Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think something's up?!


  • This topic is locked This topic is locked
12 replies to this topic

#1 zenmonkey

zenmonkey

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 02 March 2014 - 08:35 PM

Mod Edit: moved to
Virus, Trojan, Spyware, and Malware Removal Logs      ~~ boopme        
 
OTL Log below. I've had some crazy issues with certificates and browser redirects.
 
 
OTL logfile created on: 3/2/2014 5:16:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Tools
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.89% Memory free
15.96 Gb Paging File | 13.80 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.56 Gb Total Space | 26.49 Gb Free Space | 47.68% Space Free | Partition Type: NTFS
Drive E: | 29.84 Gb Total Space | 20.57 Gb Free Space | 68.92% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/02 16:56:21 | 002,665,008 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
PRC - [2014/03/02 16:56:21 | 000,774,448 | ---- | M] (Doctor Web, Ltd.) -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe
PRC - [2014/03/01 15:58:02 | 000,602,112 | R--- | M] (OldTimer Tools) -- E:\Tools\OTL.exe
PRC - [2014/03/01 15:57:42 | 012,589,848 | R--- | M] (Malwarebytes Corp.) -- E:\Tools\mbar-1.07.0.1009.exe
PRC - [2014/01/07 16:29:35 | 001,180,472 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Steve\Desktop\mbar\mbar.exe
PRC - [2013/08/21 18:54:00 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/13 14:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
PRC - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2011/07/12 00:14:26 | 000,331,776 | R--- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/20 17:38:18 | 000,311,296 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll
MOD - [2012/11/14 14:44:36 | 002,875,463 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
MOD - [2012/11/14 14:00:32 | 001,499,204 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
MOD - [2012/11/14 10:42:52 | 000,651,331 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll
MOD - [2012/11/09 16:51:08 | 001,429,582 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
MOD - [2012/09/18 14:45:26 | 001,335,362 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
MOD - [2012/09/17 16:25:28 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
MOD - [2012/05/08 15:01:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
MOD - [2012/01/13 14:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
MOD - [2011/10/18 09:26:16 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
MOD - [2011/09/14 17:12:30 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
MOD - [2011/03/01 19:00:58 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
MOD - [2010/06/24 15:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
MOD - [2010/06/10 15:52:24 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
MOD - [2010/03/12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll
MOD - [2010/03/12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll
MOD - [2008/05/07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
MOD - [2003/02/14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/02 16:56:23 | 008,880,896 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\dwservice.exe -- (DrWebAVService)
SRV:64bit: - [2014/03/02 16:56:21 | 002,665,008 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe -- (DrWebEngine)
SRV:64bit: - [2014/03/02 16:53:19 | 006,491,904 | ---- | M] (Doctor Web, Ltd.) [On_Demand | Running] -- C:\Program Files\DrWeb\dwnetfilter.exe -- (DrWebNetFilter)
SRV:64bit: - [2014/03/02 16:53:19 | 001,796,096 | ---- | M] (Doctor Web, Ltd.) [Auto | Running] -- C:\Program Files\DrWeb\frwl_svc.exe -- (DrWebFwSvc)
SRV:64bit: - [2013/08/22 11:12:03 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2013/08/22 11:12:02 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2013/08/22 11:12:02 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlms\wlms.exe -- (WLMS)
SRV:64bit: - [2013/08/22 04:39:24 | 003,395,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/08/22 04:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 04:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 03:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 03:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 03:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 03:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 03:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:03:23 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/22 02:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 02:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 02:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 02:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 01:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 01:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 01:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 01:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 01:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 01:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 01:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 01:41:28 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/08/22 01:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 01:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 01:40:00 | 000,265,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 01:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 01:38:22 | 001,563,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/08/22 01:36:35 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 01:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 01:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/22 01:04:58 | 000,528,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 00:58:59 | 001,291,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/08/22 00:47:59 | 001,534,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2012/08/02 21:29:02 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/08/22 04:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 19:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 18:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/21 18:35:39 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/02 17:15:00 | 000,119,000 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/03/02 17:13:32 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/03/02 16:53:26 | 000,238,264 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\spiderg3.sys -- (SpiderG3)
DRV:64bit: - [2014/03/02 16:53:25 | 000,075,424 | ---- | M] (Doctor Web, Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dw_wfp.sys -- (DrWebWfp)
DRV:64bit: - [2014/03/02 16:53:22 | 000,375,992 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)
DRV:64bit: - [2014/03/02 16:53:19 | 000,247,968 | ---- | M] (Doctor Web, Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DrWebLwf.sys -- (DrWebLwf)
DRV:64bit: - [2013/08/22 11:12:06 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 11:12:03 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 11:11:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2013/08/22 11:11:51 | 000,056,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2013/08/22 11:11:51 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 11:11:50 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 11:11:50 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 11:11:50 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2013/08/22 11:11:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 05:25:40 | 000,175,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/08/22 05:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 05:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 04:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 04:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 04:49:33 | 000,234,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/08/22 04:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 04:49:29 | 000,039,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/08/22 04:45:37 | 000,135,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/22 04:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 04:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 04:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 04:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 04:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 04:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 04:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 04:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 04:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 04:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 04:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 04:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 04:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 04:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 04:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 04:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 04:43:34 | 000,466,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/22 04:43:34 | 000,325,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/08/22 04:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 04:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 04:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,370,528 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/08/22 04:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 04:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 04:43:31 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/08/22 04:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 04:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 04:43:31 | 000,056,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/08/22 04:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 04:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 04:39:15 | 000,086,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/08/22 04:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 04:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 04:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 04:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 04:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 04:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 03:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 03:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 03:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 03:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 03:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 03:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 03:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 03:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 03:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 03:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 03:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 03:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 03:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 03:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 03:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 03:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 03:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 03:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 03:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 03:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 03:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 03:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 00:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 15:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 16:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 10:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 11:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/25 09:01:20 | 000,022,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/02 21:28:42 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/07/19 01:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/07/17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/02/22 19:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2012/01/19 20:39:16 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012/01/19 20:39:04 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV - [2014/03/02 17:11:48 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2014/03/02 17:11:41 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 CA 75 10 7B 36 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2013/08/22 05:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [SpIDerAgent] C:\Program Files\DrWeb\spideragent.exe (Doctor Web, Ltd.)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BF1960D-A712-4350-A620-A492AFA19106}: DhcpNameServer = 192.168.7.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Bleeping Computer, LLC)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{97e7a5a6-a26d-11e3-824b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97e7a5a6-a26d-11e3-824b-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Run.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/02 17:15:00 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/02 17:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/02 17:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2014/03/02 17:13:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/02 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mbar
[2014/03/02 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Intel Corporation
[2014/03/02 17:10:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/03/02 17:10:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2014/03/02 17:10:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/03/02 17:10:05 | 000,000,000 | ---D | C] -- C:\17d9b42aab3c8342d1d5b6239a70f3df
[2014/03/02 17:07:09 | 000,025,640 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/03/02 17:06:54 | 000,000,000 | ---D | C] -- C:\Windows\GBD
[2014/03/02 17:05:44 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2014/03/02 17:05:19 | 004,217,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncEngine.dll
[2014/03/02 17:05:19 | 002,804,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2014/03/02 17:05:19 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll
[2014/03/02 17:05:19 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDrive.exe
[2014/03/02 17:05:18 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDriveTelemetry.dll
[2014/03/02 17:05:18 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll
[2014/03/02 17:05:18 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SkyDriveShell.dll
[2014/03/02 17:05:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winbici.dll
[2014/03/02 17:05:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SkyDriveShell.dll
[2014/03/02 17:05:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BulkOperationHost.exe
[2014/03/02 17:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
[2014/03/02 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2014/03/02 17:00:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Doctor Web
[2014/03/02 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2014/03/02 17:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2014/03/02 17:00:38 | 000,000,000 | ---D | C] -- C:\VIA_XHCI
[2014/03/02 17:00:16 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/03/02 17:00:15 | 001,721,576 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01009.dll
[2014/03/02 17:00:15 | 000,254,464 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\xhcdrv.sys
[2014/03/02 17:00:15 | 000,205,312 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\ViaHub3.sys
