/2011 21:11
   VGPU
     System32\drivers\rdvgkmd.sys
     File not found: System32\drivers\rdvgkmd.sys
     
   vhidmini
     system32\DRIVERS\walvhid.sys
     Virtual Hid Device
     Windows ® Win 7 DDK provider
     6.1.7600.16385
     c:\windows\system32\drivers\walvhid.sys
     8/26/2009 13:15
   viaide
     \SystemRoot\system32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     7/14/2009 07:19
   vmci
     \SystemRoot\system32\DRIVERS\vmci.sys
     File not found: C:\Windows\system32\DRIVERS\vmci.sys
     
   VMnetAdapter
     system32\DRIVERS\vmnetadapter.sys
     Driver for VMware's Virtual Ethernet Adapters Ver. 2
     File not found: system32\DRIVERS\vmnetadapter.sys
     
   vsmraid
     \SystemRoot\system32\drivers\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     6.0.6000.6210
     c:\windows\system32\drivers\vsmraid.sys
     1/31/2009 09:18
   WacHidRouter
     system32\DRIVERS\wachidrouter.sys
     Wacom HID Router
     Wacom Technology
     1.1.1.5
     c:\windows\system32\drivers\wachidrouter.sys
     12/4/2012 08:31
   wacomrouterfilter
     system32\DRIVERS\wacomrouterfilter.sys
     Wacom Router Filter Driver
     Wacom Technology
     2.0.2.6
     c:\windows\system32\drivers\wacomrouterfilter.sys
     11/16/2012 01:39
   WDC_SAM
     system32\DRIVERS\wdcsam64.sys
     Manages WD external storage products.
     Western Digital Technologies
     1.0.7.2
     c:\windows\system32\drivers\wdcsam64.sys
     4/16/2008 16:39

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   2400 Series Port
     lxcrlmpm.dll
     Printer Communication System
      
     99.99.99.99
     c:\windows\system32\lxcrlmpm.dll
     11/7/2006 06:34

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   MacrokeyManager
     WTMKM.exe
     Macro Key Manager MFC Application
     1.0.0.8
     c:\windows\system32\wtmkm.exe
     12/24/2010 15:27
   MSC
     "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
     c:\program files\microsoft security client\msseces.exe
     
   Nvtmru
     "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
     NVIDIA NvTmru Application
     NVIDIA Corporation
     8.3.14.1
     c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe
     8/28/2013 02:30
   NvBackend
     "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
     NVIDIA GeForce Experience Backend
     NVIDIA Corporation
     10.11.15.0
     c:\program files (x86)\nvidia corporation\update core\nvbackend.exe
     12/10/2013 10:07
   ShadowPlay
     C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
     NVIDIA Capture Server Proxy
     NVIDIA Corporation
     10.11.15.0
     c:\windows\system32\nvspcap64.dll
     12/10/2013 10:01
   SoftEther VPN Client UI Helper
     "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
     SoftEther VPN
     SoftEther Project at University of Tsukuba, Japan.
     2.0.0.9387
     c:\program files\softether vpn client\vpnclient_x64.exe
     9/16/2013 11:48

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
   SoftEther VPN Client Manager Startup.lnk
     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
     SoftEther VPN
     SoftEther Project at University of Tsukuba, Japan.
     2.0.0.9387
     c:\program files\softether vpn client\vpncmgr_x64.exe
     9/16/2013 11:48

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   uTorrent
     "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
     æTorrent
     BitTorrent Inc.
     3.3.0.29625
     c:\program files (x86)\utorrent\utorrent.exe
     5/1/2013 07:51

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Java™ Plug-In SSV Helper
     HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
     Java™ Platform SE binary
     Oracle Corporation
     10.45.2.18
     c:\program files (x86)\java\jre7\bin\ssv.dll
     10/8/2013 22:43
   FlashGetBHO
     HKCR\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}
     FlashGet Browser Helper Object
     Trend Media Group
     1.0.0.1021
     c:\users\zekira drake\appdata\roaming\flashgetbho\flashgetbho.dll
     10/12/2012 16:39
   Java™ Plug-In 2 SSV Helper
     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
     Java™ Platform SE binary
     Oracle Corporation
     10.45.2.18
     c:\program files (x86)\java\jre7\bin\jp2ssv.dll
     10/8/2013 22:43

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Java™ Plug-In SSV Helper
     HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
     Java™ Platform SE binary
     Oracle Corporation
     10.45.2.18
     c:\program files (x86)\java\jre7\bin\ssv.dll
     10/8/2013 22:43
   FlashGetBHO
     HKCR\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}
     FlashGet Browser Helper Object
     Trend Media Group
     1.0.0.1021
     c:\users\zekira drake\appdata\roaming\flashgetbho\flashgetbho.dll
     10/12/2012 16:39
   Java™ Plug-In 2 SSV Helper
     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
     Java™ Platform SE binary
     Oracle Corporation
     10.45.2.18
     c:\program files (x86)\java\jre7\bin\jp2ssv.dll
     10/8/2013 22:43

