Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware.Trace


  • This topic is locked This topic is locked
53 replies to this topic

#1 haldidntdoit

haldidntdoit

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 February 2014 - 12:29 AM

I have a previously badly infected machine here that has already been worked on, but when I run SUPERAntiSpyware and MalWareBytes  I still get a positive reading for Malware.Trace. The system was originally having permissions issues, but those have been resolved. Currently the only symptom of infection is the recurring detection of Malware.Trace. Just as a note, I saw something about "Sweetpacks" in here and I know that's some nasty adware toolbar junk, but I don't know if they are related.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.21.2
Run by Administrator at 23:19:36 on 2014-02-17
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.8140.6004 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
BHO: Tensons.Application.DownloadAcceleratorManager.BHO: {00000003-1118-11da-8cd6-0800200c9888} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FDB463D6-0D5E-4C89-B525-0B002C1C3671} : DHCPNameServer = 209.18.47.61 209.18.47.62
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-24 19264]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\drivers\SMR410.SYS [2014-2-17 96856]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-10 283200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-18 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-18 166720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-18 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-9-24 27760]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-24 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-24 789824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-25 726160]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2013-6-28 39168]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-9-24 2182768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-2-16 36680]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-6-28 121416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-30 1255736]
.
=============== Created Last 30 ================
.
2014-02-18 04:32:30 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-18 03:52:53 -------- d-----w- C:\ProgramData\SMR410
2014-02-18 03:52:47 96856 ----a-w- C:\Windows\System32\drivers\SMR410.SYS
2014-02-18 03:52:30 -------- d-----w- C:\Users\Administrator\AppData\Local\NPE
2014-02-18 03:52:30 -------- d-----w- C:\ProgramData\Norton
2014-02-18 03:37:07 -------- d-----w- C:\AdwCleaner
2014-02-18 03:21:34 -------- d-----w- C:\Windows\ERUNT
2014-02-18 03:10:27 98816 ----a-w- C:\Windows\sed.exe
2014-02-18 03:10:27 256000 ----a-w- C:\Windows\PEV.exe
2014-02-18 03:10:27 208896 ----a-w- C:\Windows\MBR.exe
2014-02-18 03:00:41 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-02-18 02:48:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-02-18 02:48:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-02-17 05:01:14 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-17 05:01:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-17 04:58:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-17 04:58:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 04:50:14 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-02-17 04:20:03 -------- d-----w- C:\Windows\System32\catroot2
2014-02-17 04:13:54 -------- d-----w- C:\Windows\System32\wbem\repository
2014-02-17 04:13:45 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-02-17 03:59:53 -------- d-----w- C:\RegBackup
2014-02-17 03:16:46 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-02-17 03:06:40 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
2014-02-17 03:05:37 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs
2014-02-17 02:10:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\uTorrent
2014-02-17 00:45:49 -------- d-----w- C:\NTKernel
2014-02-16 07:26:15 -------- d-----w- C:\Program Files (x86)\Antique
2014-02-14 05:59:58 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF315AAD-E1A4-4948-A76F-18E06731925A}\mpengine.dll
2014-02-13 09:01:01 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 09:01:01 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-13 07:13:36 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-03 04:19:28 -------- d-----w- C:\ProgramData\SetApp
2014-02-03 04:19:21 -------- d-----w- C:\ProgramData\InstallMate
2014-02-01 05:46:00 -------- d-----w- C:\Shotamane
2014-01-27 07:00:11 -------- d-----w- C:\Program Files (x86)\モニスタラッシュ
2014-01-27 06:32:17 -------- d-----w- C:\Program Files (x86)\softhouse-seal
2014-01-26 04:27:30 -------- d-----w- C:\Program Files (x86)\WORKS
2014-01-23 00:32:09 12800 ----a-w- C:\Windows\system\WING32.dll
2014-01-21 06:31:56 12800 ----a-w- C:\Windows\SysWow64\WING32.dll
.
==================== Find3M  ====================
.
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 16:26:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 16:26:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-18 12:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-12 09:09:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH: 23:19:41.29 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 18 February 2014 - 09:10 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, haldidntdoit

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 18 February 2014 - 09:10 AM

Hello,

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attached)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#4 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 February 2014 - 09:20 AM

I'm heading to work right now. When I get back home this afternoon, I'll post the logs you requested.

 

Appreciate the help!



#5 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 February 2014 - 08:09 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-18 08:14:46
-----------------------------
08:14:46.447    OS Version: Windows x64 6.1.7601 Service Pack 1
08:14:46.447    Number of processors: 4 586 0x2A07
08:14:46.448    ComputerName: JOHN-PC  UserName: John
08:14:46.538    Initialze error 1 
08:21:59.423    AVAST engine defs: 14021800
18:57:53.257    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
 
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-18 08:14:46
-----------------------------
08:14:46.447    OS Version: Windows x64 6.1.7601 Service Pack 1
08:14:46.447    Number of processors: 4 586 0x2A07
08:14:46.448    ComputerName: JOHN-PC  UserName: John
08:14:46.538    Initialze error 1 
08:21:59.423    AVAST engine defs: 14021800
18:57:53.257    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
18:58:35.989    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:58:35.991    Disk 0 Vendor: ST1000DM CC46 Size: 953869MB BusType: 3
18:58:36.008    Disk 0 MBR read successfully
18:58:36.010    Disk 0 MBR scan
18:58:36.012    Disk 0 Windows 7 default MBR code
18:58:36.014    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
18:58:36.017    Disk 0 scanning C:\Windows\system32\drivers
18:58:36.019    Service scanning
18:58:36.545    Modules scanning
18:58:36.547    Disk 0 trace - called modules:
18:58:36.550    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
18:58:36.553    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a4b060]
18:58:36.556    3 CLASSPNP.SYS[fffff88001c9443f] -> nt!IofCallDriver -> [0xfffffa8007155040]
18:58:36.558    5 ACPI.sys[fffff88000f167a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800715d050]
18:58:36.562    AVAST engine scan C:\Windows
18:58:36.565    AVAST engine scan C:\Windows\system32
18:58:36.567    AVAST engine scan C:\Windows\system32\drivers
18:58:36.571    AVAST engine scan C:\Users\John
18:58:36.574    AVAST engine scan C:\ProgramData
18:58:36.576    Scan finished successfully
18:59:00.083    Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
18:59:00.086    The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"
 