[2014/03/02 16:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2014/03/02 16:59:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2014/03/02 16:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/03/02 16:59:51 | 003,498,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/03/02 16:59:51 | 000,063,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/03/02 16:59:50 | 006,712,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/03/02 16:59:50 | 000,386,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/03/02 16:59:42 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/03/02 16:59:42 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/03/02 16:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014/03/02 16:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2014/03/02 16:58:43 | 000,110,744 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C63x64.sys
[2014/03/02 16:58:37 | 000,647,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2014/03/02 16:58:35 | 031,432,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/03/02 16:58:35 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/03/02 16:58:35 | 023,683,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/03/02 16:58:35 | 018,257,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/03/02 16:58:35 | 017,715,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/03/02 16:58:35 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/03/02 16:58:35 | 015,740,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/03/02 16:58:35 | 014,669,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/03/02 16:58:35 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/03/02 16:58:35 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/03/02 16:58:35 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/03/02 16:58:35 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/03/02 16:58:35 | 003,142,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/03/02 16:58:35 | 003,090,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/03/02 16:58:35 | 002,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/03/02 16:58:35 | 002,782,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/03/02 16:58:35 | 002,713,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/03/02 16:58:35 | 002,410,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/03/02 16:58:35 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433489.dll
[2014/03/02 16:58:35 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433489.dll
[2014/03/02 16:58:35 | 000,947,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/03/02 16:58:35 | 000,892,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/03/02 16:58:35 | 000,875,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/03/02 16:58:35 | 000,863,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/03/02 16:58:35 | 000,844,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/03/02 16:58:35 | 000,832,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/03/02 16:58:35 | 000,483,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/03/02 16:58:35 | 000,408,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/03/02 16:58:35 | 000,378,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/03/02 16:58:35 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/03/02 16:58:35 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/03/02 16:58:35 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/03/02 16:58:35 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/03/02 16:58:35 | 000,148,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/03/02 16:58:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2014/03/02 16:58:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2014/03/02 16:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2014/03/02 16:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2014/03/02 16:57:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2014/03/02 16:57:34 | 002,993,296 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2014/03/02 16:57:34 | 000,092,304 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2014/03/02 16:57:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2014/03/02 16:57:33 | 002,206,352 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2014/03/02 16:57:33 | 001,161,360 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2014/03/02 16:57:33 | 001,119,376 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2014/03/02 16:57:33 | 000,681,104 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2014/03/02 16:57:33 | 000,248,976 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2014/03/02 16:57:33 | 000,123,536 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2014/03/02 16:57:33 | 000,095,376 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2014/03/02 16:57:33 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2014/03/02 16:57:33 | 000,070,800 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2014/03/02 16:57:33 | 000,027,792 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2014/03/02 16:57:32 | 000,055,440 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2014/03/02 16:57:17 | 000,414,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2014/03/02 16:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2014/03/02 16:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2014/03/02 16:57:03 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2014/03/02 16:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr.Web
[2014/03/02 16:56:02 | 000,000,000 | ---D | C] -- C:\Intel
[2014/03/02 16:56:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/03/02 16:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/03/02 16:55:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\InstallShield
[2014/03/02 16:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2014/03/02 16:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/03/02 16:55:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Google
[2014/03/02 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/03/02 16:54:34 | 232,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Users\Steve\Desktop\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
[2014/03/02 16:54:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Macromedia
[2014/03/02 16:53:26 | 000,238,264 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\spiderg3.sys
[2014/03/02 16:53:25 | 000,075,424 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dw_wfp.sys
[2014/03/02 16:53:22 | 000,375,992 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dwprot.sys
[2014/03/02 16:53:19 | 000,247,968 | ---- | C] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\DrWebLwf.sys
[2014/03/02 16:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2014/03/02 16:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2014/03/02 16:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web
[2014/03/02 16:52:14 | 002,407,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll
[2014/03/02 16:51:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2014/03/02 16:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/02 16:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/02 16:51:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/02 16:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/02 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Programs
[2014/03/02 16:50:28 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/03/02 16:50:28 | 000,000,000 | R--D | C] -- C:\Users\Steve\Searches
[2014/03/02 16:50:28 | 000,000,000 | R--D | C] -- C:\Users\Steve\Contacts
[2014/03/02 16:50:28 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/03/02 16:50:28 | 000,000,000 | -H-D | C] -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/03/02 16:50:27 | 000,000,000 | --SD | C] -- C:\Users\Steve\AppData\Roaming\Microsoft
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Videos
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Saved Games
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Pictures
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Music
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Links
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Favorites
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Downloads
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Documents
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\Desktop
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/03/02 16:50:27 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\Temporary Internet Files
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Templates
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Start Menu
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\SendTo
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Recent
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\PrintHood
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\NetHood
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Videos
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Pictures
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Documents\My Music
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\My Documents
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Local Settings
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\History
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Cookies
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\Application Data
[2014/03/02 16:50:27 | 000,000,000 | -HSD | C] -- C:\Users\Steve\AppData\Local\Application Data
[2014/03/02 16:50:27 | 000,000,000 | -H-D | C] -- C:\Users\Steve\AppData
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\VirtualStore
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Temp
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Packages
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Microsoft
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2014/03/02 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Adobe
[2014/03/02 16:50:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/02 16:49:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/03/02 16:46:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/03/02 16:46:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/02 19:15:00 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/02 19:13:34 | 000,835,482 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/02 19:13:34 | 000,696,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/02 19:13:34 | 000,128,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/02 19:13:32 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/02 19:13:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 19:11:48 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/03/02 19:11:45 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 19:11:41 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/03/02 19:10:55 | 986,325,150 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/03/02 19:05:04 | 000,000,735 | ---- | M] () -- C:\Users\Public\Desktop\SmartRecovery2.exe.lnk
[2014/03/02 19:02:56 | 000,818,732 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/02 19:01:24 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2014/03/02 19:00:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 18:57:58 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2014/03/02 18:57:29 | 232,660,160 | ---- | M] (NVIDIA Corporation) -- C:\Users\Steve\Desktop\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
[2014/03/02 18:56:27 | 000,000,796 | ---- | M] () -- C:\Users\Steve\Desktop\Dr.Web Scanner.lnk
[2014/03/02 18:55:56 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/02 18:55:56 | 000,002,263 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/02 18:54:55 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2014/03/02 18:53:58 | 000,001,440 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/02 18:53:26 | 000,238,264 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\spiderg3.sys
[2014/03/02 18:53:25 | 000,075,424 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dw_wfp.sys
[2014/03/02 18:53:22 | 000,375,992 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\dwprot.sys
[2014/03/02 18:53:19 | 000,247,968 | ---- | M] (Doctor Web, Ltd.) -- C:\Windows\SysNative\drivers\DrWebLwf.sys
[2014/03/02 18:51:42 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 18:50:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/03/02 18:49:18 | 000,034,532 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/03/02 18:49:18 | 000,034,532 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/03/02 17:11:48 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2014/03/02 17:11:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/02 17:11:21 | 2543,460,351 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/08 12:34:51 | 031,432,480 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2014/02/08 12:34:51 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2014/02/08 12:34:51 | 023,683,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2014/02/08 12:34:51 | 018,257,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2014/02/08 12:34:51 | 017,715,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2014/02/08 12:34:51 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2014/02/08 12:34:51 | 015,740,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2014/02/08 12:34:51 | 014,669,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2014/02/08 12:34:51 | 011,636,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2014/02/08 12:34:51 | 011,589,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2014/02/08 12:34:51 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2014/02/08 12:34:51 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2014/02/08 12:34:51 | 003,142,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2014/02/08 12:34:51 | 003,090,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2014/02/08 12:34:51 | 002,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2014/02/08 12:34:51 | 002,782,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2014/02/08 12:34:51 | 002,713,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2014/02/08 12:34:51 | 002,410,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2014/02/08 12:34:51 | 001,885,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433489.dll
[2014/02/08 12:34:51 | 001,515,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433489.dll
[2014/02/08 12:34:51 | 000,947,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2014/02/08 12:34:51 | 000,892,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2014/02/08 12:34:51 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2014/02/08 12:34:51 | 000,863,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2014/02/08 12:34:51 | 000,844,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2014/02/08 12:34:51 | 000,832,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2014/02/08 12:34:51 | 000,483,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll
[2014/02/08 12:34:51 | 000,408,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll
[2014/02/08 12:34:51 | 000,378,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll
[2014/02/08 12:34:51 | 000,353,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2014/02/08 12:34:51 | 000,333,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2014/02/08 12:34:51 | 000,305,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2014/02/08 12:34:51 | 000,174,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2014/02/08 12:34:51 | 000,148,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2014/02/08 12:34:51 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/02/08 12:34:51 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/02/08 12:34:51 | 000,024,544 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/02/08 11:42:36 | 006,712,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2014/02/08 11:42:36 | 003,498,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2014/02/08 11:42:32 | 000,386,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2014/02/08 11:42:32 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2014/02/05 11:52:50 | 003,573,739 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
 