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   7-Zip
     HKCR\CLSID\{23170F69-40C1-278A-1000-000100020000}
     7-Zip Shell Extension
     Igor Pavlov
     9.20.0.0
     c:\program files\7-zip\7-zip.dll
     11/19/2010 00:08
   ANotepad++64
     HKCR\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}
     ShellHandler for Notepad++ (64 bit)
     0.1.0.0
     c:\program files (x86)\notepad++\nppshell_05.dll
     6/18/2012 23:24
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext.dll
     6/9/2012 21:20

HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext32.dll
     6/9/2012 21:20

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
   7-Zip
     HKCR\CLSID\{23170F69-40C1-278A-1000-000100020000}
     7-Zip Shell Extension
     Igor Pavlov
     9.20.0.0
     c:\program files\7-zip\7-zip.dll
     11/19/2010 00:08

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
   7-Zip
     HKCR\CLSID\{23170F69-40C1-278A-1000-000100020000}
     7-Zip Shell Extension
     Igor Pavlov
     9.20.0.0
     c:\program files\7-zip\7-zip.dll
     11/19/2010 00:08

HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
   Nokia
     HKCR\CLSID\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
     Phone Browser
     Nokia
     7.1.180.94
     c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser64.dll
     6/26/2012 18:08

HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers
   Nokia
     HKCR\CLSID\{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
     Phone Browser
     Nokia
     7.1.180.94
     c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser.dll
     6/26/2012 18:07

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   NvCplDesktopContext
     HKCR\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
     NVIDIA Display Shell Extension
     NVIDIA Corporation
     1.2.0.1
     c:\windows\system32\nvshext.dll
     10/23/2013 16:05

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     11.0.3.37
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     5/11/2013 17:34

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext.dll
     6/9/2012 21:20

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext32.dll
     6/9/2012 21:20

HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
   WinRAR
     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext.dll
     6/9/2012 21:20

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers
   WinRAR32
     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
     WinRAR shell extension
     Alexander Roshal
     4.20.0.0
     c:\program files\winrar\rarext32.dll
     6/9/2012 21:20

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
   DropboxExt1
     HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\zekira drake\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 07:54
   DropboxExt2
     HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\zekira drake\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 07:54
   DropboxExt3
     HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\zekira drake\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 07:54
   DropboxExt4
     HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
     Dropbox Shell Extension
     Dropbox, Inc.
     1.0.0.22
     c:\users\zekira drake\appdata\roaming\dropbox\bin\dropboxext.22.dll
     9/11/2013 07:54

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     7/14/2009 09:28
   VIDC.LAGS
     lagarith.dll
     Lagarith
      
     1.3.27.0
     c:\windows\system32\lagarith.dll
     12/8/2011 08:37
   VIDC.FFDS
     ff_vfw.dll
     ffdshow VFW
     1.3.4500.0
     c:\windows\system32\ff_vfw.dll
     1/7/2013 05:50
   msacm.l3codecp
     l3codecp.acm
     MPEG Audio Layer-3 Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     3.4.0.0
     c:\windows\system32\l3codecp.acm
     7/14/2009 09:28
   vidc.tscc
     C:\Windows\SysWOW64\tsccvid64.dll
     TechSmith Screen Capture Codec
     TechSmith Corporation
     3.0.0.0
     c:\windows\syswow64\tsccvid64.dll
     7/20/2010 03:34
   vidc.XVID
     xvidvfw.dll
     c:\windows\system32\xvidvfw.dll
     5/30/2011 21:42
   vidc.mjpg
     bdmjpeg64.dll
     c:\windows\system32\bdmjpeg64.dll
     8/9/2012 15:40
   vidc.mpeg
     bdmpegv64.dll
     c:\windows\system32\bdmpegv64.dll
     8/9/2012 15:40
   msacm.bdmpeg
     bdmpega64.acm
     c:\windows\system32\bdmpega64.acm
     8/9/2012 15:40

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     l3codecp.acm
     MPEG Audio Layer-3 Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     3.4.0.0
     c:\windows\syswow64\l3codecp.acm
     7/14/2009 09:06
   vidc.cvid
     iccvid.dll
     Cinepakr Codec
     Radius Inc.
     1.10.0.13
     c:\windows\syswow64\iccvid.dll
     11/20/2010 19:59
   vidc.tscc
     C:\Windows\SysWOW64\tsccvid.dll
     TechSmith Screen Capture Codec
     TechSmith Corporation
     3.0.0.0
     c:\windows\syswow64\tsccvid.dll
     7/20/2010 03:33
   vidc.XVID
     xvidvfw.dll
     c:\windows\syswow64\xvidvfw.dll
     5/30/2011 21:42
   VIDC.FFDS
     ff_vfw.dll
     ffdshow VFW
     1.2.4499.0
     c:\windows\syswow64\ff_vfw.dll
     1/5/2013 05:00
   vidc.x264
     C:\PROGRA~2\x264vfw\x264vfw.dll
     x264vfw - H.264/MPEG-4 AVC codec
     x264vfw project
     37.2200.33968.0
     c:\program files (x86)\x264vfw\x264vfw.dll
     7/2/2012 06:15
   msacm.vorbis
     vorbis.acm
     Ogg Vorbis CODEC for MSACM
     HMS http://hp.vector.co.jp/authors/VA012897/
     0.0.3.6
     c:\windows\syswow64\vorbis.acm
     8/3/2009 12:09
   vidc.mjpg
     bdmjpeg.dll
     c:\windows\syswow64\bdmjpeg.dll
     8/9/2012 15:40
   vidc.mpeg
     bdmpegv.dll
     c:\windows\syswow64\bdmpegv.dll
     8/9/2012 15:40
   msacm.bdmpeg
     bdmpega.acm
     c:\windows\syswow64\bdmpega.acm
     8/9/2012 15:40