 
19:04:01.0964 0x1034  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
19:04:01.0964 0x1034  UEFI system
19:04:09.0627 0x1034  ============================================================
19:04:09.0627 0x1034  Current date / time: 2014/02/18 19:04:09.0627
19:04:09.0627 0x1034  SystemInfo:
19:04:09.0627 0x1034  
19:04:09.0627 0x1034  OS Version: 6.1.7601 ServicePack: 1.0
19:04:09.0627 0x1034  Product type: Workstation
19:04:09.0627 0x1034  ComputerName: JOHN-PC
19:04:09.0627 0x1034  UserName: John
19:04:09.0627 0x1034  Windows directory: C:\Windows
19:04:09.0627 0x1034  System windows directory: C:\Windows
19:04:09.0627 0x1034  Running under WOW64
19:04:09.0627 0x1034  Processor architecture: Intel x64
19:04:09.0627 0x1034  Number of processors: 4
19:04:09.0627 0x1034  Page size: 0x1000
19:04:09.0627 0x1034  Boot type: Normal boot
19:04:09.0627 0x1034  ============================================================
19:04:09.0710 0x1034  KLMD registered as C:\Windows\system32\drivers\57815691.sys
19:04:09.0806 0x1034  System UUID: {4658C743-39A4-3E1C-4BF9-DD6758C5C574}
19:04:10.0094 0x1034  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:10.0104 0x1034  Drive \Device\Harddisk1\DR1 - Size: 0xEEC00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:10.0105 0x1034  ============================================================
19:04:10.0105 0x1034  \Device\Harddisk0\DR0:
19:04:10.0106 0x1034  GPT partitions:
19:04:10.0106 0x1034  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BE12309E-7C37-4B2B-B5E2-9CA942C18A2D}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:04:10.0106 0x1034  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8FFFFCAA-B1F8-440D-BDC6-7AA2398C75D3}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:04:10.0106 0x1034  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {99EACC9D-FF84-4D3F-B6BE-020FB1810790}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x74694000
19:04:10.0106 0x1034  MBR partitions:
19:04:10.0106 0x1034  \Device\Harddisk1\DR1:
19:04:10.0106 0x1034  MBR partitions:
19:04:10.0106 0x1034  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x774080
19:04:10.0107 0x1034  ============================================================
19:04:10.0132 0x1034  C: <-> \Device\Harddisk0\DR0\Partition3
19:04:10.0132 0x1034  ============================================================
19:04:10.0132 0x1034  Initialize success
19:04:10.0132 0x1034  ============================================================
19:04:13.0834 0x1350  ============================================================
19:04:13.0834 0x1350  Scan started
19:04:13.0834 0x1350  Mode: Manual; 
19:04:13.0834 0x1350  ============================================================
19:04:13.0834 0x1350  KSN ping started
19:04:27.0588 0x1350  KSN ping finished: true
19:04:27.0795 0x1350  ================ Scan system memory ========================
19:04:27.0795 0x1350  System memory - ok
19:04:27.0795 0x1350  ================ Scan services =============================
19:04:27.0868 0x1350  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:04:27.0870 0x1350  !SASCORE - ok
19:04:27.0980 0x1350  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:04:27.0983 0x1350  1394ohci - ok
19:04:28.0006 0x1350  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:04:28.0011 0x1350  ACPI - ok
19:04:28.0021 0x1350  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:04:28.0022 0x1350  AcpiPmi - ok
19:04:28.0161 0x1350  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:04:28.0162 0x1350  AdobeARMservice - ok
19:04:28.0263 0x1350  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:28.0267 0x1350  AdobeFlashPlayerUpdateSvc - ok
19:04:28.0284 0x1350  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:04:28.0291 0x1350  adp94xx - ok
19:04:28.0308 0x1350  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:04:28.0313 0x1350  adpahci - ok
19:04:28.0325 0x1350  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:04:28.0328 0x1350  adpu320 - ok
19:04:28.0350 0x1350  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:04:28.0351 0x1350  AeLookupSvc - ok
19:04:28.0408 0x1350  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
19:04:28.0415 0x1350  AFD - ok
19:04:28.0429 0x1350  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:04:28.0430 0x1350  agp440 - ok
19:04:28.0441 0x1350  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:04:28.0442 0x1350  ALG - ok
19:04:28.0478 0x1350  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:04:28.0479 0x1350  aliide - ok
19:04:28.0572 0x1350  ALSysIO - ok
19:04:28.0583 0x1350  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:04:28.0584 0x1350  amdide - ok
19:04:28.0597 0x1350  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:04:28.0598 0x1350  AmdK8 - ok
19:04:28.0608 0x1350  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:04:28.0609 0x1350  AmdPPM - ok
19:04:28.0622 0x1350  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:04:28.0624 0x1350  amdsata - ok
19:04:28.0634 0x1350  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:04:28.0637 0x1350  amdsbs - ok
19:04:28.0643 0x1350  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:04:28.0644 0x1350  amdxata - ok
19:04:28.0653 0x1350  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
19:04:28.0654 0x1350  AppID - ok
19:04:28.0667 0x1350  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:04:28.0668 0x1350  AppIDSvc - ok
19:04:28.0704 0x1350  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:04:28.0705 0x1350  Appinfo - ok
19:04:28.0720 0x1350  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:04:28.0721 0x1350  arc - ok
19:04:28.0735 0x1350  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:04:28.0737 0x1350  arcsas - ok
19:04:28.0806 0x1350  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:04:28.0807 0x1350  aspnet_state - ok
19:04:28.0827 0x1350  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:28.0828 0x1350  AsyncMac - ok
19:04:28.0838 0x1350  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:04:28.0838 0x1350  atapi - ok
19:04:28.0861 0x1350  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:04:28.0871 0x1350  AudioEndpointBuilder - ok
19:04:28.0885 0x1350  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:04:28.0895 0x1350  AudioSrv - ok
19:04:28.0910 0x1350  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:04:28.0912 0x1350  AxInstSV - ok
19:04:28.0929 0x1350  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:04:28.0936 0x1350  b06bdrv - ok
19:04:28.0953 0x1350  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:04:28.0957 0x1350  b57nd60a - ok
19:04:28.0973 0x1350  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:04:28.0975 0x1350  BDESVC - ok
19:04:28.0993 0x1350  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:04:28.0994 0x1350  Beep - ok
19:04:29.0017 0x1350  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:04:29.0028 0x1350  BFE - ok
19:04:29.0062 0x1350  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:04:29.0075 0x1350  BITS - ok
19:04:29.0094 0x1350  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:29.0095 0x1350  blbdrive - ok
19:04:29.0104 0x1350  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:04:29.0106 0x1350  bowser - ok
19:04:29.0113 0x1350  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:04:29.0113 0x1350  BrFiltLo - ok
19:04:29.0119 0x1350  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:04:29.0120 0x1350  BrFiltUp - ok
19:04:29.0133 0x1350  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
19:04:29.0134 0x1350  BridgeMP - ok
19:04:29.0154 0x1350  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:04:29.0157 0x1350  Browser - ok
19:04:29.0182 0x1350  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:04:29.0186 0x1350  Brserid - ok
19:04:29.0200 0x1350  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:29.0201 0x1350  BrSerWdm - ok
19:04:29.0209 0x1350  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:29.0210 0x1350  BrUsbMdm - ok
19:04:29.0213 0x1350  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:29.0213 0x1350  BrUsbSer - ok
19:04:29.0222 0x1350  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:04:29.0223 0x1350  BthEnum - ok
19:04:29.0233 0x1350  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:04:29.0234 0x1350  BTHMODEM - ok
19:04:29.0249 0x1350  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:04:29.0251 0x1350  BthPan - ok
19:04:29.0271 0x1350  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:04:29.0279 0x1350  BTHPORT - ok
19:04:29.0290 0x1350  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:04:29.0292 0x1350  bthserv - ok
19:04:29.0301 0x1350  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:04:29.0303 0x1350  BTHUSB - ok
19:04:29.0304 0x1350  catchme - ok
19:04:29.0331 0x1350  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:04:29.0333 0x1350  cdfs - ok
19:04:29.0344 0x1350  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:04:29.0346 0x1350  cdrom - ok
19:04:29.0358 0x1350  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:04:29.0360 0x1350  CertPropSvc - ok
19:04:29.0372 0x1350  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:04:29.0373 0x1350  circlass - ok
19:04:29.0390 0x1350  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:04:29.0395 0x1350  CLFS - ok
19:04:29.0433 0x1350  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:29.0434 0x1350  clr_optimization_v2.0.50727_32 - ok
19:04:29.0447 0x1350  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:04:29.0449 0x1350  clr_optimization_v2.0.50727_64 - ok
19:04:29.0501 0x1350  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:29.0503 0x1350  clr_optimization_v4.0.30319_32 - ok
19:04:29.0511 0x1350  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:04:29.0514 0x1350  clr_optimization_v4.0.30319_64 - ok
19:04:29.0520 0x1350  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:04:29.0521 0x1350  CmBatt - ok
19:04:29.0558 0x1350  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:04:29.0559 0x1350  cmdide - ok
19:04:29.0597 0x1350  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
19:04:29.0604 0x1350  CNG - ok
19:04:29.0616 0x1350  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:04:29.0617 0x1350  Compbatt - ok
19:04:29.0630 0x1350  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:04:29.0631 0x1350  CompositeBus - ok
19:04:29.0634 0x1350  COMSysApp - ok
19:04:29.0646 0x1350  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:04:29.0646 0x1350  crcdisk - ok
19:04:29.0683 0x1350  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:04:29.0686 0x1350  CryptSvc - ok
19:04:29.0722 0x1350  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:04:29.0730 0x1350  DcomLaunch - ok
19:04:29.0754 0x1350  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:04:29.0759 0x1350  defragsvc - ok
19:04:29.0780 0x1350  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:04:29.0781 0x1350  DfsC - ok
19:04:29.0799 0x1350  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:04:29.0805 0x1350  Dhcp - ok
19:04:29.0816 0x1350  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:04:29.0816 0x1350  discache - ok
19:04:29.0823 0x1350  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:04:29.0824 0x1350  Disk - ok
19:04:29.0832 0x1350  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:04:29.0836 0x1350  Dnscache - ok
19:04:29.0852 0x1350  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:04:29.0856 0x1350  dot3svc - ok
19:04:29.0865 0x1350  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:04:29.0868 0x1350  DPS - ok
19:04:29.0903 0x1350  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:04:29.0903 0x1350  drmkaud - ok
19:04:29.0942 0x1350  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:04:29.0946 0x1350  dtsoftbus01 - ok
19:04:30.0012 0x1350  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:04:30.0026 0x1350  DXGKrnl - ok
19:04:30.0040 0x1350  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:04:30.0042 0x1350  EapHost - ok
19:04:30.0116 0x1350  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:04:30.0164 0x1350  ebdrv - ok
19:04:30.0228 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
19:04:30.0229 0x1350  EFS - ok
19:04:30.0264 0x1350  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:04:30.0274 0x1350  ehRecvr - ok
19:04:30.0289 0x1350  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:04:30.0291 0x1350  ehSched - ok
19:04:30.0350 0x1350  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:04:30.0358 0x1350  elxstor - ok
19:04:30.0365 0x1350  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:04:30.0365 0x1350  ErrDev - ok
19:04:30.0397 0x1350  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:04:30.0403 0x1350  EventSystem - ok
19:04:30.0416 0x1350  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:04:30.0419 0x1350  exfat - ok
19:04:30.0441 0x1350  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:04:30.0444 0x1350  fastfat - ok
19:04:30.0465 0x1350  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:04:30.0475 0x1350  Fax - ok
19:04:30.0484 0x1350  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:04:30.0485 0x1350  fdc - ok
19:04:30.0497 0x1350  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:04:30.0498 0x1350  fdPHost - ok
19:04:30.0514 0x1350  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:04:30.0515 0x1350  FDResPub - ok
19:04:30.0526 0x1350  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:04:30.0527 0x1350  FileInfo - ok
19:04:30.0531 0x1350  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:04:30.0532 0x1350  Filetrace - ok
19:04:30.0536 0x1350  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:04:30.0537 0x1350  flpydisk - ok
19:04:30.0553 0x1350  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:04:30.0558 0x1350  FltMgr - ok
19:04:30.0620 0x1350  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:04:30.0638 0x1350  FontCache - ok
19:04:30.0679 0x1350  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:04:30.0680 0x1350  FontCache3.0.0.0 - ok
19:04:30.0689 0x1350  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:04:30.0690 0x1350  FsDepends - ok
19:04:30.0696 0x1350  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:04:30.0697 0x1350  Fs_Rec - ok
19:04:30.0726 0x1350  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:04:30.0729 0x1350  fvevol - ok
19:04:30.0740 0x1350  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:04:30.0741 0x1350  gagp30kx - ok
19:04:30.0768 0x1350  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:04:30.0780 0x1350  gpsvc - ok
19:04:30.0844 0x1350  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:30.0846 0x1350  gupdate - ok
19:04:30.0851 0x1350  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:30.0853 0x1350  gupdatem - ok
19:04:30.0862 0x1350  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:04:30.0862 0x1350  hcw85cir - ok
19:04:30.0880 0x1350  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:04:30.0885 0x1350  HdAudAddService - ok
19:04:30.0900 0x1350  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:04:30.0902 0x1350  HDAudBus - ok
19:04:30.0908 0x1350  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:04:30.0908 0x1350  HidBatt - ok
19:04:30.0922 0x1350  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:04:30.0924 0x1350  HidBth - ok
19:04:30.0936 0x1350  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:04:30.0937 0x1350  HidIr - ok
19:04:30.0946 0x1350  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:04:30.0947 0x1350  hidserv - ok
19:04:30.0972 0x1350  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:04:30.0973 0x1350  HidUsb - ok
19:04:30.0999 0x1350  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:04:31.0001 0x1350  hkmsvc - ok
19:04:31.0011 0x1350  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:04:31.0014 0x1350  HomeGroupListener - ok
19:04:31.0037 0x1350  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:04:31.0040 0x1350  HomeGroupProvider - ok
19:04:31.0055 0x1350  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:04:31.0056 0x1350  HpSAMD - ok
19:04:31.0092 0x1350  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:04:31.0103 0x1350  HTTP - ok
19:04:31.0127 0x1350  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:04:31.0128 0x1350  hwpolicy - ok
19:04:31.0133 0x1350  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:04:31.0135 0x1350  i8042prt - ok
19:04:31.0182 0x1350  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:04:31.0191 0x1350  iaStor - ok
19:04:31.0257 0x1350  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:04:31.0257 0x1350  IAStorDataMgrSvc - ok
19:04:31.0273 0x1350  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:04:31.0279 0x1350  iaStorV - ok
19:04:31.0318 0x1350  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:04:31.0331 0x1350  idsvc - ok
19:04:31.0345 0x1350  IEEtwCollectorService - ok
19:04:31.0519 0x1350  [ 348214F96642FD4FEF630DE021BA3540, B6A7D2EA41F6866F5AFF5022BB459E5AFF683FF2FF470B84F3E911C8AEC47C30 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:04:31.0665 0x1350  igfx - ok
19:04:31.0693 0x1350  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:04:31.0694 0x1350  iirsp - ok
19:04:31.0774 0x1350  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:04:31.0787 0x1350  IKEEXT - ok
19:04:31.0861 0x1350  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:04:31.0870 0x1350  Intel® Capability Licensing Service Interface - ok
19:04:31.0907 0x1350  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:04:31.0908 0x1350  intelide - ok
19:04:31.0917 0x1350  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:04:31.0918 0x1350  intelppm - ok
19:04:31.0936 0x1350  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:04:31.0938 0x1350  IPBusEnum - ok
19:04:31.0945 0x1350  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:31.0946 0x1350  IpFilterDriver - ok
19:04:31.0968 0x1350  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:04:31.0977 0x1350  iphlpsvc - ok
19:04:31.0982 0x1350  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:04:31.0983 0x1350  IPMIDRV - ok
19:04:31.0990 0x1350  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:04:31.0992 0x1350  IPNAT - ok
19:04:31.0999 0x1350  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:04:31.0999 0x1350  IRENUM - ok
19:04:32.0006 0x1350  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:04:32.0006 0x1350  isapnp - ok
19:04:32.0024 0x1350  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:04:32.0028 0x1350  iScsiPrt - ok
19:04:32.0053 0x1350  [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:04:32.0054 0x1350  iusb3hcs - ok
19:04:32.0066 0x1350  [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:04:32.0071 0x1350  iusb3hub - ok
19:04:32.0094 0x1350  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:04:32.0105 0x1350  iusb3xhc - ok
19:04:32.0169 0x1350  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
19:04:32.0172 0x1350  jhi_service - ok
19:04:32.0185 0x1350  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:32.0186 0x1350  kbdclass - ok
19:04:32.0190 0x1350  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:32.0190 0x1350  kbdhid - ok
19:04:32.0203 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
19:04:32.0204 0x1350  KeyIso - ok
19:04:32.0240 0x1350  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:04:32.0241 0x1350  KSecDD - ok
19:04:32.0254 0x1350  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:04:32.0256 0x1350  KSecPkg - ok
19:04:32.0269 0x1350  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:04:32.0269 0x1350  ksthunk - ok
19:04:32.0299 0x1350  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:04:32.0305 0x1350  KtmRm - ok
19:04:32.0334 0x1350  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:04:32.0338 0x1350  LanmanServer - ok
19:04:32.0355 0x1350  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:32.0358 0x1350  LanmanWorkstation - ok
19:04:32.0372 0x1350  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:04:32.0373 0x1350  lltdio - ok
19:04:32.0399 0x1350  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:04:32.0404 0x1350  lltdsvc - ok
19:04:32.0416 0x1350  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:04:32.0417 0x1350  lmhosts - ok
19:04:32.0459 0x1350  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:04:32.0463 0x1350  LMS - ok
19:04:32.0476 0x1350  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:04:32.0478 0x1350  LSI_FC - ok
19:04:32.0493 0x1350  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:04:32.0494 0x1350  LSI_SAS - ok
19:04:32.0504 0x1350  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:04:32.0505 0x1350  LSI_SAS2 - ok
19:04:32.0514 0x1350  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:04:32.0516 0x1350  LSI_SCSI - ok
19:04:32.0537 0x1350  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:04:32.0539 0x1350  luafv - ok
19:04:32.0600 0x1350  [ 31C6AFFFAD7C733A65F888929548BC22, 20004EF74A7FE050E0F36F4B10E7561D45E8FCCDB0953363621B3BAB046A69C9 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
19:04:32.0601 0x1350  mbamchameleon - ok
19:04:32.0612 0x1350  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:04:32.0614 0x1350  Mcx2Svc - ok
19:04:32.0620 0x1350  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:04:32.0621 0x1350  megasas - ok
19:04:32.0636 0x1350  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:04:32.0640 0x1350  MegaSR - ok
19:04:32.0653 0x1350  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:04:32.0654 0x1350  MEIx64 - ok
19:04:32.0663 0x1350  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:04:32.0665 0x1350  MMCSS - ok
19:04:32.0670 0x1350  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:04:32.0671 0x1350  Modem - ok
19:04:32.0679 0x1350  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:04:32.0679 0x1350  monitor - ok
19:04:32.0708 0x1350  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
19:04:32.0710 0x1350  MotioninJoyXFilter - ok
19:04:32.0716 0x1350  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:04:32.0717 0x1350  mouclass - ok
19:04:32.0725 0x1350  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:04:32.0726 0x1350  mouhid - ok
19:04:32.0734 0x1350  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:04:32.0736 0x1350  mountmgr - ok
19:04:32.0777 0x1350  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:04:32.0779 0x1350  MozillaMaintenance - ok
19:04:32.0790 0x1350  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:04:32.0793 0x1350  mpio - ok
19:04:32.0803 0x1350  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:04:32.0804 0x1350  mpsdrv - ok
19:04:32.0834 0x1350  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:04:32.0847 0x1350  MpsSvc - ok
19:04:32.0884 0x1350  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:04:32.0886 0x1350  MRxDAV - ok
19:04:32.0894 0x1350  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:32.0896 0x1350  mrxsmb - ok
19:04:32.0910 0x1350  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:32.0914 0x1350  mrxsmb10 - ok
19:04:32.0933 0x1350  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:32.0935 0x1350  mrxsmb20 - ok
19:04:32.0974 0x1350  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:04:32.0974 0x1350  msahci - ok
19:04:32.0987 0x1350  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:04:32.0989 0x1350  msdsm - ok
19:04:33.0003 0x1350  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:04:33.0006 0x1350  MSDTC - ok
19:04:33.0020 0x1350  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:04:33.0020 0x1350  Msfs - ok
19:04:33.0026 0x1350  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:04:33.0026 0x1350  mshidkmdf - ok
19:04:33.0037 0x1350  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:04:33.0038 0x1350  msisadrv - ok
19:04:33.0069 0x1350  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:04:33.0072 0x1350  MSiSCSI - ok
19:04:33.0075 0x1350  msiserver - ok
19:04:33.0084 0x1350  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:04:33.0084 0x1350  MSKSSRV - ok
19:04:33.0092 0x1350  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:33.0092 0x1350  MSPCLOCK - ok
19:04:33.0096 0x1350  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:04:33.0096 0x1350  MSPQM - ok
19:04:33.0114 0x1350  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:04:33.0120 0x1350  MsRPC - ok
19:04:33.0132 0x1350  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:33.0133 0x1350  mssmbios - ok
19:04:33.0137 0x1350  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:04:33.0137 0x1350  MSTEE - ok
19:04:33.0150 0x1350  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:04:33.0150 0x1350  MTConfig - ok
19:04:33.0158 0x1350  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:04:33.0160 0x1350  Mup - ok
19:04:33.0181 0x1350  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:04:33.0188 0x1350  napagent - ok
19:04:33.0212 0x1350  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:04:33.0217 0x1350  NativeWifiP - ok
19:04:33.0247 0x1350  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:04:33.0261 0x1350  NDIS - ok
19:04:33.0276 0x1350  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:33.0276 0x1350  NdisCap - ok
19:04:33.0288 0x1350  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:33.0288 0x1350  NdisTapi - ok
19:04:33.0296 0x1350  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:33.0297 0x1350  Ndisuio - ok
19:04:33.0311 0x1350  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:33.0313 0x1350  NdisWan - ok
19:04:33.0322 0x1350  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:04:33.0323 0x1350  NDProxy - ok
19:04:33.0331 0x1350  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:04:33.0332 0x1350  NetBIOS - ok
19:04:33.0349 0x1350  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:04:33.0353 0x1350  NetBT - ok