========== Files Created - No Company Name ==========
 
[2014/03/02 17:13:34 | 000,835,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/02 17:11:48 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2014/03/02 17:11:48 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2014/03/02 17:10:55 | 986,325,150 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/03/02 17:05:04 | 000,000,735 | ---- | C] () -- C:\Users\Public\Desktop\SmartRecovery2.exe.lnk
[2014/03/02 17:01:24 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2014/03/02 17:00:48 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe
[2014/03/02 17:00:48 | 000,022,680 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys
[2014/03/02 17:00:15 | 000,008,227 | R--- | C] () -- C:\Windows\SysNative\drivers\viahub3.cat
[2014/03/02 17:00:15 | 000,008,003 | R--- | C] () -- C:\Windows\SysNative\drivers\xhcdrv.cat
[2014/03/02 17:00:15 | 000,004,508 | R--- | C] () -- C:\Windows\SysNative\drivers\xhcdrv.inf
[2014/03/02 17:00:15 | 000,003,977 | R--- | C] () -- C:\Windows\SysNative\drivers\ViaHub3.inf
[2014/03/02 16:59:50 | 003,573,739 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/03/02 16:58:35 | 000,024,544 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/03/02 16:57:58 | 000,001,238 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2014/03/02 16:57:58 | 000,001,226 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2014/03/02 16:56:27 | 000,000,796 | ---- | C] () -- C:\Users\Steve\Desktop\Dr.Web Scanner.lnk
[2014/03/02 16:55:56 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/02 16:55:56 | 000,002,263 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/02 16:55:46 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 16:55:46 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 16:54:55 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2014/03/02 16:54:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2014/03/02 16:53:58 | 000,001,440 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/02 16:53:29 | 000,818,732 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/02 16:51:42 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 16:50:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/03/02 16:50:27 | 000,001,446 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/03/02 16:50:27 | 000,000,352 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/03/02 16:50:27 | 000,000,334 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/03/02 16:49:34 | 2543,460,351 | -HS- | C] () -- C:\hiberfil.sys
[2014/03/02 16:48:56 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/08/22 07:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 07:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 06:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/21 23:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 19:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 19:17:46 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/21 15:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 15:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/22 06:40:00 | 021,192,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/21 23:25:39 | 018,634,248 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 03:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 20:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 03:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Purity Check ==========
 
 
 
< End of report >
 
Extras:
 