HKLM\Software\Classes\Filter
   Sony ExpressFX Chorus
     HKCR\CLSID\{00000000-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 2
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Delay
     HKCR\CLSID\{00000001-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 2
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Distortion
     HKCR\CLSID\{00000002-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll
     8/5/2011 01:00
   Sony ExpressFX Equalization
     HKCR\CLSID\{00000003-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 2
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Flange/Wah-Wah
     HKCR\CLSID\{00000004-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll
     8/5/2011 01:00
   Sony ExpressFX Amplitude Modulation
     HKCR\CLSID\{00000005-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 2
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx2_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Reverb
     HKCR\CLSID\{00000006-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll
     8/5/2011 01:00
   Sony ExpressFX Stutter
     HKCR\CLSID\{00000007-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx1_x64.dll
     8/5/2011 01:00
   Sony ExpressFX Dynamics
     HKCR\CLSID\{00000008-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 3
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Graphic EQ
     HKCR\CLSID\{00000009-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 3
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Noise Gate
     HKCR\CLSID\{0000000A-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 3
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Time Stretch
     HKCR\CLSID\{0000000B-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX 3
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfxpfx3_x64.dll
     8/5/2011 01:01
   Sony ExpressFX Audio Restoration
     HKCR\CLSID\{0000000C-0F56-11D2-9887-00A0C969725B}
     Sony ExpressFX Audio Restoration
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\xpvinyl_x64.dll
     8/5/2011 01:01
   Sony Multi-Band Dynamics
     HKCR\CLSID\{026D0AA0-9BB9-11D0-AEBC-00A0C9053912}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Track Compressor
     HKCR\CLSID\{23C9F225-40EC-11D2-9D36-00C04F8EDC1E}
     Sony TrackFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll
     8/5/2011 01:01
   Sony Dither
     HKCR\CLSID\{260DF3E1-AC77-11D2-9E93-00C04F68BE44}
     Sony TrackFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll
     8/5/2011 01:01
   Sony Chorus
     HKCR\CLSID\{28D9F1E0-6ECC-11D0-AEBC-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Distortion
     HKCR\CLSID\{39224540-6F92-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00
   Sony Gapper/Snipper
     HKCR\CLSID\{3F901A20-79BE-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00
   Sony Simple Delay
     HKCR\CLSID\{54F29260-79B1-11D0-AEBC-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Reverb
     HKCR\CLSID\{607682E0-6E21-11D0-AEBC-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Multi-Tap Delay
     HKCR\CLSID\{7298A3E0-78EE-11D0-AEBC-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Track Noise Gate
     HKCR\CLSID\{869419DD-501F-11D3-8CDC-00C04F6B8E4C}
     Sony TrackFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll
     8/5/2011 01:01
   Sony Graphic EQ
     HKCR\CLSID\{8B7226EE-4584-11D1-B4CB-00A0C9270A10}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Track EQ
     HKCR\CLSID\{8CB69A0A-10E8-11D2-9B89-00104B8D13C2}
     Sony TrackFX 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sftrkfx1_x64.dll
     8/5/2011 01:01
   Sony Smooth/Enhance
     HKCR\CLSID\{9E3E4540-8339-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00
   Sony Resonant Filter
     HKCR\CLSID\{A6A78627-D619-48BF-AD26-0C6B44B5C7D8}
     Sony Resonant Filter
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfresfilter_x64.dll
     8/5/2011 01:01
   Sony Parametric EQ
     HKCR\CLSID\{A8448720-96FD-11D0-AEBC-00A0C9053912}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Time Stretch
     HKCR\CLSID\{B97C0F22-196D-11D1-B99B-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Noise Gate
     HKCR\CLSID\{B97C0F23-196D-11D1-B99B-00A0C9053912}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Paragraphic EQ
     HKCR\CLSID\{D616F3E0-D622-11CE-AAC5-0020AF0B99A3}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Vibrato
     HKCR\CLSID\{D6802BA0-A056-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00
   Sony Pan
     HKCR\CLSID\{EB6213DB-08FF-4510-9F8D-3058B0ECE4C6}
     Sound Forge Pro Pan and Volume 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll
     8/5/2011 01:01
   Sony Pitch Shift
     HKCR\CLSID\{ED1B4100-93BE-11D0-AEBC-00A0C9053912}
     Sony XFX 1 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack1_x64.dll
     8/5/2011 01:00
   Sony Volume
     HKCR\CLSID\{EE38CA88-D78E-4BFB-B05E-577892730C83}
     Sound Forge Pro Pan and Volume 1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sffrgpnv_x64.dll
     8/5/2011 01:01
   Sony Flange/Wah-wah
     HKCR\CLSID\{F09F6980-7845-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00
   Sony Graphic Dynamics
     HKCR\CLSID\{F3B8E880-B4E0-11D0-AEBC-00A0C9053912}
     Sony XFX 2 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack2_x64.dll
     8/5/2011 01:00
   Sony Amplitude Modulation
     HKCR\CLSID\{FDB0D300-6F82-11D0-AEBC-00A0C9053912}
     Sony XFX 3 Plug-In Pack
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\sfppack3_x64.dll
     8/5/2011 01:00