19:04:33.0363 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
19:04:33.0364 0x1350  Netlogon - ok
19:04:33.0391 0x1350  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:04:33.0397 0x1350  Netman - ok
19:04:33.0445 0x1350  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:04:33.0447 0x1350  NetMsmqActivator - ok
19:04:33.0452 0x1350  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:04:33.0455 0x1350  NetPipeActivator - ok
19:04:33.0481 0x1350  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:04:33.0488 0x1350  netprofm - ok
19:04:33.0492 0x1350  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:04:33.0494 0x1350  NetTcpActivator - ok
19:04:33.0499 0x1350  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:04:33.0501 0x1350  NetTcpPortSharing - ok
19:04:33.0514 0x1350  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:04:33.0515 0x1350  nfrd960 - ok
19:04:33.0532 0x1350  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:04:33.0537 0x1350  NlaSvc - ok
19:04:33.0546 0x1350  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:04:33.0547 0x1350  Npfs - ok
19:04:33.0551 0x1350  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:04:33.0553 0x1350  nsi - ok
19:04:33.0559 0x1350  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:04:33.0559 0x1350  nsiproxy - ok
19:04:33.0613 0x1350  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:04:33.0637 0x1350  Ntfs - ok
19:04:33.0645 0x1350  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:04:33.0645 0x1350  Null - ok
19:04:33.0667 0x1350  [ B4F53BCA4C688FF47F04FA90098F896E, 6051CFC0CFE659A2C4CFC1029F19CF1B1B98A1A5E59C2B3A10D7B3407A7FA5C0 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:04:33.0669 0x1350  NVHDA - ok
19:04:33.0909 0x1350  [ 4EE399576F76D38C04745DB739BBC8C7, 7D7FB6013D5D3EE1908F37188AA440EE6EF80A432204EB59AE190ACD14CD1FE0 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:04:34.0136 0x1350  nvlddmkm - ok
19:04:34.0167 0x1350  [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:04:34.0168 0x1350  nvpciflt - ok
19:04:34.0181 0x1350  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:04:34.0183 0x1350  nvraid - ok
19:04:34.0193 0x1350  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:04:34.0196 0x1350  nvstor - ok
19:04:34.0228 0x1350  [ 7335C3D78A7746D76D37F6722CC4A466, 18BDD51AB0EB4084E1DA2F27B8D4FCF488ED9161C034BB3CDFF5BE33F84C1D37 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:04:34.0241 0x1350  nvsvc - ok
19:04:34.0297 0x1350  [ B7C53DA1C73FF39F4A6248643EFD979A, 528C4984F09F66D4CBA5A9B7C78FBAA04E558309B0D66EB1C29AD2B30D9993F7 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:04:34.0315 0x1350  nvUpdatusService - ok
19:04:34.0327 0x1350  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:04:34.0329 0x1350  nv_agp - ok
19:04:34.0341 0x1350  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:04:34.0343 0x1350  ohci1394 - ok
19:04:34.0362 0x1350  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:04:34.0368 0x1350  p2pimsvc - ok
19:04:34.0387 0x1350  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:04:34.0394 0x1350  p2psvc - ok
19:04:34.0401 0x1350  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
19:04:34.0403 0x1350  Parport - ok
19:04:34.0414 0x1350  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:04:34.0416 0x1350  partmgr - ok
19:04:34.0430 0x1350  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:04:34.0433 0x1350  PcaSvc - ok
19:04:34.0446 0x1350  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:04:34.0448 0x1350  pci - ok
19:04:34.0482 0x1350  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:04:34.0482 0x1350  pciide - ok
19:04:34.0493 0x1350  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:04:34.0497 0x1350  pcmcia - ok
19:04:34.0508 0x1350  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:04:34.0509 0x1350  pcw - ok
19:04:34.0533 0x1350  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:04:34.0543 0x1350  PEAUTH - ok
19:04:34.0597 0x1350  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:04:34.0598 0x1350  PerfHost - ok
19:04:34.0636 0x1350  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:04:34.0656 0x1350  pla - ok
19:04:34.0687 0x1350  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:04:34.0694 0x1350  PlugPlay - ok
19:04:34.0703 0x1350  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:04:34.0704 0x1350  PNRPAutoReg - ok
19:04:34.0721 0x1350  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:04:34.0726 0x1350  PNRPsvc - ok
19:04:34.0759 0x1350  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:04:34.0766 0x1350  PolicyAgent - ok
19:04:34.0781 0x1350  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:04:34.0784 0x1350  Power - ok
19:04:34.0793 0x1350  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:04:34.0795 0x1350  PptpMiniport - ok
19:04:34.0806 0x1350  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:04:34.0807 0x1350  Processor - ok
19:04:34.0823 0x1350  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:04:34.0827 0x1350  ProfSvc - ok
19:04:34.0838 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:34.0839 0x1350  ProtectedStorage - ok
19:04:34.0849 0x1350  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:04:34.0851 0x1350  Psched - ok
19:04:34.0892 0x1350  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:04:34.0914 0x1350  ql2300 - ok
19:04:34.0930 0x1350  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:04:34.0932 0x1350  ql40xx - ok
19:04:34.0947 0x1350  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:04:34.0952 0x1350  QWAVE - ok
19:04:34.0962 0x1350  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:04:34.0962 0x1350  QWAVEdrv - ok
19:04:34.0974 0x1350  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:04:34.0975 0x1350  RasAcd - ok
19:04:34.0992 0x1350  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:34.0993 0x1350  RasAgileVpn - ok
19:04:35.0002 0x1350  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:04:35.0005 0x1350  RasAuto - ok
19:04:35.0016 0x1350  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:35.0018 0x1350  Rasl2tp - ok
19:04:35.0035 0x1350  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:04:35.0041 0x1350  RasMan - ok
19:04:35.0050 0x1350  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:35.0052 0x1350  RasPppoe - ok
19:04:35.0060 0x1350  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:04:35.0061 0x1350  RasSstp - ok
19:04:35.0075 0x1350  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:04:35.0080 0x1350  rdbss - ok
19:04:35.0089 0x1350  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:04:35.0090 0x1350  rdpbus - ok
19:04:35.0098 0x1350  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:35.0098 0x1350  RDPCDD - ok
19:04:35.0105 0x1350  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:04:35.0106 0x1350  RDPENCDD - ok
19:04:35.0111 0x1350  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:04:35.0112 0x1350  RDPREFMP - ok
19:04:35.0127 0x1350  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:04:35.0130 0x1350  RDPWD - ok
19:04:35.0150 0x1350  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:04:35.0153 0x1350  rdyboost - ok
19:04:35.0172 0x1350  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:04:35.0174 0x1350  RemoteAccess - ok
19:04:35.0183 0x1350  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:04:35.0186 0x1350  RemoteRegistry - ok
19:04:35.0201 0x1350  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:04:35.0204 0x1350  RFCOMM - ok
19:04:35.0217 0x1350  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:04:35.0219 0x1350  RpcEptMapper - ok
19:04:35.0230 0x1350  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:04:35.0231 0x1350  RpcLocator - ok
19:04:35.0256 0x1350  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:04:35.0265 0x1350  RpcSs - ok
19:04:35.0276 0x1350  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:04:35.0277 0x1350  rspndr - ok
19:04:35.0296 0x1350  [ 3713DACCA1025B05A6343104112708D9, 77830F361775166ED2408CFF9F0DBEDFF225895DD0FAC93F3DC5FFD8DBE0ED2B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
19:04:35.0307 0x1350  RTL8167 - ok
19:04:35.0321 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
19:04:35.0322 0x1350  SamSs - ok
19:04:35.0422 0x1350  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:04:35.0423 0x1350  SASDIFSV - ok
19:04:35.0453 0x1350  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:04:35.0453 0x1350  SASKUTIL - ok
19:04:35.0464 0x1350  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:04:35.0466 0x1350  sbp2port - ok
19:04:35.0481 0x1350  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:04:35.0485 0x1350  SCardSvr - ok
19:04:35.0498 0x1350  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:04:35.0499 0x1350  scfilter - ok
19:04:35.0549 0x1350  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:04:35.0566 0x1350  Schedule - ok
19:04:35.0592 0x1350  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:04:35.0593 0x1350  SCPolicySvc - ok
19:04:35.0632 0x1350  [ 2339E96DAD50D51EC1B66EF9CA1D8DED, 8734265585DCAA18D0FECABB414CCFF291F42BAB5A5D3E66B352A0768AD604E4 ] ScpVBus         C:\Windows\system32\DRIVERS\ScpVBus.sys
19:04:35.0633 0x1350  ScpVBus - ok
19:04:35.0648 0x1350  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:04:35.0651 0x1350  SDRSVC - ok
19:04:35.0659 0x1350  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:04:35.0660 0x1350  secdrv - ok
19:04:35.0671 0x1350  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:04:35.0673 0x1350  seclogon - ok
19:04:35.0681 0x1350  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
19:04:35.0683 0x1350  SENS - ok
19:04:35.0693 0x1350  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:04:35.0694 0x1350  SensrSvc - ok
19:04:35.0704 0x1350  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:04:35.0705 0x1350  Serenum - ok
19:04:35.0712 0x1350  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
19:04:35.0713 0x1350  Serial - ok
19:04:35.0725 0x1350  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:04:35.0725 0x1350  sermouse - ok
19:04:35.0734 0x1350  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:04:35.0737 0x1350  SessionEnv - ok
19:04:35.0746 0x1350  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:04:35.0746 0x1350  sffdisk - ok
19:04:35.0749 0x1350  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:04:35.0750 0x1350  sffp_mmc - ok
19:04:35.0753 0x1350  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:04:35.0753 0x1350  sffp_sd - ok
19:04:35.0764 0x1350  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:04:35.0765 0x1350  sfloppy - ok
19:04:35.0796 0x1350  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:04:35.0802 0x1350  SharedAccess - ok
19:04:35.0835 0x1350  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:04:35.0842 0x1350  ShellHWDetection - ok
19:04:35.0849 0x1350  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:04:35.0850 0x1350  SiSRaid2 - ok
19:04:35.0857 0x1350  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:04:35.0859 0x1350  SiSRaid4 - ok
19:04:35.0868 0x1350  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:04:35.0870 0x1350  Smb - ok
19:04:35.0886 0x1350  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:04:35.0887 0x1350  SNMPTRAP - ok
19:04:35.0894 0x1350  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:04:35.0895 0x1350  spldr - ok
19:04:35.0918 0x1350  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:04:35.0927 0x1350  Spooler - ok
19:04:36.0010 0x1350  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:04:36.0061 0x1350  sppsvc - ok
19:04:36.0087 0x1350  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:04:36.0088 0x1350  sppuinotify - ok
19:04:36.0115 0x1350  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:04:36.0122 0x1350  srv - ok
19:04:36.0147 0x1350  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:04:36.0153 0x1350  srv2 - ok
19:04:36.0162 0x1350  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:04:36.0164 0x1350  srvnet - ok
19:04:36.0180 0x1350  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:04:36.0184 0x1350  SSDPSRV - ok
19:04:36.0195 0x1350  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:04:36.0197 0x1350  SstpSvc - ok
19:04:36.0242 0x1350  [ BC76D75A372BC02831A6A6AEA66510F8, 98EABF22D16E5326CE4FD4B7092E7A6BD52118698792D98A25C477ACCFDE7FF6 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:04:36.0250 0x1350  Steam Client Service - ok
19:04:36.0303 0x1350  [ 81F177C1954453AF407604160BD149CB, D6B05F7E399690233C71C1E4B88F95D566BC6A14D145715A8A8C0FFD591147F0 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:04:36.0308 0x1350  Stereo Service - ok
19:04:36.0317 0x1350  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:04:36.0318 0x1350  stexstor - ok
19:04:36.0352 0x1350  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:04:36.0361 0x1350  stisvc - ok
19:04:36.0371 0x1350  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:04:36.0372 0x1350  swenum - ok
19:04:36.0392 0x1350  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:04:36.0400 0x1350  swprv - ok
19:04:36.0440 0x1350  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:04:36.0466 0x1350  SysMain - ok
19:04:36.0480 0x1350  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:04:36.0483 0x1350  TabletInputService - ok
19:04:36.0497 0x1350  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:04:36.0503 0x1350  TapiSrv - ok
19:04:36.0517 0x1350  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:04:36.0519 0x1350  TBS - ok
19:04:36.0589 0x1350  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:04:36.0616 0x1350  Tcpip - ok
19:04:36.0654 0x1350  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:04:36.0681 0x1350  TCPIP6 - ok
19:04:36.0692 0x1350  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:04:36.0693 0x1350  tcpipreg - ok
19:04:36.0699 0x1350  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:04:36.0699 0x1350  TDPIPE - ok
19:04:36.0705 0x1350  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:04:36.0705 0x1350  TDTCP - ok
19:04:36.0720 0x1350  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:04:36.0722 0x1350  tdx - ok
19:04:36.0734 0x1350  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:04:36.0736 0x1350  TermDD - ok
19:04:36.0758 0x1350  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
19:04:36.0770 0x1350  TermService - ok
19:04:36.0776 0x1350  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:04:36.0777 0x1350  Themes - ok
19:04:36.0798 0x1350  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:04:36.0799 0x1350  THREADORDER - ok
19:04:36.0806 0x1350  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:04:36.0808 0x1350  TrkWks - ok
19:04:36.0850 0x1350  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:04:36.0853 0x1350  TrustedInstaller - ok
19:04:36.0889 0x1350  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:04:36.0890 0x1350  tssecsrv - ok
19:04:36.0930 0x1350  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:04:36.0931 0x1350  TsUsbFlt - ok
19:04:36.0969 0x1350  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:04:36.0970 0x1350  TsUsbGD - ok
19:04:36.0987 0x1350  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:04:36.0989 0x1350  tunnel - ok
19:04:37.0002 0x1350  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:04:37.0003 0x1350  uagp35 - ok
19:04:37.0030 0x1350  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:04:37.0034 0x1350  udfs - ok
19:04:37.0045 0x1350  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:04:37.0047 0x1350  UI0Detect - ok
19:04:37.0051 0x1350  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:04:37.0052 0x1350  uliagpkx - ok
19:04:37.0061 0x1350  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:04:37.0062 0x1350  umbus - ok
19:04:37.0069 0x1350  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:04:37.0070 0x1350  UmPass - ok
19:04:37.0153 0x1350  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:04:37.0158 0x1350  UNS - ok
19:04:37.0178 0x1350  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:04:37.0184 0x1350  upnphost - ok
19:04:37.0206 0x1350  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:04:37.0208 0x1350  usbccgp - ok
19:04:37.0234 0x1350  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:04:37.0236 0x1350  usbcir - ok
19:04:37.0260 0x1350  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:04:37.0261 0x1350  usbehci - ok
19:04:37.0285 0x1350  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:04:37.0290 0x1350  usbhub - ok
19:04:37.0301 0x1350  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:04:37.0302 0x1350  usbohci - ok
19:04:37.0309 0x1350  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
19:04:37.0310 0x1350  usbprint - ok
19:04:37.0324 0x1350  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:04:37.0326 0x1350  USBSTOR - ok
19:04:37.0356 0x1350  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:04:37.0357 0x1350  usbuhci - ok
19:04:37.0371 0x1350  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:04:37.0374 0x1350  usbvideo - ok
19:04:37.0383 0x1350  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:04:37.0384 0x1350  UxSms - ok
19:04:37.0396 0x1350  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
19:04:37.0397 0x1350  VaultSvc - ok
19:04:37.0409 0x1350  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:04:37.0409 0x1350  vdrvroot - ok
19:04:37.0431 0x1350  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:04:37.0440 0x1350  vds - ok
19:04:37.0449 0x1350  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:04:37.0449 0x1350  vga - ok
19:04:37.0457 0x1350  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:04:37.0458 0x1350  VgaSave - ok
19:04:37.0469 0x1350  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:04:37.0472 0x1350  vhdmp - ok
19:04:37.0553 0x1350  [ EECF5B7210D773F3501CEDA848D53D31, C98034418DA5351A82B3FFAFBD277BAE4AE8AF25DD491BF628CEA0C708A5A9B2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:04:37.0584 0x1350  VIAHdAudAddService - ok
19:04:37.0627 0x1350  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:04:37.0628 0x1350  viaide - ok
19:04:37.0635 0x1350  [ 43412F74D9516EF87988F2397A9B8E78, 82253E49D2762D67D202A8D3A215EF5F937ADFCF711AD238B6FDACAE0CC80A49 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:04:37.0636 0x1350  VIAKaraokeService - ok
19:04:37.0642 0x1350  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:04:37.0643 0x1350  volmgr - ok
19:04:37.0658 0x1350  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:04:37.0664 0x1350  volmgrx - ok
19:04:37.0680 0x1350  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:04:37.0685 0x1350  volsnap - ok
19:04:37.0700 0x1350  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:04:37.0703 0x1350  vsmraid - ok
19:04:37.0753 0x1350  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:04:37.0777 0x1350  VSS - ok
19:04:37.0787 0x1350  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:04:37.0788 0x1350  vwifibus - ok
19:04:37.0803 0x1350  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:04:37.0809 0x1350  W32Time - ok
19:04:37.0866 0x1350  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:04:37.0867 0x1350  WacomPen - ok
19:04:37.0880 0x1350  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:04:37.0881 0x1350  WANARP - ok
19:04:37.0885 0x1350  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:04:37.0887 0x1350  Wanarpv6 - ok
19:04:37.0940 0x1350  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:04:37.0959 0x1350  WatAdminSvc - ok
19:04:38.0003 0x1350  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:04:38.0026 0x1350  wbengine - ok
19:04:38.0042 0x1350  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:04:38.0046 0x1350  WbioSrvc - ok
19:04:38.0060 0x1350  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:04:38.0066 0x1350  wcncsvc - ok
19:04:38.0075 0x1350  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:04:38.0076 0x1350  WcsPlugInService - ok
19:04:38.0087 0x1350  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:04:38.0088 0x1350  Wd - ok
19:04:38.0140 0x1350  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:04:38.0151 0x1350  Wdf01000 - ok
19:04:38.0165 0x1350  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:04:38.0167 0x1350  WdiServiceHost - ok
19:04:38.0172 0x1350  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:04:38.0174 0x1350  WdiSystemHost - ok
19:04:38.0233 0x1350  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:04:38.0238 0x1350  WebClient - ok
19:04:38.0248 0x1350  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:04:38.0252 0x1350  Wecsvc - ok
19:04:38.0265 0x1350  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:04:38.0267 0x1350  wercplsupport - ok
19:04:38.0281 0x1350  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:04:38.0283 0x1350  WerSvc - ok
19:04:38.0295 0x1350  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:04:38.0295 0x1350  WfpLwf - ok
19:04:38.0306 0x1350  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:04:38.0306 0x1350  WIMMount - ok
19:04:38.0337 0x1350  WinDefend - ok
19:04:38.0341 0x1350  WinHttpAutoProxySvc - ok
19:04:38.0386 0x1350  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:04:38.0390 0x1350  Winmgmt - ok
19:04:38.0454 0x1350  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:04:38.0484 0x1350  WinRM - ok
19:04:38.0524 0x1350  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
19:04:38.0525 0x1350  winusb - ok
19:04:38.0562 0x1350  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:04:38.0575 0x1350  Wlansvc - ok
19:04:38.0579 0x1350  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:04:38.0580 0x1350  WmiAcpi - ok
19:04:38.0608 0x1350  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:04:38.0611 0x1350  wmiApSrv - ok
19:04:38.0614 0x1350  WMPNetworkSvc - ok
19:04:38.0670 0x1350  [ 83B6CA03C846FCD47F9883D77D1EB27B, 1616DBBC95085B6618B7F884383507E2A54D561A41288E79FA6DC99218C02802 ] WMZuneComm      C:\Program Files\Zune\WMZuneComm.exe
19:04:38.0675 0x1350  WMZuneComm - ok
19:04:38.0688 0x1350  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:04:38.0689 0x1350  WPCSvc - ok
19:04:38.0703 0x1350  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:04:38.0706 0x1350  WPDBusEnum - ok
19:04:38.0721 0x1350  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:04:38.0722 0x1350  ws2ifsl - ok
19:04:38.0736 0x1350  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
19:04:38.0738 0x1350  wscsvc - ok
19:04:38.0741 0x1350  WSearch - ok
19:04:38.0801 0x1350  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:04:38.0836 0x1350  wuauserv - ok
19:04:38.0865 0x1350  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:04:38.0867 0x1350  WudfPf - ok
19:04:38.0881 0x1350  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:04:38.0884 0x1350  WUDFRd - ok
19:04:38.0894 0x1350  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:04:38.0896 0x1350  wudfsvc - ok
19:04:38.0937 0x1350  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:04:38.0941 0x1350  WwanSvc - ok
19:04:38.0973 0x1350  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
19:04:38.0975 0x1350  xusb21 - ok
19:04:39.0245 0x1350  [ 67B787C34FB2888D01B130AE007042D8, E44878E53F265C89F271B08B81C129105E42D1C78C14467B2D96E28A9A428B1A ] ZuneNetworkSvc  C:\Program Files\Zune\ZuneNss.exe
19:04:39.0363 0x1350  ZuneNetworkSvc - ok
19:04:39.0414 0x1350  [ 4D89FC1C20CF655739EFAC5DA81A67BC, 788D0A5B9972ED6D80242C0C5E80AB0FAB44A708B896D5F724AC1559A291C8DD ] ZuneWlanCfgSvc  C:\Program Files\Zune\ZuneWlanCfgSvc.exe
19:04:39.0421 0x1350  ZuneWlanCfgSvc - ok
19:04:39.0423 0x1350  ================ Scan global ===============================
19:04:39.0456 0x1350  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:04:39.0494 0x1350  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:04:39.0503 0x1350  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:04:39.0528 0x1350  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:04:39.0548 0x1350  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:04:39.0553 0x1350  [ Global ] - ok
19:04:39.0554 0x1350  ================ Scan MBR ==================================
19:04:39.0565 0x1350  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:04:39.0569 0x1350  \Device\Harddisk0\DR0 - ok
19:04:39.0573 0x1350  [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
19:04:39.0577 0x1350  \Device\Harddisk1\DR1 - ok
19:04:39.0577 0x1350  ================ Scan VBR ==================================
19:04:39.0586 0x1350  [ 3FBA18DDE013DFF8DE59F71171D62702 ] \Device\Harddisk0\DR0\Partition1
19:04:39.0644 0x1350  \Device\Harddisk0\DR0\Partition1 - ok
19:04:39.0670 0x1350  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:04:39.0670 0x1350  \Device\Harddisk0\DR0\Partition2 - ok
19:04:39.0679 0x1350  [ 41199CED121606DFF10CF70F2B5E7090 ] \Device\Harddisk0\DR0\Partition3
19:04:39.0724 0x1350  \Device\Harddisk0\DR0\Partition3 - ok
19:04:39.0729 0x1350  [ B25F24CF9E7BDCA50F59E4BB540E4A4A ] \Device\Harddisk1\DR1\Partition1
19:04:39.0730 0x1350  \Device\Harddisk1\DR1\Partition1 - ok
19:04:39.0731 0x1350  Waiting for KSN requests completion. In queue: 296
19:04:40.0731 0x1350  Waiting for KSN requests completion. In queue: 296
19:04:41.0731 0x1350  Waiting for KSN requests completion. In queue: 296
19:04:42.0731 0x1350  Waiting for KSN requests completion. In queue: 296
19:04:43.0742 0x1350  Win FW state via NFP2: enabled
19:04:46.0566 0x1350  ============================================================
19:04:46.0566 0x1350  Scan finished
19:04:46.0566 0x1350  ============================================================
19:04:46.0571 0x13d8  Detected object count: 0
19:04:46.0571 0x13d8  Actual detected object count: 0
19:06:07.0422 0x0788  Deinitialize success
 