OTL Extras logfile created on: 3/2/2014 5:16:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Tools
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.96 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.89% Memory free
15.96 Gb Paging File | 13.80 Gb Available in Paging File | 86.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.56 Gb Total Space | 26.49 Gb Free Space | 47.68% Space Free | Partition Type: NTFS
Drive E: | 29.84 Gb Total Space | 20.57 Gb Free Space | 68.92% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0373F95B-E217-4E10-82CF-D98A02984A1D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0FD290C2-4B4B-445E-B681-71417200F60D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{14743423-E5FA-40BB-B6E8-4D592227375F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15C0F4F6-A81B-4E1D-9E42-9BCD4C756D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{216C23D5-5172-4DAB-9430-99484660BA36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{501072DD-AB1D-4EAD-BBBF-84A750A785B6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{88F11A71-08A4-44DD-9B22-BB69ED1D6DC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{944DF20E-13A9-42C2-B98D-5834B807163D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9BA21C2D-8E41-4DB0-BF39-C01B7618130C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A18FF1FD-4566-496B-96A2-197DEABF3791}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A9F5AC4E-4157-4F99-BEE6-5BB8447293C9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA4DC89C-C6A8-402F-8E6F-9D4BFAAD6A2C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC970615-97E4-45DA-9057-6D0B4FA95ABF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B416D850-5F6D-43CC-B46E-69842EA9EE87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9BF4822-F7A2-498C-84D9-D2B29BB10128}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DE6213E3-3F3A-45D8-808D-6BD212ACDA2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EA61866A-B560-49BB-84CC-B8FD8B4716C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F0ADB5D7-27E4-458D-84FF-BCC870839B55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3E615CC-BA3D-4078-AC7D-AF87122E6C57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F8AD46C4-3555-4E1A-844D-88B8A00E967D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FA078D7F-4E51-4D01-931F-BF559EB151D6}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F82D40-F936-4656-8A4D-BAB4F27F72B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0441D4E6-94AC-44F2-8C3E-8FF018AE4431}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{057B5393-1F2C-4731-A8DE-F6CEE3F80B09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06B44892-6AFE-491F-ADED-C0684A3CD245}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{12434C63-9BD3-47AB-8363-9C5098AC6E35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{15C1FCF9-9E21-4177-AA79-00E899934E51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{16753227-9AA5-4049-94E3-1574CB63A5E8}" = dir=out | name=@{microsoft.bingnews_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{1B448BC9-DEF9-416C-A8FC-9CA47F14C5F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DE030B9-AB59-4918-B8EE-D8551AB34746}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1E35CDF8-F6B6-407D-9139-37362666817C}" = dir=out | name=@{microsoft.bingmaps_2.0.2009.2356_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{287059DB-D80C-43E8-B102-904F05B63946}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{3EFDF929-898D-4922-BB70-71D04AC46E55}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4E9830EB-8E23-45FF-806C-0EE411578E56}" = dir=out | name=@{microsoft.zunevideo_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5CA04542-D05D-4001-9319-8E3DA9DF339B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{61213ABC-A6AC-4DA5-8CD1-F04D6E9B84E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6915B316-B6D5-4879-85EA-072DDF338350}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.1.177_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{70D2A67E-8330-47EC-AB19-B888CD9B53F8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{747F5A9E-6418-4A6B-969D-CABAC72F146E}" = dir=out | name=@{microsoft.bingsports_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{7E8D5B34-0451-4CED-913F-A8FB8F4845C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{853E2B0C-3F7E-42E7-9EE4-CF2FEE09356E}" = dir=out | name=skype | 
"{900515DD-04F9-4C24-B794-D16B15ABC8F9}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.1.176_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{91D81974-3C6D-4B03-8B0C-5FA9D3A01C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9EB31089-C6D0-4C65-87C7-AF9E49455277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A0487303-9C50-4135-BCD8-CBD33AD47FFD}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{A14DBC33-54BC-4D7E-A199-B0F5C6C71EC6}" = dir=out | name=@{microsoft.xboxlivegames_2.0.20.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{A3CF2D68-2885-4764-982A-E096007E37BE}" = dir=in | name=skype | 
"{AD6D7AA7-2E7E-40E3-AD7A-8C63B2CA5A95}" = dir=out | name=@{microsoft.zunemusic_2.2.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{B239758C-0076-461C-A4EA-E4CCC733A149}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{B32482D3-8D5F-4D37-804B-A7F242219AD7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BBAE7412-347A-43B0-A3AC-940E7C7268EA}" = protocol=6 | dir=out | app=system | 
"{CEA50678-CF59-439E-929B-07B9489EF512}" = dir=out | name=@{microsoft.bingtravel_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{CFBBB1B3-0324-4CAF-AE7C-9E085DCD4199}" = dir=out | name=@{microsoft.bingfinance_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC6B0BA2-C4C4-4244-97DA-BB3A832C00E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5EC84C4-779E-4A64-981D-C09959E6E10E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{F36C1E92-4738-4DDC-BF22-99A6E20B4F98}" = dir=out | name=@{microsoft.bingweather_3.0.1.174_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{F3E61284-C2BD-4BB7-A223-EC3DB8EB58AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{5352DB49-883D-4b64-8443-DA7B80C33ED5}" = Dr.Web Security Space
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B12.1025.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.1121.1
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BC1FA5CF-A36F-4C61-9638-09D0B431B006}" = Smart Recovery 2 B12.1109.1  (x64)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.1121.1
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/2/2014 8:52:05 PM | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=0eebbb45-29d4-49cb-ba87-a23db0cce40a
 
Error - 3/2/2014 8:52:05 PM | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8200
Description = License acquisition failure details.   hr=0x80072EE7
 
Error - 3/2/2014 8:52:05 PM | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0x80072EE7  Sku Id=0eebbb45-29d4-49cb-ba87-a23db0cce40a
 
Error - 3/2/2014 8:52:05 PM | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0eebbb45-29d4-49cb-ba87-a23db0cce40a;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 3/2/2014 8:52:05 PM | Computer Name = Home-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line
 arguments:  RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0eebbb45-29d4-49cb-ba87-a23db0cce40a;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 3/2/2014 8:52:53 PM | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
Error - 3/2/2014 9:01:15 PM | Computer Name = Home-PC | Source = DrWebFWSvc | ID = 3
Description = Runtime error occured, details are provided below:  Condition: Failed
 to initialize application identity cache  Error: 2 (0x2)  Additional information: Can't
 open kernel cache manager.
 
Error - 3/2/2014 9:01:15 PM | Computer Name = Home-PC | Source = DrWebFWSvc | ID = 3
Description = Runtime error occured, details are provided below:  Condition: Service
 start failed  Error: 2 (0x2)  Additional information: Can't open \\.\DRWEBAF device.
 
Error - 3/2/2014 9:09:40 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16384,
 time stamp: 0x52157231  Faulting module name: Dldrv.ocx, version: 1.4.206.11, time
 stamp: 0x413529b7  Exception code: 0xc0000005  Fault offset: 0x0001bd49  Faulting process
 id: 0x12c  Faulting application start time: 0x01cf367cca9cd36a  Faulting application
 path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE  Faulting module path:
 C:\Windows\DOWNLO~1\Dldrv.ocx  Report Id: 7e5616ba-a270-11e3-824c-74d43517ad36  Faulting
 package full name:   Faulting package-relative application ID: 
 
Error - 3/2/2014 9:13:32 PM | Computer Name = Home-PC | Source = Perflib | ID = 1023
Description = 
 
[ System Events ]
Error - 3/2/2014 8:48:54 PM | Computer Name = windows-mrt14b2 | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 3/2/2014 8:49:06 PM | Computer Name = windows-mrt14b2 | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error:   %%1058
 
Error - 3/2/2014 8:49:09 PM | Computer Name = windows-mrt14b2 | Source = Service Control Manager | ID = 7023
Description = The Network List Service service terminated with the following error:
   %%21
 
Error - 3/2/2014 8:52:14 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description = The Printer Extensions and Notifications service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 3/2/2014 9:01:15 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Dr.Web Firewall Service service terminated with the following 
error:   %%2
 
Error - 3/2/2014 9:10:57 PM | Computer Name = Home-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:50:18 PM on ?3/?2/?2014 was unexpected.
 