HKLM\Software\Classes\Filter
   IL FL Studio DXi
     HKCR\CLSID\{1989C251-CAF3-4B79-BDBF-4FDB82AEF383}
     Image-Line
     1.0.13.0
     c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi.dll
     3/17/2009 22:26
   IL Multi FL Studio DXi
     HKCR\CLSID\{499755CF-C66A-4B9E-A834-0182BDAEF6E0}
     Image-Line
     1.0.13.0
     c:\program files (x86)\image-line\fl studio 10\system\plugin\dxi\fl studio dxi (multi).dll
     3/17/2009 22:27
   iZotope Vocal Enhancement
     HKCR\CLSID\{6C72F7FD-5E84-49D1-B756-3306C0F48AE0}
     iZotope Vocal Enhancement
     iZotope, Inc.
     1.0.0.24
     c:\program files (x86)\common files\techsmith shared\izotope\izotope_vocalenhancement.dll
     7/13/2006 02:04
   iZotope Consumer Restoration
     HKCR\CLSID\{A0C640F5-2C3B-4606-9899-CA1E7503729F}
     iZotope Consumer Restoration
     iZotope, Inc.
     1.0.0.24
     c:\program files (x86)\common files\techsmith shared\izotope\izotope_consumerrestoration.dll
     7/13/2006 01:55
   LAME Audio Encoder
     HKCR\CLSID\{EB7A6BCA-48D4-4640-9282-1C30AAE21053}
     LAME Audio Encoder
     1.0.54.50801
     c:\program files (x86)\techsmith\camtasia studio 7\lame_dshow.ax
     6/23/2008 23:08

HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   ffdshow Video Decoder
     HKCR\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.3.4500.0
     c:\program files\k-lite codec pack x64\filters\ffdshow\ffdshow.ax
     1/7/2013 05:50
   ffdshow raw video filter
     HKCR\CLSID\{0B390488-D80F-4A68-8408-48DC199F0E97}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.3.4500.0
     c:\program files\k-lite codec pack x64\filters\ffdshow\ffdshow.ax
     1/7/2013 05:50
   ffdshow Audio Decoder
     HKCR\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.3.4500.0
     c:\program files\k-lite codec pack x64\filters\ffdshow\ffdshow.ax
     1/7/2013 05:50
   LAV Splitter
     HKCR\CLSID\{171252A0-8820-4AFE-9DF8-5C92B2D66B04}
     LAV Splitter - DirectShow Media Splitter
     1f0.de - Hendrik Leppkes
     0.55.1.0
     c:\program files\k-lite codec pack x64\filters\lav\lavsplitter.ax
     1/14/2013 05:00
   Haali Media Splitter
     HKCR\CLSID\{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}
     Haali Media Splitter
     1.11.287.23
     c:\program files\k-lite codec pack x64\filters\haali\splitter.x64.ax
     9/8/2011 21:59
   Haali Media Splitter (AR)
     HKCR\CLSID\{564FD788-86C9-4444-971E-CC4A243DA150}
     Haali Media Splitter
     1.11.287.23
     c:\program files\k-lite codec pack x64\filters\haali\splitter.x64.ax
     9/8/2011 21:59
   Xvid MPEG-4 Video Decoder
     HKCR\CLSID\{64697678-0000-0010-8000-00AA00389B71}
     c:\windows\system32\xvid.ax
     5/23/2011 15:49
   Sony Wave Hammer Surround
     HKCR\CLSID\{8010C341-6D4C-4390-B828-E4D246C3DDB2}
     Sony Wave Hammer 5.1
     Sony Creative Software Inc.
     1.1.0.2251
     c:\program files (x86)\sony\shared plug-ins\audio_x64\mchammer_x64.dll
     8/5/2011 01:01
   Bandisoft MPEG-1 Video Decoder
     HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.4.14
     c:\program files (x86)\bandimpeg1\bdfilters64.dll
     8/9/2012 15:39
   Haali Simple Media Splitter
     HKCR\CLSID\{8F43B7D9-9D6B-4F48-BE18-4D787C795EEA}
     Haali Media Splitter
     1.11.287.23
     c:\program files\k-lite codec pack x64\filters\haali\splitter.x64.ax
     9/8/2011 21:59
   DirectVobSub
     HKCR\CLSID\{93A22E7A-5091-45EF-BA61-6DA26156A5D0}
     VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
     xy-VSFilter Team
     3.0.0.211
     c:\program files\k-lite codec pack x64\filters\vsfilter.dll
     12/14/2012 03:43
   DirectVobSub (auto-loading version)
     HKCR\CLSID\{9852A670-F845-491B-9BE6-EBD841B8A613}
     VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth
     xy-VSFilter Team
     3.0.0.211
     c:\program files\k-lite codec pack x64\filters\vsfilter.dll
     12/14/2012 03:43
   Haali Matroska Muxer
     HKCR\CLSID\{A28F324B-DDC5-4999-AA25-D3A7E25EF7A8}
     Haali Media Splitter
     1.11.287.23
     c:\program files\k-lite codec pack x64\filters\haali\splitter.x64.ax
     9/8/2011 21:59
   ffdshow Audio Processor
     HKCR\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.3.4500.0
     c:\program files\k-lite codec pack x64\filters\ffdshow\ffdshow.ax
     1/7/2013 05:50
   LAV Splitter Source
     HKCR\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338}
     LAV Splitter - DirectShow Media Splitter
     1f0.de - Hendrik Leppkes
     0.55.1.0
     c:\program files\k-lite codec pack x64\filters\lav\lavsplitter.ax
     1/14/2013 05:00
   ffdshow subtitles filter
     HKCR\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.3.4500.0
     c:\program files\k-lite codec pack x64\filters\ffdshow\ffdshow.ax
     1/7/2013 05:50
   Bandisoft MPEG-1 Audio Decoder
     HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.4.14
     c:\program files (x86)\bandimpeg1\bdfilters64.dll
     8/9/2012 15:39
   LAV Audio Decoder
     HKCR\CLSID\{E8E73B6B-4CB3-44A4-BE99-4F7BCB96E491}
     LAV Audio Decoder - DirectShow Audio Decoder
     1f0.de - Hendrik Leppkes
     0.55.1.0
     c:\program files\k-lite codec pack x64\filters\lav\lavaudio.ax
     1/14/2013 05:00
   LAV Video Decoder
     HKCR\CLSID\{EE30215D-164F-4A92-A4EB-9D4C13390F9F}
     LAV Video Decoder - DirectShow Video Decoder
     1f0.de - Hendrik Leppkes
     0.55.1.0
     c:\program files\k-lite codec pack x64\filters\lav\lavvideo.ax
     1/14/2013 05:00
   Haali Video Sink
     HKCR\CLSID\{F13D3732-96BD-4108-AFEB-E85F68FF64DC}
     Haali Media Splitter
     1.11.287.23
     c:\program files\k-lite codec pack x64\filters\haali\splitter.x64.ax
     9/8/2011 21:59