Edited by haldidntdoit, 18 February 2014 - 08:11 PM.


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 18 February 2014 - 10:46 PM

I want to have a look at ComboFix log file. They should be at C:\ComboFix.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 February 2014 - 10:55 PM

ComboFix 14-02-16.01 - Administrator 7/2014 Mon  22:26:41.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.8140.6315 [GMT -6:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-18 to 2014-02-18  )))))))))))))))))))))))))))))))
.
.
2014-02-18 04:31 . 2014-02-18 04:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-18 04:31 . 2014-02-18 04:31 -------- d-----w- c:\users\John\AppData\Local\temp
2014-02-18 04:31 . 2014-02-18 04:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-18 03:52 . 2014-02-18 03:52 -------- d-----w- c:\programdata\SMR410
2014-02-18 03:52 . 2014-02-18 03:52 96856 ----a-w- c:\windows\system32\drivers\SMR410.SYS
2014-02-18 03:52 . 2014-02-18 03:52 -------- d-----w- c:\programdata\Norton
2014-02-18 03:37 . 2014-02-18 03:45 -------- d-----w- C:\AdwCleaner
2014-02-18 03:21 . 2014-02-18 03:21 -------- d-----w- c:\windows\ERUNT
2014-02-18 02:48 . 2014-02-18 02:48 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2014-02-18 02:48 . 2014-02-18 03:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-18 02:48 . 2014-02-18 02:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-02-17 05:01 . 2014-02-17 05:01 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-17 04:58 . 2014-02-17 04:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-17 04:58 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-17 04:50 . 2014-02-17 04:50 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-02-17 04:20 . 2014-02-18 03:59 -------- d-----w- c:\windows\system32\catroot2
2014-02-17 04:13 . 2014-02-18 04:00 -------- d-----w- c:\windows\system32\wbem\repository
2014-02-17 04:13 . 2014-02-17 04:13 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-02-17 04:02 . 2014-02-17 04:25 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-02-17 03:59 . 2014-02-17 03:59 -------- d-----w- C:\RegBackup
2014-02-17 03:16 . 2014-02-17 03:16 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-02-17 02:06 . 2014-02-17 02:06 -------- d-----w- c:\users\Administrator
2014-02-17 00:45 . 2014-02-17 05:05 -------- d-----w- C:\NTKernel
2014-02-17 00:45 . 2014-02-17 00:45 -------- d-----w- c:\users\John\AppData\Roaming\Winamp
2014-02-16 07:26 . 2014-02-16 07:26 -------- d-----w- c:\program files (x86)\Antique
2014-02-15 23:55 . 2014-02-15 23:55 -------- d-----w- c:\users\John\dwhelper
2014-02-14 05:59 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF315AAD-E1A4-4948-A76F-18E06731925A}\mpengine.dll
2014-02-13 09:01 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 09:01 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-13 07:13 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-03 04:19 . 2014-02-03 04:19 -------- d-----w- c:\programdata\SetApp
2014-02-03 04:19 . 2014-02-03 04:19 -------- d-----w- c:\programdata\InstallMate
2014-02-01 05:46 . 2014-02-01 05:46 -------- d-----w- C:\Shotamane
2014-01-27 07:00 . 2014-01-27 07:00 -------- d-----w- c:\program files (x86)\モニスタラッシュ
2014-01-27 06:32 . 2014-01-27 06:32 -------- d-----w- c:\program files (x86)\softhouse-seal
2014-01-26 04:27 . 2014-01-26 04:27 -------- d-----w- c:\program files (x86)\WORKS
2014-01-23 00:32 . 1994-09-21 07:00 12800 ----a-w- c:\windows\system\WING32.dll
2014-01-21 06:31 . 1994-09-21 07:00 12800 ----a-w- c:\windows\SysWow64\WING32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-16 09:00 . 2013-01-30 16:36 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 16:26 . 2013-04-18 14:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 16:26 . 2013-04-18 14:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 12:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-12 09:09 . 2013-12-11 03:34 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-11-27 01:41 . 2014-01-15 10:21 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 10:21 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 10:21 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 10:21 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 10:21 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 10:21 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 10:21 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 10:21 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 10:21 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-23 18:26 . 2013-12-11 22:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 22:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"=hex(0):
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 SMR410;Symantec SMR Utility Service 4.1.0;c:\windows\System32\drivers\SMR410.SYS;c:\windows\SYSNATIVE\drivers\SMR410.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 20:54 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 16:26]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 14:14]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18 14:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BradyonVeda_is1 - c:\program files (x86)\暁WORKS\BradyonVeda\unins000.exe
AddRemove-SXMA - c:\プョタマネ\UNINST.EXE
AddRemove-{C7C62773-9A9C-B615-DC4E-2AF6C7702F57} - c:\progra~3\INSTAL~1\{9C800~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3714938223-263661296-3424438224-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,53,f0,4c,c7,3f,89,48,9f,8e,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,53,f0,4c,c7,3f,89,48,9f,8e,3b,\
.
[HKEY_USERS\S-1-5-21-3714938223-263661296-3424438224-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
@Denied: (A C D 2 3) (Everyone)
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin"
"BuildNumber"=dword:00001db1
"FirstLogon"=dword:00000000
"shell"="explorer.exe,\"c:\\ProgramData\\load32.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-02-17  22:32:27
ComboFix-quarantined-files.txt  2014-02-18 04:32
ComboFix2.txt  2014-02-18 03:18
.
Pre-Run: 281,267,417,088 bytes free
Post-Run: 280,813,387,776 bytes free
.
- - End Of File - - DB62E2DD2B68D7C7DED98C7909463492


#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 18 February 2014 - 11:20 PM

Thanks for the log. :)

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Edited by Conspire, 18 February 2014 - 11:21 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 18 February 2014 - 11:26 PM

# AdwCleaner v3.019 - Report created 18/02/2014 at 22:23:58
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\wnlt
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\wnlt
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\prefs.js ]
 
Line Found : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381546734113,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381546733827,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={1B4F52BE-B6CB-11E2-A074-60A44C4253FE}&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573");
Line Found : user_pref("browser.search.defaultthis.engineName", "TrustWorthy Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN31573824471834230&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN35927664603016017&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN35927664603016017&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Found : user_pref("smartbar.machineId", "AAEMVRYOJFOTBA9EMBQZ8AEH5NZRWYK45/NFJJKUFZLCVNJRWRFJX14H52T/XZXOSHRHJOMU0VKKA2NJ0ZBH2Q");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN35927664603016017&UM=2&SearchSource=13");
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2515 octets] - [17/02/2014 21:37:20]
AdwCleaner[R1].txt - [992 octets] - [17/02/2014 21:43:31]
AdwCleaner[R2].txt - [1112 octets] - [18/02/2014 00:41:08]
AdwCleaner[R3].txt - [3629 octets] - [18/02/2014 22:23:58]
AdwCleaner[S0].txt - [2501 octets] - [17/02/2014 21:39:03]
AdwCleaner[S1].txt - [1052 octets] - [17/02/2014 21:44:43]
AdwCleaner[S2].txt - [1174 octets] - [18/02/2014 00:42:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [3869 octets] ##########


#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 19 February 2014 - 12:10 AM

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • ===================================================

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    ===================================================

    On your next reply please post :
    AdwCleaner log
    JRT log



    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 19 February 2014 - 02:04 AM

# AdwCleaner v3.019 - Report created 18/02/2014 at 23:18:57
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\prefs.js ]
 