Error - 3/2/2014 9:10:58 PM | Computer Name = Home-PC | Source = BugCheck | ID = 1005
Description = 
 
Error - 3/2/2014 9:10:58 PM | Computer Name = Home-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 3/2/2014 9:11:07 PM | Computer Name = Home-PC | Source = Microsoft-Windows-Directory-Services-SAM | ID = 12291
Description = SAM failed to start the TCP/IP or SPX/IPX listening thread
 
 
< End of report >

Edited by boopme, 02 March 2014 - 09:02 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 02 March 2014 - 09:19 PM

Hello zenmonkey,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 02 March 2014 - 09:47 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 03
Ran by Steve (administrator) on HOME-PC on 02-03-2014 20:45:48
Running from C:\Users\Steve\Desktop
Windows 8.1 Enterprise Evaluation (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\dwservice.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\frwl_svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Windows\system32\wlms\wlms.exe
(Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
(Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwarkdaemon.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\dwnetfilter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\frwl_notify.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Doctor Web, Ltd.) C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\spideragent.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\system32\DrvInst.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\SpiderAgent_Adm.exe
(Doctor Web, Ltd.) C:\Program Files\DrWeb\spideragent.exe
(Thisisu) E:\Tools\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Users\Steve\AppData\Local\Temp\abbad52a-576e-435d-96f1-8063fcd7a711\WebSetupExpanded\WebSetup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Steve\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SpIDerAgent] - C:\Program Files\DrWeb\spideragent.exe [17187072 2014-03-02] (Doctor Web, Ltd.)
HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKU\S-1-5-21-3475750592-1111983694-3607820818-1001\...\MountPoints2: {97e7a5a6-a26d-11e3-824b-806e6f6e6963} - "D:\Run.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x83CA75107B36CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.7.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-02]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-02]
CHR Extension: (Google Wallet) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-02]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-02]
 