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   SonyMSAConv
     HKCR\CLSID\{022D33DE-DFC9-4631-B8E3-9F324938E217}
     OpenMG Converter Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\sonycdsrcwriter.ax
     12/14/2006 01:02
   ffdshow Video Decoder
     HKCR\CLSID\{04FE9017-F873-410E-871E-AB91661A4EF7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4499.0
     c:\program files (x86)\ffdshow\ffdshow.ax
     1/5/2013 05:00
   Gretech ASF Source Filter
     HKCR\CLSID\{07D8B782-BC02-485B-8B45-0C6073127B2B}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter
     HKCR\CLSID\{0AB65D06-C2B5-4735-BD45-EF0336B59185}
     Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\ezdmp4muxfilter.dll
     4/20/2009 16:33
   ffdshow raw video filter
     HKCR\CLSID\{0B390488-D80F-4A68-8408-48DC199F0E97}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4499.0
     c:\program files (x86)\ffdshow\ffdshow.ax
     1/5/2013 05:00
   Gretech MPEG Source Filter
     HKCR\CLSID\{0D84C574-0C1D-466C-9D7B-49FD7BBF6E87}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Emuzed MP3 Source/Decoder Filter
     HKCR\CLSID\{0E1CC6FD-065B-4BCC-9A0A-E4DE187E06FE}
     Emuzed MP3 Source/Decoder Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\emzmp3sourcefilter.dll
     4/20/2009 16:33
   ffdshow Audio Decoder
     HKCR\CLSID\{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4499.0
     c:\program files (x86)\ffdshow\ffdshow.ax
     1/5/2013 05:00
   OpenMG Async. File Source
     HKCR\CLSID\{103C2B9C-31DC-489E-9756-71D4C5CD1052}
     OpenMG Async. File Source
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\omgafs.ax
     12/14/2006 00:56
   Sony Audio CD Source Filter
     HKCR\CLSID\{1322295D-876C-45CF-95E5-D33287FBF975}
     OpenMG CdSource Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\cdsrc.ax
     12/14/2006 01:02
   Video Memory Render Filter
     HKCR\CLSID\{1A184982-D79E-44C7-BDE4-686552E67B44}
     c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\zgameeditor visualizer\videomemoryrenderfilter.ax
     3/17/2011 05:25
   SAL Output Converter
     HKCR\CLSID\{1B282724-CDB4-11D3-BEFC-00C04F9BD0D3}
     SAL Output Converter RendererFilter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\saloconv.ax
     12/14/2006 01:06
   Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter
     HKCR\CLSID\{2711E1C7-032C-4386-A538-9FD83EEF9E44}
     Emuzed MP4/3GP2/AMR/QCP Source Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\emzmp4source.dll
     4/20/2009 16:33
   MACSReaderMP3 Filter
     HKCR\CLSID\{2B9B4D10-C5B2-48CB-B34E-4ACF65BAD21F}
     MACSReaderMP3 Filter
     1.0.2006.804
     c:\program files (x86)\samsung\kies\external\mediamodules\macsreaderavi.ax
     10/9/2007 13:42
   VHMixerSource
     HKCR\CLSID\{323B3B59-E3E4-4A98-B9C0-BE862A2B499A}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   Mpeg2Dec Filter
     HKCR\CLSID\{39F498AF-1A09-4275-B193-673B0BA3D478}
     MPEG-1/2 Decoder Filter for DirectShow
     Gabest
     1.0.0.0
     c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax
     6/5/2004 16:09
   MPEG Audio Decoder (MAD)
     HKCR\CLSID\{3D446B6F-71DE-4437-BE15-8CE47174340F}
     Mpeg Audio Decoder for DirectShow, based on libmad
     Gabest
     1.0.0.0
     c:\program files (x86)\gretech\gomplayer\codecs\mpadecfilter.ax
     5/18/2004 12:06
   Gretech Video Filter
     HKCR\CLSID\{4248B616-E69E-446D-B060-74DE04FC6E51}
     Gretech Video Filter
     Gretech
     1.0.0.1
     c:\program files (x86)\gretech\gomplayer\gvf.ax
     3/19/2013 09:12
   SelfMusicVideo Dump Filter
     HKCR\CLSID\{476BD53C-B716-40E4-A4AE-E4B90A176047}
     SelfMusicVideo Dump Filter (DShow)
     ENJsoft Corporation
     8.1.2008.5200
     c:\program files (x86)\samsung\kies\external\transmodules\tg_dump0708.dll
     7/24/2008 02:45
   Gretech OGG Source Filter2
     HKCR\CLSID\{4A9A79B3-6EAA-46AE-B024-5918C04C169E}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech FLV Source Filter
     HKCR\CLSID\{4CDD9B3E-1D8E-48DE-8B5B-80AFADCB8CA1}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech MPEG Source Filter2
     HKCR\CLSID\{4D40E319-013F-4F5C-900D-25EA9C1FF16D}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   OmgGenericSrcFilter
     HKCR\CLSID\{4DAB54C8-038C-456A-A066-2E7B36CC9877}
     OmgGenericSrcFilter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omggenericsrcfilter.ax
     12/14/2006 00:58
   Gretech Network(MP4) Filter
     HKCR\CLSID\{4DE7B7BF-C22F-4584-A0AB-0AA4559B2E36}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   OmgDsee Filter
     HKCR\CLSID\{57C40032-499B-4B9E-93E2-99540CC78EEA}
     c:\program files (x86)\common files\sony shared\openmg\omgdseefilter.ax
     12/14/2006 00:55
   OmgPushSrc
     HKCR\CLSID\{5899B15D-2670-4961-9FE6-0F08CFB735DC}
     OmgPushSrc
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omgpushsrc.ax
     12/14/2006 01:18
   Gretech AsfEx Source Filter
     HKCR\CLSID\{5A9841E4-3164-48AB-B54F-633A792FB047}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Emuzed AAC/AAC+ Decoder TFilter
     HKCR\CLSID\{5E740762-9493-4CE5-89F3-9C6E1E69DE1F}