Line Deleted : user_pref("CT3298573_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381546734113,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3309758_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381546733827,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={1B4F52BE-B6CB-11E2-A074-60A44C4253FE}&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298573");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "TrustWorthy Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3309758&CUI=UN31573824471834230&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN35927664603016017&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN35927664603016017&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298573");
Line Deleted : user_pref("smartbar.machineId", "AAEMVRYOJFOTBA9EMBQZ8AEH5NZRWYK45/NFJJKUFZLCVNJRWRFJX14H52T/XZXOSHRHJOMU0VKKA2NJ0ZBH2Q");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN35927664603016017&UM=2&SearchSource=13");
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [2515 octets] - [17/02/2014 21:37:20]
AdwCleaner[R1].txt - [992 octets] - [17/02/2014 21:43:31]
AdwCleaner[R2].txt - [1112 octets] - [18/02/2014 00:41:08]
AdwCleaner[R3].txt - [3969 octets] - [18/02/2014 22:23:58]
AdwCleaner[R4].txt - [4029 octets] - [18/02/2014 23:17:12]
AdwCleaner[S0].txt - [2501 octets] - [17/02/2014 21:39:03]
AdwCleaner[S1].txt - [1052 octets] - [17/02/2014 21:44:43]
AdwCleaner[S2].txt - [1174 octets] - [18/02/2014 00:42:15]
AdwCleaner[S3].txt - [3721 octets] - [18/02/2014 23:18:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3781 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by John on 2014/02/19 at  0:57:49.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3714938223-263661296-3424438224-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{19BB4371-476D-431A-9081-7A0F453637FF}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\John\appdata\local\cre"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\7eqsi5jt.default\minidumps [3 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/02/19 at  1:01:39.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 19 February 2014 - 08:28 AM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 19 February 2014 - 11:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by John (administrator) on JOHN-PC on 19-02-2014 10:44:17
Running from C:\Users\John\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Zune\WMZuneComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\load32.exe <===== ATTENTION
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\MountPoints2: {1f95e9aa-6215-11e3-be97-60a44c4253fe} - E:\setup.exe
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" <==== ATTENTION 
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network.cmd ()
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: HKCU - (No Name) - {8480b7b1-a45c-4feb-8653-60f834f7ca4b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\searchplugins\mixidj-v37-customized-web-search.xml
FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-19]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-19]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-19]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-19]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-19]
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\John\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-04-19]
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\John\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-04-19]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\John\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-04-19]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-12] (DT Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-02-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-03-20] (Scarlet.Crush Productions)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-19 10:44 - 2014-02-19 10:44 - 00010831 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-19 10:44 - 2014-02-19 10:44 - 00000000 ____D () C:\FRST
2014-02-19 10:44 - 2014-02-19 10:28 - 02153472 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-02-19 10:28 - 2014-02-19 10:28 - 02153472 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-19 01:01 - 2014-02-19 01:01 - 00001156 _____ () C:\Users\John\Desktop\JRT.txt
2014-02-19 00:57 - 2014-02-19 00:57 - 01037530 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Desktop\AdwCleaner.exe
2014-02-18 19:32 - 2014-02-18 19:32 - 00049358 _____ () C:\Users\John\Downloads\nightmare-fuel.jpeg
2014-02-18 19:02 - 2014-02-18 19:02 - 04102163 _____ () C:\Users\John\Desktop\tdsskiller.zip
2014-02-18 19:02 - 2014-02-10 23:37 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\TDSSKiller.exe
2014-02-18 19:01 - 2014-02-18 19:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-02-18 18:59 - 2014-02-18 18:59 - 00000538 _____ () C:\Users\John\Desktop\MBR.zip
2014-02-18 18:59 - 2014-02-18 18:59 - 00000512 _____ () C:\Users\John\Desktop\MBR.dat
2014-02-18 18:57 - 2014-02-18 18:59 - 00002373 _____ () C:\Users\John\Desktop\aswMBR.txt
2014-02-18 08:13 - 2014-02-18 08:14 - 04745728 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-02-18 00:40 - 2014-02-18 00:40 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-02-18 00:31 - 2014-02-18 00:31 - 00002294 _____ () C:\Users\John\Desktop\Rkill.txt
2014-02-18 00:30 - 2014-02-18 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2014-02-18 00:18 - 2014-02-18 23:19 - 00000168 _____ () C:\Windows\setupact.log
2014-02-18 00:18 - 2014-02-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 00:17 - 2014-02-18 00:17 - 00000790 _____ () C:\Windows\PFRO.log
2014-02-18 00:01 - 2014-02-18 00:01 - 05190136 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-18 00:00 - 2014-02-18 00:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-02-17 23:47 - 2014-02-17 23:47 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_oe_client_antivirus_en.exe
2014-02-17 23:22 - 2014-02-17 23:22 - 00004222 _____ () C:\Users\Administrator\Desktop\attach.rar
2014-02-17 23:19 - 2014-02-17 23:19 - 00014356 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-17 23:19 - 2014-02-17 23:19 - 00010439 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-17 23:17 - 2014-02-17 23:17 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-02-17 22:32 - 2014-02-17 22:32 - 00013722 _____ () C:\ComboFix.txt
2014-02-17 22:18 - 2014-02-17 22:53 - 00101436 _____ () C:\Users\Administrator\Desktop\OTL.Txt
2014-02-17 22:18 - 2014-02-17 22:18 - 00139368 _____ () C:\Users\Administrator\Desktop\Extras.Txt
2014-02-17 22:15 - 2014-02-17 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-02-17 22:10 - 2014-02-17 22:10 - 00185800 _____ (Лаборатория Касперского) C:\Users\Administrator\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 21:52 - 2014-02-17 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2014-02-17 21:52 - 2014-02-17 21:52 - 03053496 ____N (Symantec Corporation) C:\Users\Administrator\Downloads\NPE.exe
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\SMR410
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 21:37 - 2014-02-18 23:19 - 00000000 ____D () C:\AdwCleaner
2014-02-17 21:34 - 2014-02-17 21:34 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2014-02-17 21:34 - 2014-02-17 21:34 - 01241834 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:20 - 2014-02-17 21:21 - 01037530 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-02-17 21:10 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-17 21:10 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-17 21:10 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-17 21:08 - 2014-02-17 22:32 - 00000000 ____D () C:\Qoobox
2014-02-17 21:08 - 2014-02-17 21:17 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 21:07 - 2014-02-17 21:07 - 05183112 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 21:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-17 20:48 - 2014-02-17 20:48 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-17 20:39 - 2014-02-17 20:40 - 17954448 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2014-02-17 00:38 - 2014-02-19 10:31 - 00423151 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 23:01 - 2014-02-16 23:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\Downloads\tdsskiller
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-16 23:00 - 2014-02-16 23:00 - 02218636 _____ () C:\Users\Administrator\Downloads\tdsskiller.zip
2014-02-16 22:58 - 2014-02-16 22:58 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-16 22:58 - 2014-02-16 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 22:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-16 22:50 - 2014-02-16 22:50 - 00001266 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-02-16 22:50 - 2014-02-16 22:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-16 22:49 - 2014-02-16 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2014-02-16 22:39 - 2014-02-16 22:39 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-16 22:02 - 2014-02-18 00:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-16 22:00 - 2014-02-16 22:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-16 21:59 - 2014-02-16 21:59 - 00000000 ____D () C:\RegBackup
2014-02-16 21:19 - 2014-02-18 00:01 - 00002161 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-16 21:18 - 2014-02-16 21:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-02-16 21:16 - 2014-02-16 21:16 - 05074688 _____ () C:\Users\John\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-16 21:16 - 2014-02-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-16 21:06 - 2014-02-16 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-16 20:16 - 2014-02-16 20:16 - 00000622 _____ () C:\Users\John\Downloads\TakeOwnership.zip
2014-02-16 20:16 - 2014-02-16 20:16 - 00000000 ____D () C:\Users\John\Downloads\TakeOwnership
2014-02-16 20:10 - 2014-02-16 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-02-16 20:06 - 2014-02-16 23:05 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 20:06 - 2014-02-16 20:07 - 00000000 ___RD () C:\Users\Administrator\Podcasts
2014-02-16 20:06 - 2014-02-16 20:07 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 20:06 - 2014-02-16 20:06 - 00002257 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator
2014-02-16 20:06 - 2013-01-30 10:21 - 00057560 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 20:06 - 2013-01-30 10:18 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-02-16 20:06 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 20:06 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 19:49 - 2014-02-16 19:49 - 00000765 _____ () C:\Users\Public\Desktop\南国さく乳アイランド ~妊娠させて?!乳搾り~同梱版.lnk
2014-02-16 19:49 - 2014-02-16 19:49 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-02-16 18:45 - 2014-02-16 23:05 - 00000000 ____D () C:\NTKernel
2014-02-16 18:45 - 2014-02-16 18:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-02-16 17:27 - 2014-02-16 17:27 - 00001889 _____ () C:\Users\John\Desktop\犯され勇者~凛々しく世界を救うハズだったボク・・・~ - Shortcut.lnk
2014-02-16 17:25 - 2014-02-16 17:25 - 00000000 ____D () C:\Users\John\Downloads\VH English patch 1.2
2014-02-16 17:22 - 2014-02-16 17:22 - 02779851 _____ () C:\Users\John\Downloads\VH English patch 1.2.zip
2014-02-16 16:06 - 2014-02-16 16:06 - 00003028 _____ () C:\Windows\System32\Tasks\{A7ED7CC2-C8AF-450C-928E-A522828ACB69}
2014-02-16 16:01 - 2014-02-16 16:01 - 00018381 _____ () C:\Users\John\Downloads\[111230] [ディーゼルマイン] 犯され勇者~凛々しく世界を救うハズだったボク…~.torrent
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\John\Downloads\[121026] [エレクトリップ] ManguSta -恥辱風紀委員会-
2014-02-16 10:47 - 2014-02-16 15:07 - 00000000 ____D () C:\Users\John\Documents\野良うさぎ
2014-02-16 10:25 - 2014-02-16 10:25 - 00070689 _____ () C:\Users\John\Downloads\Jack_and_Judy_Geller.jpeg
2014-02-16 01:26 - 2014-02-16 01:26 - 00001088 _____ () C:\Users\John\Desktop\あそび塾.lnk
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Program Files (x86)\Antique
2014-02-15 18:31 - 2014-02-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:55 - 2014-02-15 17:55 - 00000000 ____D () C:\Users\John\dwhelper
2014-02-13 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 01:13 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 01:13 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 01:13 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 01:13 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 01:13 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 01:13 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 01:13 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 01:13 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 01:13 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 01:13 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 01:13 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 01:13 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 01:13 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 01:13 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 01:13 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 21:29 - 2014-02-07 21:29 - 00206390 _____ () C:\Users\John\Downloads\tumblr_m9t6o3yFyZ1qeg2wb.bmp
2014-02-05 23:44 - 2014-02-05 23:44 - 00019369 _____ () C:\Users\John\Downloads\Team Hell No shirt 1.jpeg
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-31 23:46 - 2014-02-01 13:48 - 00000947 _____ () C:\Users\John\Desktop\SYOTAMANE - Shortcut.lnk
2014-01-31 23:46 - 2014-01-31 23:46 - 00000000 ____D () C:\Shotamane
2014-01-30 00:11 - 2014-01-30 00:11 - 00001622 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-01-27 01:00 - 2014-01-27 01:00 - 00000000 ____D () C:\Program Files (x86)\モニスタラッシュ
2014-01-27 00:32 - 2014-01-27 00:32 - 00000000 ____D () C:\Program Files (x86)\softhouse-seal
2014-01-25 22:29 - 2014-01-25 22:29 - 00000000 ____D () C:\Users\John\Documents\暁WORKS
2014-01-25 22:27 - 2014-01-25 22:27 - 00000000 ____D () C:\Program Files (x86)\WORKS
2014-01-23 01:37 - 2014-01-23 01:37 - 01675264 _____ () C:\Users\John\Downloads\mov01 (3).mpg
2014-01-23 01:31 - 2014-01-23 01:31 - 01671168 _____ () C:\Users\John\Downloads\mov04 (1).mpg
2014-01-23 01:30 - 2014-01-23 01:31 - 01660928 _____ () C:\Users\John\Downloads\mov03 (3).mpg
2014-01-23 01:29 - 2014-01-23 01:29 - 01671168 _____ () C:\Users\John\Downloads\mov04.mpg
2014-01-23 01:28 - 2014-01-23 01:28 - 01669120 _____ () C:\Users\John\Downloads\mov03 (2).mpg
2014-01-23 01:23 - 2014-01-23 01:23 - 01671168 _____ () C:\Users\John\Downloads\mov01 (2).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01677312 _____ () C:\Users\John\Downloads\mov03 (1).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01671168 _____ () C:\Users\John\Downloads\mov01 (1).mpg
2014-01-23 00:46 - 2014-01-23 00:46 - 01665024 _____ () C:\Users\John\Downloads\mov01.mpg
2014-01-23 00:43 - 2014-01-23 00:43 - 01662976 _____ () C:\Users\John\Downloads\mov03.mpg
2014-01-22 18:32 - 1994-09-21 01:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\system\WING32.dll
2014-01-21 00:31 - 1994-09-21 01:00 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WING32.dll
 