==================== Services (Whitelisted) =================
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 DrWebAVService; C:\Program Files\DrWeb\dwservice.exe [8880896 2014-03-02] (Doctor Web, Ltd.)
R3 DrWebEngine; C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2665008 2014-03-02] (Doctor Web, Ltd.)
R2 DrWebFwSvc; C:\Program Files\DrWeb\frwl_svc.exe [1796096 2014-03-02] (Doctor Web, Ltd.)
R3 DrWebNetFilter; C:\Program Files\DrWeb\dwnetfilter.exe [6491904 2014-03-02] (Doctor Web, Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WLMS; C:\Windows\system32\wlms\wlms.exe [22016 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R0 DrWebLwf; C:\Windows\System32\drivers\DrWebLwf.sys [247968 2014-03-02] (Doctor Web, Ltd.)
R1 DrWebWfp; C:\Windows\System32\drivers\dw_wfp.sys [75424 2014-03-02] (Doctor Web, Ltd.)
R0 DwProt; C:\Windows\System32\drivers\dwprot.sys [375992 2014-03-02] (Doctor Web, Ltd.)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-03-02] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39776 2013-08-22] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
U4 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-02] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
R0 SpiderG3; C:\Windows\System32\drivers\spiderg3.sys [238264 2014-03-02] (Doctor Web, Ltd.)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [205312 2012-01-19] (VIA Technologies, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [254464 2012-01-19] (VIA Technologies, Inc.)
U3 aswMBR; \??\C:\Users\Steve\AppData\Local\Temp\aswMBR.sys [X]
U3 kxldipow; \??\C:\Users\Steve\AppData\Local\Temp\kxldipow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-02 20:45 - 2014-03-02 20:45 - 02156544 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2014-03-02 20:45 - 2014-03-02 20:45 - 02156544 _____ (Farbar) C:\Users\Steve\Desktop\FRST64 (1).exe
2014-03-02 20:44 - 2014-03-02 20:45 - 00009575 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-03-02 20:44 - 2014-03-02 20:44 - 00019350 _____ () C:\Users\Steve\Desktop\Addition.txt
2014-03-02 20:42 - 2014-03-02 20:45 - 00000000 ____D () C:\FRST
2014-03-02 19:44 - 2014-03-02 19:46 - 00001435 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Download Windows.lnk
2014-03-02 19:44 - 2014-03-02 19:46 - 00001433 _____ () C:\Users\Steve\Desktop\Download Windows.lnk
2014-03-02 19:44 - 2014-03-02 19:46 - 00000000 __RHD () C:\ESD
2014-03-02 19:43 - 2014-03-02 19:43 - 04954736 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\WindowsSetupBox.exe
2014-03-02 19:43 - 2014-03-02 19:43 - 00000718 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-03-02 19:40 - 2014-03-02 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 19:28 - 2014-03-02 19:27 - 00871424 _____ () C:\nvflash.exe
2014-03-02 19:28 - 2014-03-02 19:27 - 00015648 _____ () C:\nvflsh64.sys
2014-03-02 19:28 - 2014-03-02 19:27 - 00013344 _____ () C:\nvflsh32.sys
2014-03-02 19:27 - 2014-03-02 19:27 - 00370097 _____ () C:\Users\Steve\Downloads\nvflash_windows_5.142.zip
2014-03-02 19:27 - 2014-03-02 19:27 - 00098304 _____ () C:\EVGA.GTX670.4096.120712.rom
2014-03-02 19:27 - 2014-03-02 19:27 - 00000000 ____D () C:\Users\Steve\Downloads\nvflash_windows_5.142
2014-03-02 19:24 - 2014-03-02 19:24 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.7.exe
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\NVIDIA
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-03-02 19:22 - 2014-03-02 19:27 - 00015648 _____ () C:\Windows\system32\Drivers\nvflash.sys
2014-03-02 19:22 - 2014-03-02 19:22 - 00373531 _____ () C:\Users\Steve\Downloads\2671_80.04.5C (1).zip
2014-03-02 19:22 - 2014-03-02 19:22 - 00373514 _____ () C:\Users\Steve\Downloads\3671_80.04.5C.zip
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Users\Steve\Downloads\3671_80.04.5C
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Users\Steve\Downloads\2671_80.04.5C
2014-03-02 19:21 - 2014-03-02 19:21 - 00373531 _____ () C:\Users\Steve\Downloads\2671_80.04.5C.zip
2014-03-02 19:15 - 2014-03-02 19:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-02 19:15 - 2014-03-02 19:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-02 19:13 - 2014-03-02 19:30 - 00000000 ____D () C:\Users\Steve\Desktop\mbar
2014-03-02 19:13 - 2014-03-02 19:13 - 00835482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 19:13 - 2014-03-02 19:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-02 19:13 - 2014-03-02 19:13 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Intel Corporation
2014-03-02 19:11 - 2014-03-02 19:11 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-03-02 19:11 - 2014-03-02 19:11 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-03-02 19:10 - 2014-03-02 19:10 - 986325150 _____ () C:\Windows\MEMORY.DMP
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\Minidump
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\17d9b42aab3c8342d1d5b6239a70f3df
2014-03-02 19:10 - 2014-02-04 21:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-02 19:07 - 2014-03-02 19:11 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-03-02 19:06 - 2014-03-02 19:08 - 00000000 ____D () C:\Windows\GBD
2014-03-02 19:05 - 2014-03-02 19:05 - 00000735 _____ () C:\Users\Public\Desktop\SmartRecovery2.exe.lnk
2014-03-02 19:05 - 2014-03-02 19:05 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-02 19:05 - 2014-01-09 02:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-03-02 19:05 - 2014-01-09 01:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-03-02 19:05 - 2014-01-09 01:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-03-02 19:05 - 2014-01-09 01:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-03-02 19:05 - 2014-01-09 01:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-03-02 19:05 - 2014-01-09 01:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-03-02 19:05 - 2014-01-09 01:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-03-02 19:05 - 2014-01-09 01:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-03-02 19:05 - 2014-01-09 01:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-03-02 19:05 - 2014-01-09 01:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-03-02 19:05 - 2013-09-21 01:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-03-02 19:01 - 2014-03-02 19:01 - 00002028 _____ () C:\Users\Public\Desktop\ET6.lnk
2014-03-02 19:01 - 2014-03-02 19:01 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-03-02 19:00 - 2014-03-02 19:05 - 00000000 ____D () C:\Program Files\GIGABYTE
2014-03-02 19:00 - 2014-03-02 19:02 - 00000156 _____ () C:\csb.log
2014-03-02 19:00 - 2014-03-02 19:02 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-03-02 19:00 - 2014-03-02 19:00 - 00000000 ____D () C:\VIA_XHCI
2014-03-02 19:00 - 2014-03-02 19:00 - 00000000 ____D () C:\Users\Steve\Doctor Web
2014-03-02 19:00 - 2012-10-25 11:01 - 00022680 _____ () C:\Windows\system32\Drivers\AppleCharger.sys
2014-03-02 19:00 - 2012-02-07 20:31 - 00008227 ____R () C:\Windows\system32\Drivers\viahub3.cat
2014-03-02 19:00 - 2012-02-07 03:45 - 00008003 ____R () C:\Windows\system32\Drivers\xhcdrv.cat
2014-03-02 19:00 - 2012-01-19 22:39 - 00254464 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\xhcdrv.sys
2014-03-02 19:00 - 2012-01-19 22:39 - 00205312 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\ViaHub3.sys
2014-03-02 19:00 - 2010-04-06 18:30 - 00031272 _____ () C:\Windows\system32\AppleChargerSrv.exe
2014-03-02 19:00 - 2009-07-14 00:21 - 01721576 ____R (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2014-03-02 19:00 - 2009-07-14 00:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-02 18:59 - 2014-02-08 12:34 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-03-02 18:59 - 2014-02-08 12:34 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-03-02 18:59 - 2014-02-08 11:42 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-02 18:59 - 2014-02-08 11:42 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-02 18:59 - 2014-02-08 11:42 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-02 18:59 - 2014-02-08 11:42 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-02 18:59 - 2014-02-08 11:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-02 18:59 - 2014-02-05 11:52 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Program Files (x86)\Marvell
2014-03-02 18:58 - 2014-02-08 12:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-02 18:58 - 2014-02-08 12:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-02 18:58 - 2014-02-08 12:34 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-03-02 18:58 - 2012-09-01 20:01 - 00647736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2014-03-02 18:58 - 2012-07-19 03:21 - 00110744 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C63x64.sys
2014-03-02 18:57 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-02 18:57 - 2014-03-02 18:57 - 00001226 _____ () C:\Users\Public\Desktop\HD VDeck.lnk
2014-03-02 18:57 - 2014-03-02 18:57 - 00000000 ____D () C:\Program Files (x86)\VIA
2014-03-02 18:57 - 2014-03-02 18:57 - 00000000 ____D () C:\NVIDIA
2014-03-02 18:57 - 2012-08-02 23:29 - 02993296 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 01119376 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 00681104 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 00123536 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 00095376 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 00070800 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll
2014-03-02 18:57 - 2012-08-02 23:29 - 00027792 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe
2014-03-02 18:57 - 2012-08-02 23:28 - 02206352 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys
2014-03-02 18:57 - 2012-08-02 23:28 - 01161360 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll
2014-03-02 18:57 - 2012-08-02 23:28 - 00248976 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Dts2APO.dll
2014-03-02 18:57 - 2012-08-02 23:28 - 00092304 _____ (VIA Technologies, Inc.) C:\Windows\system32\Dts2PropPageExt.dll
2014-03-02 18:57 - 2012-08-02 23:28 - 00055440 _____ (TODO: <Company name>) C:\Windows\system32\PropPageExt.dll
2014-03-02 18:57 - 2012-07-03 20:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-03-02 18:57 - 2012-06-28 02:54 - 00086016 _____ (QSound Labs, Inc.) C:\Windows\system32\nQPropPageExt.dll
2014-03-02 18:57 - 2011-06-08 04:19 - 00083968 _____ (QSound Labs, Inc.) C:\Windows\system32\nQAPO.dll
2014-03-02 18:57 - 2007-04-11 01:35 - 00414632 ____N (Microsoft Corporation) C:\Windows\difxapi.dll
2014-03-02 18:56 - 2014-03-02 19:12 - 00002530 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-02 18:56 - 2014-03-02 19:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 18:56 - 2014-03-02 19:01 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-02 18:56 - 2014-03-02 18:56 - 00000796 _____ () C:\Users\Steve\Desktop\Dr.Web Scanner.lnk
2014-03-02 18:56 - 2014-03-02 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Doctor Web
2014-03-02 18:56 - 2014-03-02 18:56 - 00000000 ____D () C:\Intel
2014-03-02 18:55 - 2014-03-02 20:25 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3475750592-1111983694-3607820818-1001
2014-03-02 18:55 - 2014-03-02 20:08 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 18:55 - 2014-03-02 20:08 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 18:55 - 2014-03-02 20:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 18:55 - 2014-03-02 20:01 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 18:55 - 2014-03-02 20:01 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 18:55 - 2014-03-02 19:02 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\ProgramData\InstallShield
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 18:54 - 2014-03-02 18:57 - 232660160 _____ (NVIDIA Corporation) C:\Users\Steve\Desktop\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-02 18:54 - 2014-03-02 18:54 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{500665A6-9A92-49E9-9959-43D16B1ED429}
2014-03-02 18:54 - 2014-03-02 18:54 - 00000010 _____ () C:\Windows\GSetup.ini
2014-03-02 18:54 - 2014-03-02 18:54 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Macromedia
2014-03-02 18:54 - 2009-08-27 01:04 - 00207400 ____R () C:\Windows\GSetup.exe
2014-03-02 18:53 - 2014-03-02 19:18 - 00820548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 18:53 - 2014-03-02 18:56 - 00000000 ____D () C:\Program Files\Common Files\Doctor Web
2014-03-02 18:53 - 2014-03-02 18:53 - 00375992 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dwprot.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00247968 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\DrWebLwf.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00238264 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\spiderg3.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00075424 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dw_wfp.sys
2014-03-02 18:52 - 2014-03-02 19:16 - 00000000 ____D () C:\Program Files\DrWeb
2014-03-02 18:52 - 2014-03-02 18:53 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-02 18:52 - 2013-08-21 23:17 - 02407936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2014-03-02 18:51 - 2014-03-02 18:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 18:51 - 2013-04-04 16:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 18:50 - 2014-03-02 20:41 - 00803469 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 18:50 - 2014-03-02 19:11 - 00000000 ____D () C:\Users\Steve
2014-03-02 18:50 - 2014-03-02 18:50 - 00001446 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-02 18:50 - 2014-03-02 18:50 - 00000020 ___SH () C:\Users\Steve\ntuser.ini
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Windows\CSC
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Adobe
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Local\VirtualStore
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Local\Packages
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-02 18:48 - 2014-03-02 19:10 - 00055626 _____ () C:\Windows\PFRO.log
2014-03-02 18:46 - 2014-03-02 18:50 - 00000000 ____D () C:\Windows\Panther
 