     Emuzed AAC/AAC+ Decoder Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\emzaacdecfilter.dll
     4/22/2009 19:46
   VHAudioDSP
     HKCR\CLSID\{61B5180C-CF9D-40C1-9E86-2FEA84879481}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   Xvid MPEG-4 Video Decoder
     HKCR\CLSID\{64697678-0000-0010-8000-00AA00389B71}
     c:\windows\syswow64\xvid.ax
     5/23/2011 17:52
   VHSplitProcSource
     HKCR\CLSID\{65014ED9-3651-483A-94AA-0DDDE28B6154}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   VHCropResize
     HKCR\CLSID\{6978EC4B-C2B1-4A35-B6C3-977E3E8421D0}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   Seamless Play
     HKCR\CLSID\{6AF73F1F-1266-46E6-9A36-EE75E4BA10BB}
     Seamless-Play Filter (Sample)
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\seamlessfilter.ax
     12/14/2006 00:54
   Gretech AVI Source Filter
     HKCR\CLSID\{6BA9DD10-09B9-4C8B-89A8-8AC445601214}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech Network(OGG) Filter
     HKCR\CLSID\{6C331DF9-3CD0-4069-8D97-CE8BAC4A4ED9}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   SonyWavWriter
     HKCR\CLSID\{6D6533F6-5968-4FB7-8C00-905E71573DC4}
     SonyWavWriter
     Sony Corporation
     2.10.0.11020
     c:\program files (x86)\common files\sony shared\avlib\sonywavwriter.ax
     11/2/2004 06:15
   Emuzed MP4SP/H263 Video Decoder-Filter
     HKCR\CLSID\{7157DAB0-A50D-4C2B-8E77-045AFD15EC29}
     Emuzed MP4SP/H.263 Video Transform Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\emzdecmp4_h263.dll
     4/20/2009 16:35
   OpenMG Audio Decrypt
     HKCR\CLSID\{742976CB-10BF-46B4-B649-AEBB0D7CFBA9}
     OpenMG Decrypt Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omgdec.ax
     12/14/2006 00:56
   Gretech Audio Filter
     HKCR\CLSID\{7CA92689-F7AA-4067-B7EE-8693FB265085}
     Gretech Audio Filter
     Gretech Corp.
     1.0.0.3
     c:\program files (x86)\gretech\gomplayer\gaf.ax
     3/25/2013 14:50
   OpenMG OmgSource Filter
     HKCR\CLSID\{855FBD04-8AD5-40B2-AA34-A6581E59831C}
     OpenMG OmgSource Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omgsrc.ax
     12/14/2006 00:58
   Bandisoft MPEG-1 Video Decoder
     HKCR\CLSID\{89C4B786-A490-4A3E-AA70-E6A8C61D3689}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.4.14
     c:\program files (x86)\bandimpeg1\bdfilters.dll
     8/9/2012 15:40
   Gretech Network(FLV) Filter
     HKCR\CLSID\{8A0EA5AD-BE4D-46CD-8C64-7DCCE4F66B87}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   Gretech OGG Source Filter
     HKCR\CLSID\{8B359726-D939-41A8-8CBD-69A27675D978}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech Network(AVI) Filter
     HKCR\CLSID\{8C257F7E-D974-480A-83EF-D6B525065A00}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   DXVA Filter
     HKCR\CLSID\{9396298F-8676-44F3-8557-C3C23B642DF7}
     MPEG-1/2 Decoder Filter for DirectShow
     Gabest
     1.0.0.0
     c:\program files (x86)\gretech\gomplayer\codecs\mpeg2decfilter.ax
     6/5/2004 16:09
   Gretech MKV Source Filter
     HKCR\CLSID\{9794BD42-281E-45EE-94CC-70A260E407B5}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   OMG TRANSFORM
     HKCR\CLSID\{98660581-C9A8-4C92-B480-F27DE3C3AAB4}
     OmgTransform Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omgtrans.ax
     12/14/2006 00:57
   OmgMP4Decoder2
     HKCR\CLSID\{9DB4F59B-25A1-41C7-B424-A61AA1BE8646}
     OmgMP4Decoder2
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\omgmp4decoder2.ax
     12/14/2006 01:01
   SonyMSAConv
     HKCR\CLSID\{A168F81B-1052-4645-99F5-665B71927FEA}
     OpenMG Converter Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\avlib\sonymsaconverter3.ax
     12/14/2006 00:57
   VHYV12Decoder
     HKCR\CLSID\{A2C6D397-3EAE-4337-A083-B14C703C6028}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   NEDFilter4Samsung Filter
     HKCR\CLSID\{A4988A6F-EC43-452A-8839-80494FB2CBD2}
     MACSReaderMP3 Filter
     L544T Technology
     8.1.0.0
     c:\program files (x86)\samsung\kies\external\mediamodules\nedfilter4samsung.ax
     12/15/2009 14:25
   VHStreamDelay
     HKCR\CLSID\{A7FD77CB-45F2-4A25-83DA-F8A48A06BDA5}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   VHMultiWriter
     HKCR\CLSID\{AD32CCC2-B7F7-4A5C-82BB-947060F53118}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   VHAudioGain
     HKCR\CLSID\{B1367E5A-7B46-44F8-B8DD-AEA973561E75}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   Emuzed H264 Video Decoder-Filter
     HKCR\CLSID\{B667A41E-E41C-402D-A7B3-C7C1D962D26F}
     Emuzed H.264 Video Transform Filter
     Emuzed Inc.
     2.9.0.0
     c:\program files (x86)\common files\nokia\codecs\ezdh264dectfilter.dll
     4/20/2009 16:35
   Gretech Network(SHOUTcast) Filter
     HKCR\CLSID\{B751D245-0DAA-469E-96BB-D4E0567C46F5}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   VHFrameRateConv
     HKCR\CLSID\{B76BE7BC-939C-49BC-AC88-F8008C9536D3}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   ffdshow Audio Processor
     HKCR\CLSID\{B86F6BEE-E7C0-4D03-8D52-5B4430CF6C88}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4499.0
     c:\program files (x86)\ffdshow\ffdshow.ax
     1/5/2013 05:00
   Gretech Network(GOM) Filter