==================== One Month Modified Files and Folders =======
 
2014-02-19 10:44 - 2014-02-19 10:44 - 00010831 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-19 10:44 - 2014-02-19 10:44 - 00000000 ____D () C:\FRST
2014-02-19 10:31 - 2014-02-17 00:38 - 00423151 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 10:28 - 2014-02-19 10:44 - 02153472 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-02-19 10:28 - 2014-02-19 10:28 - 02153472 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-19 10:26 - 2013-04-29 23:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 10:00 - 2013-04-18 08:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 05:00 - 2013-04-18 08:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 01:01 - 2014-02-19 01:01 - 00001156 _____ () C:\Users\John\Desktop\JRT.txt
2014-02-19 00:57 - 2014-02-19 00:57 - 01037530 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2014-02-18 23:27 - 2009-07-13 22:45 - 00021872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 23:27 - 2009-07-13 22:45 - 00021872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 23:24 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-18 23:19 - 2014-02-18 00:18 - 00000168 _____ () C:\Windows\setupact.log
2014-02-18 23:19 - 2014-02-17 21:37 - 00000000 ____D () C:\AdwCleaner
2014-02-18 23:19 - 2013-04-18 08:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-18 23:19 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Desktop\AdwCleaner.exe
2014-02-18 19:32 - 2014-02-18 19:32 - 00049358 _____ () C:\Users\John\Downloads\nightmare-fuel.jpeg
2014-02-18 19:25 - 2013-04-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-18 19:25 - 2013-04-19 08:07 - 00061176 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 19:02 - 2014-02-18 19:02 - 04102163 _____ () C:\Users\John\Desktop\tdsskiller.zip
2014-02-18 19:02 - 2014-02-18 19:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-02-18 18:59 - 2014-02-18 18:59 - 00000538 _____ () C:\Users\John\Desktop\MBR.zip
2014-02-18 18:59 - 2014-02-18 18:59 - 00000512 _____ () C:\Users\John\Desktop\MBR.dat
2014-02-18 18:59 - 2014-02-18 18:57 - 00002373 _____ () C:\Users\John\Desktop\aswMBR.txt
2014-02-18 08:14 - 2014-02-18 08:13 - 04745728 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
2014-02-18 00:40 - 2014-02-18 00:40 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-02-18 00:31 - 2014-02-18 00:31 - 00002294 _____ () C:\Users\John\Desktop\Rkill.txt
2014-02-18 00:30 - 2014-02-18 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2014-02-18 00:18 - 2014-02-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 00:18 - 2009-07-13 22:45 - 00273672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 00:17 - 2014-02-18 00:17 - 00000790 _____ () C:\Windows\PFRO.log
2014-02-18 00:16 - 2014-02-16 22:02 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-18 00:13 - 2009-07-13 20:34 - 00000439 _____ () C:\Windows\win.ini
2014-02-18 00:01 - 2014-02-18 00:01 - 05190136 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-18 00:01 - 2014-02-16 21:19 - 00002161 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-18 00:00 - 2014-02-18 00:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-02-17 23:47 - 2014-02-17 23:47 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_oe_client_antivirus_en.exe
2014-02-17 23:22 - 2014-02-17 23:22 - 00004222 _____ () C:\Users\Administrator\Desktop\attach.rar
2014-02-17 23:19 - 2014-02-17 23:19 - 00014356 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-17 23:19 - 2014-02-17 23:19 - 00010439 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-17 23:17 - 2014-02-17 23:17 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-02-17 22:53 - 2014-02-17 22:18 - 00101436 _____ () C:\Users\Administrator\Desktop\OTL.Txt
2014-02-17 22:32 - 2014-02-17 22:32 - 00013722 _____ () C:\ComboFix.txt
2014-02-17 22:32 - 2014-02-17 21:08 - 00000000 ____D () C:\Qoobox
2014-02-17 22:31 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-17 22:18 - 2014-02-17 22:18 - 00139368 _____ () C:\Users\Administrator\Desktop\Extras.Txt
2014-02-17 22:15 - 2014-02-17 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-02-17 22:10 - 2014-02-17 22:10 - 00185800 _____ (Лаборатория Касперского) C:\Users\Administrator\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 22:02 - 2014-02-17 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2014-02-17 22:00 - 2013-04-19 08:07 - 00000000 ____D () C:\Users\John
2014-02-17 21:52 - 2014-02-17 21:52 - 03053496 ____N (Symantec Corporation) C:\Users\Administrator\Downloads\NPE.exe
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\SMR410
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 21:34 - 2014-02-17 21:34 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2014-02-17 21:34 - 2014-02-17 21:34 - 01241834 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-02-17 21:22 - 2014-02-15 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 21:21 - 2014-02-17 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:21 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-02-17 21:18 - 2009-07-13 21:20 - 00000000 ___RD () C:\Users\Default
2014-02-17 21:17 - 2014-02-17 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 21:16 - 2009-07-13 20:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_581
2014-02-17 21:07 - 2014-02-17 21:07 - 05183112 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 21:00 - 2014-02-17 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-17 20:48 - 2014-02-17 20:48 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-17 20:40 - 2014-02-17 20:39 - 17954448 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2014-02-16 23:05 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 23:05 - 2014-02-16 18:45 - 00000000 ____D () C:\NTKernel
2014-02-16 23:05 - 2013-04-19 08:07 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 23:01 - 2014-02-16 23:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\Downloads\tdsskiller
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-16 23:00 - 2014-02-16 23:00 - 02218636 _____ () C:\Users\Administrator\Downloads\tdsskiller.zip
2014-02-16 22:58 - 2014-02-16 22:58 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-16 22:58 - 2014-02-16 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 22:51 - 2013-04-29 23:18 - 00000000 ____D () C:\ProgramData\Avira
2014-02-16 22:50 - 2014-02-16 22:50 - 00001266 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-02-16 22:50 - 2014-02-16 22:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-16 22:50 - 2014-02-16 22:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2014-02-16 22:39 - 2014-02-16 22:39 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-16 22:00 - 2014-02-16 22:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-16 21:59 - 2014-02-16 21:59 - 00000000 ____D () C:\RegBackup
2014-02-16 21:18 - 2014-02-16 21:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-02-16 21:16 - 2014-02-16 21:16 - 05074688 _____ () C:\Users\John\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-16 21:16 - 2014-02-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-16 21:06 - 2014-02-16 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-16 20:18 - 2013-11-04 13:23 - 00000000 ____D () C:\Users\John\Downloads\Done
2014-02-16 20:16 - 2014-02-16 20:16 - 00000622 _____ () C:\Users\John\Downloads\TakeOwnership.zip
2014-02-16 20:16 - 2014-02-16 20:16 - 00000000 ____D () C:\Users\John\Downloads\TakeOwnership
2014-02-16 20:10 - 2014-02-16 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-02-16 20:07 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\Podcasts
2014-02-16 20:07 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 20:06 - 2014-02-16 20:06 - 00002257 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator
2014-02-16 20:06 - 2013-05-09 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 19:49 - 2014-02-16 19:49 - 00000765 _____ () C:\Users\Public\Desktop\南国さく乳アイランド ~妊娠させて?!乳搾り~同梱版.lnk
2014-02-16 19:49 - 2014-02-16 19:49 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-02-16 19:48 - 2013-12-28 23:36 - 00000000 ____D () C:\MBSTRUTH
2014-02-16 18:46 - 2013-11-29 18:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-16 18:45 - 2014-02-16 18:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-02-16 18:44 - 2013-05-01 11:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-02-16 17:27 - 2014-02-16 17:27 - 00001889 _____ () C:\Users\John\Desktop\犯され勇者~凛々しく世界を救うハズだったボク・・・~ - Shortcut.lnk
2014-02-16 17:25 - 2014-02-16 17:25 - 00000000 ____D () C:\Users\John\Downloads\VH English patch 1.2
2014-02-16 17:22 - 2014-02-16 17:22 - 02779851 _____ () C:\Users\John\Downloads\VH English patch 1.2.zip
2014-02-16 17:01 - 2013-09-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Completes
2014-02-16 16:06 - 2014-02-16 16:06 - 00003028 _____ () C:\Windows\System32\Tasks\{A7ED7CC2-C8AF-450C-928E-A522828ACB69}
2014-02-16 16:01 - 2014-02-16 16:01 - 00018381 _____ () C:\Users\John\Downloads\[111230] [ディーゼルマイン] 犯され勇者~凛々しく世界を救うハズだったボク…~.torrent
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\John\Downloads\[121026] [エレクトリップ] ManguSta -恥辱風紀委員会-
2014-02-16 15:07 - 2014-02-16 10:47 - 00000000 ____D () C:\Users\John\Documents\野良うさぎ
2014-02-16 14:25 - 2013-05-09 10:53 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-02-16 14:18 - 2013-07-17 23:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-02-16 10:25 - 2014-02-16 10:25 - 00070689 _____ () C:\Users\John\Downloads\Jack_and_Judy_Geller.jpeg
2014-02-16 03:01 - 2013-07-18 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2013-01-30 10:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 01:26 - 2014-02-16 01:26 - 00001088 _____ () C:\Users\John\Desktop\あそび塾.lnk
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Program Files (x86)\Antique
2014-02-15 17:55 - 2014-02-15 17:55 - 00000000 ____D () C:\Users\John\dwhelper
2014-02-14 04:55 - 2013-04-18 08:14 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 04:55 - 2013-04-18 08:14 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 03:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:06 - 2013-05-09 12:36 - 00764302 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-10 23:37 - 2014-02-18 19:02 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\TDSSKiller.exe
2014-02-07 21:29 - 2014-02-07 21:29 - 00206390 _____ () C:\Users\John\Downloads\tumblr_m9t6o3yFyZ1qeg2wb.bmp
2014-02-06 06:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 23:44 - 2014-02-05 23:44 - 00019369 _____ () C:\Users\John\Downloads\Team Hell No shirt 1.jpeg
2014-02-05 10:26 - 2013-04-29 23:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 10:26 - 2013-04-18 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 10:26 - 2013-04-18 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-01 13:48 - 2014-01-31 23:46 - 00000947 _____ () C:\Users\John\Desktop\SYOTAMANE - Shortcut.lnk
2014-01-31 23:46 - 2014-01-31 23:46 - 00000000 ____D () C:\Shotamane
2014-01-30 00:13 - 2013-05-29 21:44 - 00000000 ____D () C:\Users\John\.gimp-2.8
2014-01-30 00:11 - 2014-01-30 00:11 - 00001622 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-01-28 23:49 - 2013-10-28 23:44 - 00000000 ____D () C:\GOG Games
2014-01-27 02:37 - 2013-04-30 23:28 - 00000000 ____D () C:\Users\John\Desktop\Games
2014-01-27 01:00 - 2014-01-27 01:00 - 00000000 ____D () C:\Program Files (x86)\モニスタラッシュ
2014-01-27 00:32 - 2014-01-27 00:32 - 00000000 ____D () C:\Program Files (x86)\softhouse-seal
2014-01-25 22:29 - 2014-01-25 22:29 - 00000000 ____D () C:\Users\John\Documents\暁WORKS
2014-01-25 22:27 - 2014-01-25 22:27 - 00000000 ____D () C:\Program Files (x86)\WORKS
2014-01-23 01:37 - 2014-01-23 01:37 - 01675264 _____ () C:\Users\John\Downloads\mov01 (3).mpg
2014-01-23 01:31 - 2014-01-23 01:31 - 01671168 _____ () C:\Users\John\Downloads\mov04 (1).mpg
2014-01-23 01:31 - 2014-01-23 01:30 - 01660928 _____ () C:\Users\John\Downloads\mov03 (3).mpg
2014-01-23 01:29 - 2014-01-23 01:29 - 01671168 _____ () C:\Users\John\Downloads\mov04.mpg
2014-01-23 01:28 - 2014-01-23 01:28 - 01669120 _____ () C:\Users\John\Downloads\mov03 (2).mpg
2014-01-23 01:23 - 2014-01-23 01:23 - 01671168 _____ () C:\Users\John\Downloads\mov01 (2).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01677312 _____ () C:\Users\John\Downloads\mov03 (1).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01671168 _____ () C:\Users\John\Downloads\mov01 (1).mpg
2014-01-23 00:46 - 2014-01-23 00:46 - 01665024 _____ () C:\Users\John\Downloads\mov01.mpg
2014-01-23 00:43 - 2014-01-23 00:43 - 01662976 _____ () C:\Users\John\Downloads\mov03.mpg
2014-01-22 18:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system
2014-01-21 00:22 - 2013-10-28 23:42 - 00000000 ____D () C:\Users\John\AppData\Local\GOG.com
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\John\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 01:51
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by John at 2014-02-19 10:44:38
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (x32 Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
AlterEgo (x32 Version:  - )
Anachronox (x32 Version: 2.0.0.28 - GOG.com)
Angry Video Game Nerd Adventures (x32 Version:  - FreakZone Games)
Anvil of Dawn (x32 Version: 2.0.0.4 - GOG.com)
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
ArcaniA – Gothic 4 (x32 Version:  - Spellbound Studios)
Arcania: Fall of Setarrif (x32 Version:  - Spellbound Studios)
Arcanum Of Steamworks and Magick Obscura (x32 Version: 2.0.0.15 - GOG.com)
Assassin's Creed (x32 Version:  - Ubisoft)
Assassin's Creed II (x32 Version:  - Ubisoft Montreal)
Aztaka (x32 Version:  - Citeremis Inc.)
Baldur's Gate II: Enhanced Edition (x32 Version:  - Beamdog)
Baldur's Gate: Enhanced Edition (x32 Version:  - Overhaul Games)
Bastion (x32 Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (x32 Version:  - Rocksteady Studios)
Beyond Divinity (x32 Version: 2.0.0.9 - GOG.com)
BIT.TRIP BEAT (x32 Version:  - Gaijin Games)
BIT.TRIP RUNNER (x32 Version:  - Gaijin Games)
Blood II: The Chosen (x32 Version:  - GOG.com)
Braid (x32 Version:  - Number None)
Call of Cthulhu: Dark Corners of the Earth (x32 Version:  - Headfirst Productions)
CCleaner (Version: 4.07 - Piriform)
CDisplay 1.8 (x32 Version:  - dvd8n)
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (x32 Version:  - FromSoftware)
Darksiders (x32 Version:  - Vigil Games)
Darksiders II (x32 Version:  - Vigil Games)
DarksidersInstaller (x32 Version: 1.00.1000 - THQ)
Dead Space (x32 Version:  - EA Redwood Shores)
Dead Space 2 (x32 Version:  - Electronic Arts)
Deus Ex: Human Revolution (x32 Version:  - Eidos Montreal)
Divine Divinity (x32 Version: 2.0.0.21 - GOG.com)
Divinity 2 Developer's Cut (x32 Version: 2.0.0.11 - GOG.com)
Duke Nukem 3D (x32 Version: 2.0.0.84 - GOG.com)
Duke3D (Version:  - )
Dungeons of Dredmor (x32 Version:  - )
E.Y.E: Divine Cybermancy (x32 Version:  - Streum On Studio)
Entomorph (x32 Version: 2.0.0.7 - GOG.com)
Fallout (x32 Version: 2.0.0.14 - GOG.com)
Fallout 2 (x32 Version: 2.0.0.12 - GOG.com)
Fallout Tactics (x32 Version: 2.0.0.8 - GOG.com)
Fallout: New Vegas (x32 Version:  - Obsidian Entertainment)
Forge (x32 Version:  - Dark Vale Games)
GIMP 2.8.4 (Version: 2.8.4 - The GIMP Team)
GOG.com Downloader version 3.6.0 (x32 Version: 3.6.0 - GOG.com)
GOG.com Entomorph (Version:  - )
GOG.com Planescape Torment (Version:  - )
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Gothic (x32 Version:  - Piranha – Bytes )
Gothic 3 (x32 Version:  - Piranha – Bytes )
Gothic 3 Forsaken Gods Enhanced Edition (x32 Version:  - Trine Studios)
Gothic II: Gold Edition (x32 Version:  - Piranha – Bytes)
Grand Theft Auto III (x32 Version:  - Rockstar Games)
Grand Theft Auto IV (x32 Version:  - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (x32 Version:  - Rockstar North / Toronto)
Grand Theft Auto: San Andreas (x32 Version:  - Rockstar Games)
Grand Theft Auto: Vice City (x32 Version:  - Rockstar Games)
Heretic: Shadow of the Serpent Riders (x32 Version:  - Raven Software)
HeXen II (x32 Version:  - Raven Software)
HeXen: Beyond Heretic (x32 Version:  - Raven Software)
HeXen: Deathkings of the Dark Citadel (x32 Version:  - Raven Software)
I Have No Mouth, and I Must Scream (x32 Version:  - )
Icewind Dale Complete (x32 Version: 2.0.0.11 - GOG.com)
Icewind Dale II (x32 Version: 2.0.0.11 - GOG.com)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
La-Mulana (x32 Version:  - )
Legend of Grimrock (x32 Version:  - )
Leisure Suit Larry - Magna Cum Laude (x32 Version: 1.00.0001 - )
Leisure Suit Larry 7 - Love for Sail! (x32 Version: 2.0.0.11 - GOG.com)
Leisure Suit Larry- Magna Cum Laude (x32 Version: 2.0.0.3 - GOG.com)
Magic Online (x32 Version: 3.00.0000 - Wizards of the Coast)
Magic Set Editor 2.0.0 (x32 Version:  - )
Magic The Gathering Online  (HKCU Version: 3.4.75.315 - Wizards of the Coast)
Magrunner: Dark Pulse (x32 Version:  - Frogwares)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mass Effect (x32 Version:  - BioWare)
Mass Effect 2 (x32 Version:  - BioWare)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic X - Legacy  (x32 Version:  - Ubisoft)
Might and Magic IX (x32 Version:  - GOG.com)
Might and Magic VI Limited Edition (x32 Version: 2.0.0.41 - GOG.com)
Might and Magic VII - For Blood and Honor (x32 Version: 2.0.0.15 - GOG.com)
Might and Magic VIII - Day of the Destroyer (x32 Version: 2.0.0.13 - GOG.com)
mIRC (x32 Version: 7.32 - mIRC Co. Ltd.)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.0 - Mozilla)
MPC-HC 1.7.1 (x32 Version: 1.7.1.0 - MPC-HC Team)
Neverwinter Nights Diamond Edition (x32 Version: 2.0.0.15 - GOG.com)
Nexus Mod Manager (Version: 0.44.11 - Black Tree Gaming)
Nox (x32 Version: 2.0.0.20 - GOG.com)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA Control Panel 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.22 (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
One Unit Whole Blood (x32 Version: 2.0.0.21 - GOG.com)
OpenAL (x32 Version:  - )
Phantasmagoria 2 - A Puzzle of Flesh (x32 Version: 2.0.0.16 - GOG.com)
Planescape Torment (x32 Version: 2.0.0.8 - GOG.com)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Psychonauts (x32 Version:  - Double Fine Productions)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 7.61.612.2012 - Realtek)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Roberta Williams' Phantasmagoria (x32 Version: 2.0.0.14 - GOG.com)
Rochard (x32 Version:  - Recoil Games)
Rock of Ages (x32 Version:  - ACE Team)
Rogue Legacy (x32 Version:  - Cellar Door Games)
RPG Maker VX Ace (x32 Version:  - Enterbrain)
RPG MAKER VX Ace RTP (x32 Version: 1.00 - Enterbrain)
RPGツクールVX RTP (x32 Version: 1.02 - Enterbrain)
S.T.A.L.K.E.R.: Call of Pripyat (x32 Version:  - GSC Game World)
S.T.A.L.K.E.R.: Clear Sky (x32 Version:  - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (x32 Version:  - GSC Game World)
Saints Row: The Third (x32 Version:  - Volition)
SayYah!2003 (x32 Version:  - )
Septerra Core (x32 Version:  - )
Serious Sam 2 (x32 Version:  - )
Serious Sam 3: BFE (x32 Version:  - Croteam)
Serious Sam Classic: The First Encounter (x32 Version:  - )
Serious Sam Classic: The Second Encounter (x32 Version:  - )
Serious Sam Double D (x32 Version:  - Mommy's Best Games)
Serious Sam HD: The First Encounter (x32 Version:  - Croteam)
Serious Sam HD: The Second Encounter (x32 Version:  - Croteam)
Serious Sam: The Random Encounter (x32 Version:  - )
Shadow Warrior Complete (x32 Version: 2.0.0.7 - GOG.com)
Silver (Version:  - )
Silver (x32 Version:  - GOG.com)
Star Control 1 and 2 (x32 Version: 2.0.0.12 - GOG.com)
Star Wars - Jedi Knight II: Jedi Outcast (x32 Version:  - Raven Software)
Star Wars - Jedi Knight: Mysteries of the Sith (x32 Version:  - LucasArts)
Star Wars Jedi Knight: Dark Forces II (x32 Version:  - LucasArts)
Star Wars Jedi Knight: Jedi Academy (x32 Version:  - Raven Software)
Star Wars: Dark Forces (x32 Version:  - LucasArts)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Stonekeep (x32 Version: 2.0.0.10 - GOG.com)
Super Meat Boy (x32 Version:  - Team Meat)
SUPERAntiSpyware (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (x32 Version: 1.0.5.0 - Husdawg, LLC)
System Shock 2 (x32 Version:  - )
Temple of Elemental Evil (x32 Version: 2.0.0.13 - GOG.com)
The 11th Hour (x32 Version:  - )
The 7th Guest (x32 Version:  - )
The Binding of Isaac (x32 Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.7a (x32 Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (x32 Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (x32 Version:  - CD Projekt RED)
Theガッツ5 (x32 Version:  - )
Titan Quest (x32 Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (x32 Version:  - Iron Lore Entertainment)
Trine 2 (x32 Version:  - Frozenbyte)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.4.0 - Tweaking.com)
Two Worlds II (x32 Version:  - Reality Pump Studios)
Two Worlds: Epic Edition (x32 Version:  - Reality Pump Studios)
Ultima 4 - Quest of the Avatar (x32 Version: 2.0.0.19 - GOG.com)
Unreal Gold (x32 Version:  - Epic Games)
Unreal II: The Awakening (x32 Version:  - Epic Games)
Unreal Tournament 2004 (x32 Version:  - Epic Games)
Unreal Tournament 3: Black Edition (x32 Version:  - Epic Games)
Unreal Tournament: Game of the Year Edition (x32 Version:  - Epic Games)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
VIA Platform Device Manager (x32 Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.7 (x32 Version: 2.0.7 - VideoLAN)
Volgarr the Viking (x32 Version:  - Crazy Viking Studios)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (x32 Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (x32 Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (x32 Version:  - Relic)
WazHack (x32 Version:  - Waz)
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
World of Aden -  Thunderscape (x32 Version: 2.0.0.3 - GOG.com)
Xuse 永遠神剣 サードデスティネーション  (Remove Only) (x32 Version:  - )
Xuse 聖なるかな Special Edition  (Remove Only) (x32 Version:  - )
Ys I (x32 Version:  - )
Ys II (x32 Version:  - )
Ys Origin (x32 Version:  - Nihon Falcom)
Ys: The Oath in Felghana (x32 Version:  - Nihon Falcom)
Yumina the Ethereal (x32 Version: English 1.0 - JAST Densetsu)
Zune (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
エターナル キングダム ~滅びの魔女と伝説の剣~ (x32 Version: 1.00.0000 - Studio e.go!)
オーク・キングダム~モン娘繁殖の豚人王~ (x32 Version:  - )
お願い!委員長!! (x32 Version:  - )
クトゥルフ姦話 1.00 (x32 Version:  - )
ザ・ガッツ!MM (x32 Version:  - )
ボクのヒミツたいけん (x32 Version:  - )
ママ!つま? (x32 Version:  - )
ママクラブ (x32 Version:  - )
ママクラブ参観 (x32 Version:  - )
ママしぼり (x32 Version:  - )
ママしぼりの事情 (x32 Version:  - )
めばえ (x32 Version: 1.00.0000 - たぬきそふと)
もうすぐ夏休み! (x32 Version:  - )
遠望のフェルシス (x32 Version: 1.0 - ナインテイル)
神採りアルケミーマイスター (x32 Version: 1.00.0006 - Eushully) Hidden
神採りアルケミーマイスター (x32 Version: 2.00.0019 - Eushully)
神採りアルケミーマイスター Append01 (x32 Version: 1.00.0004 - Eushully)
神採りアルケミーマイスター Append01 (x32 Version: 1.00.0004 - Eushully) Hidden
神採りアルケミーマイスター Append02 (x32 Version: 1.00.0003 - Eushully)
神採りアルケミーマイスター Append02 (x32 Version: 1.00.0003 - Eushully) Hidden
神採りアルケミーマイスター Ver2.00 Update (x32 Version: 2.00.0019 - Eushully)
神採りアルケミーマイスター Ver2.00 Update (x32 Version: 2.00.0019 - Eushully) Hidden
瑞本つかさ先生の【エッチ】を覚える大人の性教育レッスン!! (x32 Version:  - )
世界に男は自分だけ (x32 Version:  - )
戦女神VERITA (x32 Version: 1.00.0005 - Eushully) Hidden
戦女神VERITA (x32 Version: 2.00.0025 - Eushully)
戦女神VERITA Ver2.00 Update (x32 Version: 2.00.0025 - Eushully)
戦女神VERITA Ver2.00 Update (x32 Version: 2.00.0025 - Eushully) Hidden
南国さく乳アイランド ~妊娠させて?!乳搾り~同梱版 (x32 Version:  - )
百機夜行 (x32 Version:  - )
恋するサイエンス (x32 Version:  - )
 