==================== One Month Modified Files and Folders =======
 
2014-03-02 20:45 - 2014-03-02 20:45 - 02156544 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2014-03-02 20:45 - 2014-03-02 20:45 - 02156544 _____ (Farbar) C:\Users\Steve\Desktop\FRST64 (1).exe
2014-03-02 20:45 - 2014-03-02 20:44 - 00009575 _____ () C:\Users\Steve\Desktop\FRST.txt
2014-03-02 20:45 - 2014-03-02 20:42 - 00000000 ____D () C:\FRST
2014-03-02 20:44 - 2014-03-02 20:44 - 00019350 _____ () C:\Users\Steve\Desktop\Addition.txt
2014-03-02 20:41 - 2014-03-02 18:50 - 00803469 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 20:25 - 2014-03-02 18:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3475750592-1111983694-3607820818-1001
2014-03-02 20:08 - 2014-03-02 18:55 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-02 20:08 - 2014-03-02 18:55 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 20:06 - 2014-03-02 18:55 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 20:01 - 2014-03-02 18:55 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-02 20:01 - 2014-03-02 18:55 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-02 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-02 19:46 - 2014-03-02 19:44 - 00001435 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Download Windows.lnk
2014-03-02 19:46 - 2014-03-02 19:44 - 00001433 _____ () C:\Users\Steve\Desktop\Download Windows.lnk
2014-03-02 19:46 - 2014-03-02 19:44 - 00000000 __RHD () C:\ESD
2014-03-02 19:43 - 2014-03-02 19:43 - 04954736 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\WindowsSetupBox.exe
2014-03-02 19:43 - 2014-03-02 19:43 - 00000718 _____ () C:\Users\Steve\Desktop\JRT.txt
2014-03-02 19:40 - 2014-03-02 19:40 - 00000000 ____D () C:\Windows\ERUNT
2014-03-02 19:30 - 2014-03-02 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-02 19:30 - 2014-03-02 19:13 - 00000000 ____D () C:\Users\Steve\Desktop\mbar
2014-03-02 19:27 - 2014-03-02 19:28 - 00871424 _____ () C:\nvflash.exe
2014-03-02 19:27 - 2014-03-02 19:28 - 00015648 _____ () C:\nvflsh64.sys
2014-03-02 19:27 - 2014-03-02 19:28 - 00013344 _____ () C:\nvflsh32.sys
2014-03-02 19:27 - 2014-03-02 19:27 - 00370097 _____ () C:\Users\Steve\Downloads\nvflash_windows_5.142.zip
2014-03-02 19:27 - 2014-03-02 19:27 - 00098304 _____ () C:\EVGA.GTX670.4096.120712.rom
2014-03-02 19:27 - 2014-03-02 19:27 - 00000000 ____D () C:\Users\Steve\Downloads\nvflash_windows_5.142
2014-03-02 19:27 - 2014-03-02 19:22 - 00015648 _____ () C:\Windows\system32\Drivers\nvflash.sys
2014-03-02 19:24 - 2014-03-02 19:24 - 01639000 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Steve\Downloads\GPU-Z.0.7.7.exe
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\NVIDIA
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2014-03-02 19:24 - 2014-03-02 19:24 - 00000000 ____D () C:\Program Files (x86)\GPU-Z
2014-03-02 19:22 - 2014-03-02 19:22 - 00373531 _____ () C:\Users\Steve\Downloads\2671_80.04.5C (1).zip
2014-03-02 19:22 - 2014-03-02 19:22 - 00373514 _____ () C:\Users\Steve\Downloads\3671_80.04.5C.zip
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Users\Steve\Downloads\3671_80.04.5C
2014-03-02 19:22 - 2014-03-02 19:22 - 00000000 ____D () C:\Users\Steve\Downloads\2671_80.04.5C
2014-03-02 19:21 - 2014-03-02 19:21 - 00373531 _____ () C:\Users\Steve\Downloads\2671_80.04.5C.zip
2014-03-02 19:18 - 2014-03-02 18:53 - 00820548 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-02 19:16 - 2014-03-02 18:52 - 00000000 ____D () C:\Program Files\DrWeb
2014-03-02 19:15 - 2014-03-02 19:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-02 19:13 - 2014-03-02 19:13 - 00835482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-02 19:13 - 2014-03-02 19:13 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-02 19:13 - 2014-03-02 19:13 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Intel Corporation
2014-03-02 19:12 - 2014-03-02 18:56 - 00002530 _____ () C:\Users\Steve\Desktop\Rkill.txt
2014-03-02 19:11 - 2014-03-02 19:11 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-03-02 19:11 - 2014-03-02 19:11 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-03-02 19:11 - 2014-03-02 19:07 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-03-02 19:11 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve
2014-03-02 19:11 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-03-02 19:11 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\FileManager
2014-03-02 19:11 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\Camera
2014-03-02 19:11 - 2013-08-22 08:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 19:11 - 2013-08-22 07:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-02 19:10 - 2014-03-02 19:10 - 986325150 _____ () C:\Windows\MEMORY.DMP
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\Windows\Minidump
2014-03-02 19:10 - 2014-03-02 19:10 - 00000000 ____D () C:\17d9b42aab3c8342d1d5b6239a70f3df
2014-03-02 19:10 - 2014-03-02 18:48 - 00055626 _____ () C:\Windows\PFRO.log
2014-03-02 19:08 - 2014-03-02 19:06 - 00000000 ____D () C:\Windows\GBD
2014-03-02 19:05 - 2014-03-02 19:05 - 00000735 _____ () C:\Users\Public\Desktop\SmartRecovery2.exe.lnk
2014-03-02 19:05 - 2014-03-02 19:05 - 00000000 __SHD () C:\DrWeb Quarantine
2014-03-02 19:05 - 2014-03-02 19:00 - 00000000 ____D () C:\Program Files\GIGABYTE
2014-03-02 19:05 - 2014-03-02 18:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-02 19:02 - 2014-03-02 19:00 - 00000156 _____ () C:\csb.log
2014-03-02 19:02 - 2014-03-02 19:00 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-03-02 19:02 - 2014-03-02 18:55 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2014-03-02 19:01 - 2014-03-02 19:01 - 00002028 _____ () C:\Users\Public\Desktop\ET6.lnk
2014-03-02 19:01 - 2014-03-02 19:01 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-03-02 19:01 - 2014-03-02 18:56 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-02 19:00 - 2014-03-02 19:00 - 00000000 ____D () C:\VIA_XHCI
2014-03-02 19:00 - 2014-03-02 19:00 - 00000000 ____D () C:\Users\Steve\Doctor Web
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-02 18:59 - 2014-03-02 18:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-02 18:59 - 2014-03-02 18:57 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-02 18:59 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\Help
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Windows\SysWOW64\Atheros_L1e
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
2014-03-02 18:58 - 2014-03-02 18:58 - 00000000 ____D () C:\Program Files (x86)\Marvell
2014-03-02 18:57 - 2014-03-02 18:57 - 00001226 _____ () C:\Users\Public\Desktop\HD VDeck.lnk
2014-03-02 18:57 - 2014-03-02 18:57 - 00000000 ____D () C:\Program Files (x86)\VIA
2014-03-02 18:57 - 2014-03-02 18:57 - 00000000 ____D () C:\NVIDIA
2014-03-02 18:57 - 2014-03-02 18:54 - 232660160 _____ (NVIDIA Corporation) C:\Users\Steve\Desktop\334.89-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-03-02 18:57 - 2013-08-22 08:46 - 00008989 _____ () C:\Windows\setupact.log
2014-03-02 18:56 - 2014-03-02 18:56 - 00000796 _____ () C:\Users\Steve\Desktop\Dr.Web Scanner.lnk
2014-03-02 18:56 - 2014-03-02 18:56 - 00000000 ____D () C:\Windows\System32\Tasks\Doctor Web
2014-03-02 18:56 - 2014-03-02 18:56 - 00000000 ____D () C:\Intel
2014-03-02 18:56 - 2014-03-02 18:53 - 00000000 ____D () C:\Program Files\Common Files\Doctor Web
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\InstallShield
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\ProgramData\InstallShield
2014-03-02 18:55 - 2014-03-02 18:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-02 18:55 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-02 18:54 - 2014-03-02 18:54 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{500665A6-9A92-49E9-9959-43D16B1ED429}
2014-03-02 18:54 - 2014-03-02 18:54 - 00000010 _____ () C:\Windows\GSetup.ini
2014-03-02 18:54 - 2014-03-02 18:54 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Macromedia
2014-03-02 18:53 - 2014-03-02 18:53 - 00375992 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dwprot.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00247968 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\DrWebLwf.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00238264 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\spiderg3.sys
2014-03-02 18:53 - 2014-03-02 18:53 - 00075424 _____ (Doctor Web, Ltd.) C:\Windows\system32\Drivers\dw_wfp.sys
2014-03-02 18:53 - 2014-03-02 18:52 - 00000000 ____D () C:\ProgramData\Doctor Web
2014-03-02 18:52 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\restore
2014-03-02 18:51 - 2014-03-02 18:51 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Malwarebytes
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 18:51 - 2014-03-02 18:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 18:50 - 2014-03-02 18:50 - 00001446 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-02 18:50 - 2014-03-02 18:50 - 00000020 ___SH () C:\Users\Steve\ntuser.ini
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Windows\CSC
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Adobe
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Local\VirtualStore
2014-03-02 18:50 - 2014-03-02 18:50 - 00000000 ____D () C:\Users\Steve\AppData\Local\Packages
2014-03-02 18:50 - 2014-03-02 18:46 - 00000000 ____D () C:\Windows\Panther
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-03-02 18:50 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\WinStore
2014-03-02 18:49 - 2013-08-22 09:37 - 00001720 _____ () C:\Windows\DtcInstall.log
2014-03-02 18:49 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-02 18:45 - 2013-08-22 09:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-02-08 12:34 - 2014-03-02 18:59 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-08 12:34 - 2014-03-02 18:59 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 18257576 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 15740232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 14669032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-08 12:34 - 2014-03-02 18:58 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 03090184 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 02713728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00947296 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-08 12:34 - 2014-03-02 18:58 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-08 11:42 - 2014-03-02 18:59 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-08 11:42 - 2014-03-02 18:59 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-08 11:42 - 2014-03-02 18:59 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-08 11:42 - 2014-03-02 18:59 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-08 11:42 - 2014-03-02 18:59 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-05 11:52 - 2014-03-02 18:59 - 03573739 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-04 21:09 - 2014-03-02 19:10 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\_isDE22.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-08-22 03:01] - [2013-08-22 06:39] - 2328880 ____A (Microsoft Corporation) 8479DC46E9A09015C0777A16BC22A15D
 