     HKCR\CLSID\{C082574C-A604-44FA-B48A-CA81C9C0CE4F}
     c:\program files (x86)\gretech\gomplayer\gnf.ax
     8/3/2012 12:59
   Gretech AAC Source Filter
     HKCR\CLSID\{C1EA8A02-9E67-4967-AEDC-845B8AA13EC0}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech MP3 Source Filter
     HKCR\CLSID\{C846F6AA-63EE-42CB-AB73-229BE6A795AA}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   Gretech MP4 Source Filter
     HKCR\CLSID\{D18284FE-DE51-4F33-A9BB-A8D3AE4B66BB}
     c:\program files (x86)\gretech\gomplayer\gsfu.ax
     4/3/2013 13:13
   VHDeinterlace
     HKCR\CLSID\{D2E945CA-84A0-4403-82B7-81EB051D677C}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   VHYV12Encoder
     HKCR\CLSID\{D3020303-F70A-4353-B9EB-06A49C22FD53}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   TechSmith File Source
     HKCR\CLSID\{D8149500-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith SWF Writer
     HKCR\CLSID\{D8149501-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith WMFSDK Writer
     HKCR\CLSID\{D8149502-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Simple PIP
     HKCR\CLSID\{D8149503-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Image Source
     HKCR\CLSID\{D8149504-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Title Source
     HKCR\CLSID\{D8149505-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Time Adjust
     HKCR\CLSID\{D8149506-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Splitter Filter
     HKCR\CLSID\{D8149507-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Frame Skip Filter
     HKCR\CLSID\{D8149508-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Perf Skip Filter
     HKCR\CLSID\{D8149509-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ZoomPIP Filter
     HKCR\CLSID\{D814950A-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith PushVMR Source
     HKCR\CLSID\{D814950B-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith PushBitmap Source
     HKCR\CLSID\{D814950C-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith PushBitmap Source
     HKCR\CLSID\{D814950D-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith SimplePushBitmap Source
     HKCR\CLSID\{D814950E-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Wave Dest
     HKCR\CLSID\{D814950F-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Overlay
     HKCR\CLSID\{D8149510-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Wave Buffer
     HKCR\CLSID\{D8149511-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ForceColor 8
     HKCR\CLSID\{D8149512-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ForceColor 555
     HKCR\CLSID\{D8149513-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ForceColor 565
     HKCR\CLSID\{D8149514-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ForceColor 24
     HKCR\CLSID\{D8149515-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith ForceColor 32
     HKCR\CLSID\{D8149516-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Force Color32A
     HKCR\CLSID\{D8149517-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   Techsmith Structured Storage Writer
     HKCR\CLSID\{D8149519-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Frame Rate Tuner
     HKCR\CLSID\{D814951A-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Camera Adjust
     HKCR\CLSID\{D814951B-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   Techsmith Quicktime MOV Source
     HKCR\CLSID\{D814951C-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Sound Effects Filter
     HKCR\CLSID\{D814951D-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Flv Key Frame Setter
     HKCR\CLSID\{D814951E-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   TechSmith Floating Point Wave Filter
     HKCR\CLSID\{D814951F-356E-4154-80CD-A8362D286EDB}
     Camtasia Studio DirectShow Filters
     TechSmith Corporation
     7.1.1.1785
     c:\program files (x86)\techsmith\camtasia studio 7\camtasiafilters.dll
     1/14/2011 04:44
   ffdshow subtitles filter
     HKCR\CLSID\{DBF9000E-F08C-4858-B769-C914A0FBB1D7}
     DirectShow and VFW video and audio decoding/encoding/processing filter
     1.2.4499.0
     c:\program files (x86)\ffdshow\ffdshow.ax
     1/5/2013 05:00
   VHMultiReader
     HKCR\CLSID\{E03E8187-72E9-4C81-BE7F-39DAE696556C}
     VHMediaLib COM implementation
     SplitmediaLabs Limited
     2.0.0.235
     c:\program files (x86)\splitmedialabs\xsplit\vhmediacom.dll
     6/19/2013 22:58
   Bandisoft MPEG-1 Audio Decoder
     HKCR\CLSID\{E2E7539A-CECF-4A6A-B187-939943ECEF05}
     Bandisoft Directshow Filter
     www.Bandisoft.com
     1.0.4.14
     c:\program files (x86)\bandimpeg1\bdfilters.dll
     8/9/2012 15:40
   LAME Audio Encoder
     HKCR\CLSID\{EB7A6BCA-48D4-4640-9282-1C30AAE21053}
     LAME Audio Encoder
     1.0.54.50801
     c:\program files (x86)\techsmith\camtasia studio 7\lame_dshow.ax
     6/23/2008 23:08
   SAL Input Converter
     HKCR\CLSID\{FACBAFA1-CDAF-11D3-BEFC-00C04F9BD0D3}
     SAL Input Converter Source Filter
     Sony Corporation
     4.7.0.12140
     c:\program files (x86)\common files\sony shared\openmg\saliconv.ax
     12/14/2006 01:06