==================== Restore Points  =========================
 
18-02-2014 06:04:54 Tweaking.com - Windows Repair
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2014-02-18 00:13 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {138FEA59-8383-4660-BC63-4CEC6E6D5B99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {43711D0D-C70B-41A4-8500-F45F28C46848} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {ADDAF2FC-D780-4DB4-853B-AC7E95C4ACAA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {C90C7F8F-0CED-44BC-9218-65AC6FBC6245} - System32\Tasks\{07FC152E-39D9-4118-988B-32088A30AB54} => C:\Program Files (x86)\Completes\MHTAIKEN\XEX.EXE
Task: {E160E857-B661-4AE0-92A4-D24298754B6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-30 15:07 - 2013-03-14 22:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-13 03:27 - 2014-02-13 03:27 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2013-04-18 08:12 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-04-18 08:12 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-02-04 14:55 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-04 14:55 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-04 14:55 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 14:55 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 14:55 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-17 21:16:37.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-17 21:16:37.854
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 23%
Total physical RAM: 8140.07 MB
Available physical RAM: 6194.75 MB
Total Pagefile: 16278.32 MB
Available Pagefile: 14057.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:931.29 GB) (Free:253.58 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01B801B7)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================


#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 PM

Posted 22 February 2014 - 09:45 PM

Hi,

I apologize for the late reply. I overlooked at your thread. :oopsign:

Sorry to make you wait for so long.

Download attached fixlist.txt file and save it to the Desktop.

Attached File  fixlist.txt   420bytes   4 downloads

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

I will also need you to generate a fresh FRST log for me.

===================================================

On your next reply please post :
FRST fix log
Fresh FRST log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 haldidntdoit

haldidntdoit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 22 February 2014 - 10:48 PM

No worries about the delay! I'm just thankful for the help!
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2014 01
Ran by John at 2014-02-22 21:44:02 Run:1
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\CurrentVersion\Windows: [Load] C:\ProgramData\load32.exe <===== ATTENTION
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\MountPoints2: {1f95e9aa-6215-11e3-be97-60a44c4253fe} - E:\setup.exe
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" <==== ATTENTION 
C:\ProgramData\load32.exe
end
*****************
 
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f95e9aa-6215-11e3-be97-60a44c4253fe} => Key not found.
HKCR\CLSID\{1f95e9aa-6215-11e3-be97-60a44c4253fe} => Key not found.
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Unable to delete value
"C:\ProgramData\load32.exe" => File/Directory not found.
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by John (administrator) on JOHN-PC on 22-02-2014 21:45:23
Running from C:\Users\John\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Zune\WMZuneComm.exe
(Microsoft Corporation) C:\Program Files\Zune\Zune.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3714938223-263661296-3424438224-1002\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" <==== ATTENTION 
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network.cmd ()
 
==================== Internet (Whitelisted) ====================
 
URLSearchHook: HKCU - (No Name) - {8480b7b1-a45c-4feb-8653-60f834f7ca4b} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Tensons.Application.DownloadAcceleratorManager.BHO - {00000003-1118-11da-8cd6-0800200c9888} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\searchplugins\mixidj-v37-customized-web-search.xml
FF Extension: DownloadHelper - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\7eqsi5jt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-19]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-19]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-19]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-19]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-19]
CHR HKCU\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\John\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-04-19]
CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\John\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-04-19]
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\John\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-04-19]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-12] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-12] (DT Soft Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2014-02-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-03-20] (Scarlet.Crush Productions)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-22 21:45 - 2014-02-22 21:45 - 00010707 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\John\Desktop\FRST-OlderVersion
2014-02-19 17:56 - 2014-02-19 17:56 - 00012574 _____ () C:\Users\John\Downloads\120922-04-G.torrent
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-02-19 17:28 - 2014-02-19 17:29 - 00007841 _____ () C:\Users\John\Desktop\Hyakki Menu.txt
2014-02-19 17:26 - 2014-02-19 17:32 - 99769078 _____ () C:\Users\John\Downloads\HG121221-107503.rar
2014-02-19 10:44 - 2014-02-22 21:45 - 00000000 ____D () C:\FRST
2014-02-19 10:44 - 2014-02-22 21:43 - 02154496 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-02-19 10:28 - 2014-02-19 10:28 - 02153472 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-02-18 19:32 - 2014-02-18 19:32 - 00049358 _____ () C:\Users\John\Downloads\nightmare-fuel.jpeg
2014-02-18 19:01 - 2014-02-18 19:02 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-02-18 00:40 - 2014-02-18 00:40 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-02-18 00:30 - 2014-02-18 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2014-02-18 00:18 - 2014-02-18 23:19 - 00000168 _____ () C:\Windows\setupact.log
2014-02-18 00:18 - 2014-02-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 00:17 - 2014-02-18 00:17 - 00000790 _____ () C:\Windows\PFRO.log
2014-02-18 00:01 - 2014-02-18 00:01 - 05190136 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-18 00:00 - 2014-02-18 00:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-02-17 23:47 - 2014-02-17 23:47 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_oe_client_antivirus_en.exe
2014-02-17 23:22 - 2014-02-17 23:22 - 00004222 _____ () C:\Users\Administrator\Desktop\attach.rar
2014-02-17 23:19 - 2014-02-17 23:19 - 00014356 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-17 23:19 - 2014-02-17 23:19 - 00010439 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-17 23:17 - 2014-02-17 23:17 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-02-17 22:32 - 2014-02-17 22:32 - 00013722 _____ () C:\ComboFix.txt
2014-02-17 22:18 - 2014-02-17 22:53 - 00101436 _____ () C:\Users\Administrator\Desktop\OTL.Txt
2014-02-17 22:18 - 2014-02-17 22:18 - 00139368 _____ () C:\Users\Administrator\Desktop\Extras.Txt
2014-02-17 22:15 - 2014-02-17 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-02-17 22:10 - 2014-02-17 22:10 - 00185800 _____ (Лаборатория Касперского) C:\Users\Administrator\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 21:52 - 2014-02-17 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2014-02-17 21:52 - 2014-02-17 21:52 - 03053496 ____N (Symantec Corporation) C:\Users\Administrator\Downloads\NPE.exe
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\SMR410
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 21:37 - 2014-02-18 23:19 - 00000000 ____D () C:\AdwCleaner
2014-02-17 21:34 - 2014-02-17 21:34 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2014-02-17 21:34 - 2014-02-17 21:34 - 01241834 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-02-17 21:21 - 2014-02-17 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:20 - 2014-02-17 21:21 - 01037530 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-02-17 21:10 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-17 21:10 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-17 21:10 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-17 21:10 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-17 21:08 - 2014-02-17 22:32 - 00000000 ____D () C:\Qoobox
2014-02-17 21:08 - 2014-02-17 21:17 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 21:07 - 2014-02-17 21:07 - 05183112 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 21:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-17 20:48 - 2014-02-17 20:48 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-17 20:39 - 2014-02-17 20:40 - 17954448 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2014-02-17 00:38 - 2014-02-22 18:42 - 00599724 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 23:01 - 2014-02-16 23:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\Downloads\tdsskiller
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-16 23:00 - 2014-02-16 23:00 - 02218636 _____ () C:\Users\Administrator\Downloads\tdsskiller.zip
2014-02-16 22:58 - 2014-02-16 22:58 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-16 22:58 - 2014-02-16 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 22:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-16 22:50 - 2014-02-16 22:50 - 00001266 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-02-16 22:50 - 2014-02-16 22:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-16 22:49 - 2014-02-16 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2014-02-16 22:39 - 2014-02-16 22:39 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-16 22:02 - 2014-02-18 00:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-16 22:00 - 2014-02-16 22:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-16 21:59 - 2014-02-16 21:59 - 00000000 ____D () C:\RegBackup
2014-02-16 21:19 - 2014-02-18 00:01 - 00002161 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-16 21:18 - 2014-02-16 21:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-02-16 21:16 - 2014-02-16 21:16 - 05074688 _____ () C:\Users\John\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-16 21:16 - 2014-02-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-16 21:06 - 2014-02-16 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-16 20:16 - 2014-02-16 20:16 - 00000622 _____ () C:\Users\John\Downloads\TakeOwnership.zip
2014-02-16 20:16 - 2014-02-16 20:16 - 00000000 ____D () C:\Users\John\Downloads\TakeOwnership
2014-02-16 20:10 - 2014-02-16 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-02-16 20:06 - 2014-02-16 23:05 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 20:06 - 2014-02-16 20:07 - 00000000 ___RD () C:\Users\Administrator\Podcasts
2014-02-16 20:06 - 2014-02-16 20:07 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 20:06 - 2014-02-16 20:06 - 00002257 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator
2014-02-16 20:06 - 2013-01-30 10:21 - 00057560 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-16 20:06 - 2013-01-30 10:18 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-02-16 20:06 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-16 20:06 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-16 19:49 - 2014-02-16 19:49 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-02-16 18:45 - 2014-02-16 23:05 - 00000000 ____D () C:\NTKernel
2014-02-16 18:45 - 2014-02-16 18:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-02-16 17:25 - 2014-02-16 17:25 - 00000000 ____D () C:\Users\John\Downloads\VH English patch 1.2
2014-02-16 17:22 - 2014-02-16 17:22 - 02779851 _____ () C:\Users\John\Downloads\VH English patch 1.2.zip
2014-02-16 16:06 - 2014-02-16 16:06 - 00003028 _____ () C:\Windows\System32\Tasks\{A7ED7CC2-C8AF-450C-928E-A522828ACB69}
2014-02-16 16:01 - 2014-02-16 16:01 - 00018381 _____ () C:\Users\John\Downloads\[111230] [ディーゼルマイン] 犯され勇者~凛々しく世界を救うハズだったボク…~.torrent
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\John\Downloads\[121026] [エレクトリップ] ManguSta -恥辱風紀委員会-
2014-02-16 10:47 - 2014-02-16 15:07 - 00000000 ____D () C:\Users\John\Documents\野良うさぎ
2014-02-16 10:25 - 2014-02-16 10:25 - 00070689 _____ () C:\Users\John\Downloads\Jack_and_Judy_Geller.jpeg
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Program Files (x86)\Antique
2014-02-15 18:31 - 2014-02-17 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:55 - 2014-02-15 17:55 - 00000000 ____D () C:\Users\John\dwhelper
2014-02-13 03:01 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 03:00 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:00 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 03:00 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:00 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 03:00 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 03:00 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 03:00 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 03:00 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 03:00 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 03:00 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 03:00 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 03:00 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:00 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 03:00 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 03:00 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 03:00 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 03:00 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 03:00 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 03:00 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 03:00 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 03:00 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:00 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:00 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 03:00 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 03:00 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 03:00 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 03:00 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 03:00 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 03:00 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 01:13 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 01:13 - 2013-12-31 17:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 01:13 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 01:13 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 01:13 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 01:13 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 01:13 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 01:13 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 01:13 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 01:13 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 01:13 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 01:13 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 01:13 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 01:13 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 01:13 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 01:13 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 01:13 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 01:13 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 01:13 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-07 21:29 - 2014-02-07 21:29 - 00206390 _____ () C:\Users\John\Downloads\tumblr_m9t6o3yFyZ1qeg2wb.bmp
2014-02-05 23:44 - 2014-02-05 23:44 - 00019369 _____ () C:\Users\John\Downloads\Team Hell No shirt 1.jpeg
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\InstallMate
2014-01-31 23:46 - 2014-02-01 13:48 - 00000947 _____ () C:\Users\John\Desktop\SYOTAMANE - Shortcut.lnk
2014-01-31 23:46 - 2014-01-31 23:46 - 00000000 ____D () C:\Shotamane
2014-01-30 00:11 - 2014-01-30 00:11 - 00001622 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-01-27 01:00 - 2014-01-27 01:00 - 00000000 ____D () C:\Program Files (x86)\モニスタラッシュ
2014-01-27 00:32 - 2014-01-27 00:32 - 00000000 ____D () C:\Program Files (x86)\softhouse-seal
2014-01-25 22:29 - 2014-01-25 22:29 - 00000000 ____D () C:\Users\John\Documents\暁WORKS
2014-01-25 22:27 - 2014-01-25 22:27 - 00000000 ____D () C:\Program Files (x86)\WORKS
2014-01-23 01:37 - 2014-01-23 01:37 - 01675264 _____ () C:\Users\John\Downloads\mov01 (3).mpg
2014-01-23 01:31 - 2014-01-23 01:31 - 01671168 _____ () C:\Users\John\Downloads\mov04 (1).mpg
2014-01-23 01:30 - 2014-01-23 01:31 - 01660928 _____ () C:\Users\John\Downloads\mov03 (3).mpg
2014-01-23 01:29 - 2014-01-23 01:29 - 01671168 _____ () C:\Users\John\Downloads\mov04.mpg
2014-01-23 01:28 - 2014-01-23 01:28 - 01669120 _____ () C:\Users\John\Downloads\mov03 (2).mpg
2014-01-23 01:23 - 2014-01-23 01:23 - 01671168 _____ () C:\Users\John\Downloads\mov01 (2).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01677312 _____ () C:\Users\John\Downloads\mov03 (1).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01671168 _____ () C:\Users\John\Downloads\mov01 (1).mpg
2014-01-23 00:46 - 2014-01-23 00:46 - 01665024 _____ () C:\Users\John\Downloads\mov01.mpg
2014-01-23 00:43 - 2014-01-23 00:43 - 01662976 _____ () C:\Users\John\Downloads\mov03.mpg
 
==================== One Month Modified Files and Folders =======
 
2014-02-22 21:45 - 2014-02-22 21:45 - 00010707 _____ () C:\Users\John\Desktop\FRST.txt
2014-02-22 21:45 - 2014-02-19 10:44 - 00000000 ____D () C:\FRST
2014-02-22 21:43 - 2014-02-22 21:43 - 00000000 ____D () C:\Users\John\Desktop\FRST-OlderVersion
2014-02-22 21:43 - 2014-02-19 10:44 - 02154496 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-02-22 21:30 - 2014-02-17 00:38 - 00599724 _____ () C:\Windows\WindowsUpdate.log
2014-02-22 21:26 - 2013-04-29 23:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 21:00 - 2013-04-18 08:14 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 05:00 - 2013-04-18 08:14 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 03:26 - 2013-04-29 23:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 03:26 - 2013-04-18 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 03:26 - 2013-04-18 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 22:37 - 2013-11-04 13:23 - 00000000 ____D () C:\Users\John\Downloads\Done
2014-02-19 18:25 - 2013-05-01 11:10 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-02-19 17:56 - 2014-02-19 17:56 - 00012574 _____ () C:\Users\John\Downloads\120922-04-G.torrent
2014-02-19 17:33 - 2014-02-19 17:33 - 00000000 ____D () C:\Users\John\AppData\Local\CrashDumps
2014-02-19 17:32 - 2014-02-19 17:26 - 99769078 _____ () C:\Users\John\Downloads\HG121221-107503.rar
2014-02-19 17:29 - 2014-02-19 17:28 - 00007841 _____ () C:\Users\John\Desktop\Hyakki Menu.txt
2014-02-19 10:28 - 2014-02-19 10:28 - 02153472 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-02-18 23:27 - 2009-07-13 22:45 - 00021872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-18 23:27 - 2009-07-13 22:45 - 00021872 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-18 23:24 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-18 23:19 - 2014-02-18 00:18 - 00000168 _____ () C:\Windows\setupact.log
2014-02-18 23:19 - 2014-02-17 21:37 - 00000000 ____D () C:\AdwCleaner
2014-02-18 23:19 - 2013-04-18 08:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-18 23:19 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-18 22:23 - 2014-02-18 22:23 - 01241834 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-02-18 19:32 - 2014-02-18 19:32 - 00049358 _____ () C:\Users\John\Downloads\nightmare-fuel.jpeg
2014-02-18 19:25 - 2013-04-29 21:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-18 19:25 - 2013-04-19 08:07 - 00061176 _____ () C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 19:02 - 2014-02-18 19:01 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-02-18 00:40 - 2014-02-18 00:40 - 00000641 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-02-18 00:30 - 2014-02-18 00:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2014-02-18 00:18 - 2014-02-18 00:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-18 00:18 - 2009-07-13 22:45 - 00273672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-18 00:17 - 2014-02-18 00:17 - 00000790 _____ () C:\Windows\PFRO.log
2014-02-18 00:16 - 2014-02-16 22:02 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-18 00:13 - 2009-07-13 20:34 - 00000439 _____ () C:\Windows\win.ini
2014-02-18 00:01 - 2014-02-18 00:01 - 05190136 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-18 00:01 - 2014-02-16 21:19 - 00002161 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-02-18 00:00 - 2014-02-18 00:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-02-17 23:47 - 2014-02-17 23:47 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\Administrator\Downloads\avira_oe_client_antivirus_en.exe
2014-02-17 23:22 - 2014-02-17 23:22 - 00004222 _____ () C:\Users\Administrator\Desktop\attach.rar
2014-02-17 23:19 - 2014-02-17 23:19 - 00014356 _____ () C:\Users\Administrator\Desktop\dds.txt
2014-02-17 23:19 - 2014-02-17 23:19 - 00010439 _____ () C:\Users\Administrator\Desktop\attach.txt
2014-02-17 23:17 - 2014-02-17 23:17 - 00688992 ____R (Swearware) C:\Users\Administrator\Desktop\dds.com
2014-02-17 22:53 - 2014-02-17 22:18 - 00101436 _____ () C:\Users\Administrator\Desktop\OTL.Txt
2014-02-17 22:32 - 2014-02-17 22:32 - 00013722 _____ () C:\ComboFix.txt
2014-02-17 22:32 - 2014-02-17 21:08 - 00000000 ____D () C:\Qoobox
2014-02-17 22:31 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-17 22:18 - 2014-02-17 22:18 - 00139368 _____ () C:\Users\Administrator\Desktop\Extras.Txt
2014-02-17 22:15 - 2014-02-17 22:15 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Desktop\OTL.exe
2014-02-17 22:10 - 2014-02-17 22:10 - 00185800 _____ (Лаборатория Касперского) C:\Users\Administrator\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-02-17 22:02 - 2014-02-17 21:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2014-02-17 22:00 - 2013-04-19 08:07 - 00000000 ____D () C:\Users\John
2014-02-17 21:52 - 2014-02-17 21:52 - 03053496 ____N (Symantec Corporation) C:\Users\Administrator\Downloads\NPE.exe
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\SMR410
2014-02-17 21:52 - 2014-02-17 21:52 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 21:34 - 2014-02-17 21:34 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2014-02-17 21:34 - 2014-02-17 21:34 - 01241834 _____ () C:\Users\Administrator\Desktop\AdwCleaner.exe
2014-02-17 21:22 - 2014-02-15 18:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 21:21 - 2014-02-17 21:21 - 00000000 ____D () C:\Windows\ERUNT
2014-02-17 21:21 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2014-02-17 21:20 - 2014-02-17 21:20 - 01037530 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-02-17 21:18 - 2009-07-13 21:20 - 00000000 ___RD () C:\Users\Default
2014-02-17 21:17 - 2014-02-17 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-17 21:16 - 2009-07-13 20:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_581
2014-02-17 21:07 - 2014-02-17 21:07 - 05183112 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2014-02-17 21:00 - 2014-02-17 21:00 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 21:00 - 2014-02-17 20:48 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-17 20:48 - 2014-02-17 20:48 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
2014-02-17 20:48 - 2014-02-17 20:48 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-17 20:40 - 2014-02-17 20:39 - 17954448 _____ (SUPERAntiSpyware) C:\Users\John\Downloads\SUPERAntiSpyware.exe
2014-02-16 23:05 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 23:05 - 2014-02-16 18:45 - 00000000 ____D () C:\NTKernel
2014-02-16 23:05 - 2013-04-19 08:07 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 23:01 - 2014-02-16 23:01 - 00036680 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\Downloads\tdsskiller
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2014-02-16 23:01 - 2014-02-16 23:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-02-16 23:00 - 2014-02-16 23:00 - 02218636 _____ () C:\Users\Administrator\Downloads\tdsskiller.zip
2014-02-16 22:58 - 2014-02-16 22:58 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-16 22:58 - 2014-02-16 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 22:51 - 2013-04-29 23:18 - 00000000 ____D () C:\ProgramData\Avira
2014-02-16 22:50 - 2014-02-16 22:50 - 00001266 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-02-16 22:50 - 2014-02-16 22:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-16 22:50 - 2014-02-16 22:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2014-02-16 22:39 - 2014-02-16 22:39 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Administrator\Downloads\mbam-clean-1.60.2.0003.exe
2014-02-16 22:00 - 2014-02-16 22:00 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JOHN-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-02-16 21:59 - 2014-02-16 21:59 - 00000000 ____D () C:\RegBackup
2014-02-16 21:18 - 2014-02-16 21:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Winamp
2014-02-16 21:16 - 2014-02-16 21:16 - 05074688 _____ () C:\Users\John\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-02-16 21:16 - 2014-02-16 21:16 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-02-16 21:06 - 2014-02-16 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-02-16 20:16 - 2014-02-16 20:16 - 00000622 _____ () C:\Users\John\Downloads\TakeOwnership.zip
2014-02-16 20:16 - 2014-02-16 20:16 - 00000000 ____D () C:\Users\John\Downloads\TakeOwnership
2014-02-16 20:10 - 2014-02-16 20:10 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\uTorrent
2014-02-16 20:07 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\Podcasts
2014-02-16 20:07 - 2014-02-16 20:06 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-16 20:06 - 2014-02-16 20:06 - 00002257 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00001415 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-02-16 20:06 - 2014-02-16 20:06 - 00000000 ____D () C:\Users\Administrator
2014-02-16 20:06 - 2013-05-09 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 19:49 - 2014-02-16 19:49 - 00000063 _____ () C:\Update.Microsoft.com.url
2014-02-16 19:48 - 2013-12-28 23:36 - 00000000 ____D () C:\MBSTRUTH
2014-02-16 18:46 - 2013-11-29 18:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-16 18:45 - 2014-02-16 18:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\Winamp
2014-02-16 17:25 - 2014-02-16 17:25 - 00000000 ____D () C:\Users\John\Downloads\VH English patch 1.2
2014-02-16 17:22 - 2014-02-16 17:22 - 02779851 _____ () C:\Users\John\Downloads\VH English patch 1.2.zip
2014-02-16 17:01 - 2013-09-18 01:40 - 00000000 ____D () C:\Program Files (x86)\Completes
2014-02-16 16:06 - 2014-02-16 16:06 - 00003028 _____ () C:\Windows\System32\Tasks\{A7ED7CC2-C8AF-450C-928E-A522828ACB69}
2014-02-16 16:01 - 2014-02-16 16:01 - 00018381 _____ () C:\Users\John\Downloads\[111230] [ディーゼルマイン] 犯され勇者~凛々しく世界を救うハズだったボク…~.torrent
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\John\Downloads\[121026] [エレクトリップ] ManguSta -恥辱風紀委員会-
2014-02-16 15:07 - 2014-02-16 10:47 - 00000000 ____D () C:\Users\John\Documents\野良うさぎ
2014-02-16 14:25 - 2013-05-09 10:53 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-02-16 14:18 - 2013-07-17 23:49 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-02-16 10:25 - 2014-02-16 10:25 - 00070689 _____ () C:\Users\John\Downloads\Jack_and_Judy_Geller.jpeg
2014-02-16 03:01 - 2013-07-18 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 03:00 - 2013-01-30 10:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique
2014-02-16 01:26 - 2014-02-16 01:26 - 00000000 ____D () C:\Program Files (x86)\Antique
2014-02-15 17:55 - 2014-02-15 17:55 - 00000000 ____D () C:\Users\John\dwhelper
2014-02-14 04:55 - 2013-04-18 08:14 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-14 04:55 - 2013-04-18 08:14 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-13 03:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-13 03:06 - 2013-05-09 12:36 - 00764302 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-07 21:29 - 2014-02-07 21:29 - 00206390 _____ () C:\Users\John\Downloads\tumblr_m9t6o3yFyZ1qeg2wb.bmp
2014-02-06 06:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-05 23:44 - 2014-02-05 23:44 - 00019369 _____ () C:\Users\John\Downloads\Team Hell No shirt 1.jpeg
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\SetApp
2014-02-02 22:19 - 2014-02-02 22:19 - 00000000 ____D () C:\ProgramData\InstallMate
2014-02-01 13:48 - 2014-01-31 23:46 - 00000947 _____ () C:\Users\John\Desktop\SYOTAMANE - Shortcut.lnk
2014-01-31 23:46 - 2014-01-31 23:46 - 00000000 ____D () C:\Shotamane
2014-01-30 00:13 - 2013-05-29 21:44 - 00000000 ____D () C:\Users\John\.gimp-2.8
2014-01-30 00:11 - 2014-01-30 00:11 - 00001622 _____ () C:\Users\John\AppData\Local\recently-used.xbel
2014-01-28 23:49 - 2013-10-28 23:44 - 00000000 ____D () C:\GOG Games
2014-01-27 02:37 - 2013-04-30 23:28 - 00000000 ____D () C:\Users\John\Desktop\Games
2014-01-27 01:00 - 2014-01-27 01:00 - 00000000 ____D () C:\Program Files (x86)\モニスタラッシュ
2014-01-27 00:32 - 2014-01-27 00:32 - 00000000 ____D () C:\Program Files (x86)\softhouse-seal
2014-01-25 22:29 - 2014-01-25 22:29 - 00000000 ____D () C:\Users\John\Documents\暁WORKS
2014-01-25 22:27 - 2014-01-25 22:27 - 00000000 ____D () C:\Program Files (x86)\WORKS
2014-01-23 01:37 - 2014-01-23 01:37 - 01675264 _____ () C:\Users\John\Downloads\mov01 (3).mpg
2014-01-23 01:31 - 2014-01-23 01:31 - 01671168 _____ () C:\Users\John\Downloads\mov04 (1).mpg
2014-01-23 01:31 - 2014-01-23 01:30 - 01660928 _____ () C:\Users\John\Downloads\mov03 (3).mpg
2014-01-23 01:29 - 2014-01-23 01:29 - 01671168 _____ () C:\Users\John\Downloads\mov04.mpg
2014-01-23 01:28 - 2014-01-23 01:28 - 01669120 _____ () C:\Users\John\Downloads\mov03 (2).mpg
2014-01-23 01:23 - 2014-01-23 01:23 - 01671168 _____ () C:\Users\John\Downloads\mov01 (2).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01677312 _____ () C:\Users\John\Downloads\mov03 (1).mpg
2014-01-23 01:22 - 2014-01-23 01:22 - 01671168 _____ () C:\Users\John\Downloads\mov01 (1).mpg
2014-01-23 00:46 - 2014-01-23 00:46 - 01665024 _____ () C:\Users\John\Downloads\mov01.mpg
2014-01-23 00:43 - 2014-01-23 00:43 - 01662976 _____ () C:\Users\John\Downloads\mov03.mpg
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\temp\Quarantine.exe
C:\Users\John\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 01:51
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users