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zekira Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Zekira Drake\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Zekira Drake\AppData\Local\Mozilla\Firefox\Profiles\fa7uzgds.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Zekira Drake\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=100 folders=37 3367369 bytes)

==== Empty Temp Folders ======================

C:\Users\Blue\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Zekira Drake\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ZEKIRA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Zekira Drake\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5H5HQL3N\www.hubworld.com"  not found

==== EOF on Sun 02/16/2014 at  9:38:48.85 ======================
 



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:01:42 PM

Posted 16 February 2014 - 04:08 PM

Hi Zekira G. Drake

Step 1

We need to re-run FRST
 
 

 

  • Double Click FRST to launch the program
  • Type the following in the edit box after "Search:".
  • nt32.exe;315load32.exe;load32.exe
  • Note: The file names should be separated by semicolon (;)
  • It then should look like:
  • Search: nt32.exe;315load32.exe;load32.exe
  • Click Search button and post the log (Search.txt) it makes to your reply.

Step 2


We need to re-run Zoek

 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    type C:\Windows\system.ini >>"%temp%\log.txt";b
    C:\NTKernel\;p
    IMAGE FILE EXECUTION OPTIONS;a
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply[/list]

They should be a file on your desktop as sample_20120615_0718.zip (sample_date_time.zip), Please go to http://www.bleepingcomputer.com/submit-malware.php?channel=75 and upload this file.

Step 3

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply
  •  

Edited by seedy21, 16 February 2014 - 04:10 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users