C:\Windows\SysWOW64\explorer.exe
[2013-08-21 20:06] - [2013-08-21 23:25] - 2063408 ____A (Microsoft Corporation) 2CA8E3C9335C3C8BAEB335345E48364D
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-02 18:48
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Steve at 2014-03-02 20:42:46
Running from E:\Tools
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Dr.Web Security Space (Enabled - Up to date) {A8C161B2-600A-42FD-97E0-4C12952A9FEC}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Dr.Web Security Space (Enabled - Up to date) {13A08056-4630-4D73-AD50-7760EEADD551}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Dr.Web Firewall (Enabled) {90FAE097-2A65-43A5-BCBF-E5276BF9D897}
 
==================== Installed Programs ======================
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.28 - GIGABYTE)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Dr.Web Security Space (HKLM\...\{5352DB49-883D-4b64-8443-DA7B80C33ED5}) (Version: 9.0.1.02060 - Doctor Web, Ltd.)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Smart Recovery 2 B12.1109.1  (x64) (HKLM-x32\...\{BC1FA5CF-A36F-4C61-9638-09D0B431B006}) (Version: 1.00.0001 - GIGABYTE)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
 
==================== Restore Points  =========================
 
03-03-2014 00:52:53 Dr.Web Security Space installation
 
==================== Hosts content: ==========================
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54D53181-AD97-401F-B604-F29DCED4B306} - System32\Tasks\Doctor Web\Dr.Web Daily scan => C:\Program Files\DrWeb\dwscanner.exe [2014-03-02] (Doctor Web, Ltd.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D905E1A-2853-480B-9836-151859DB209F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-02-04] (Microsoft Corporation)
Task: {95786A6F-FCBB-44A2-A5A2-7A61C0A4BDEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF01DDAB-31D6-4E71-A58D-D0C614DCDC02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-02] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-02 18:59 - 2014-02-08 11:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-13 16:04 - 2012-01-13 16:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-03-02 18:57 - 2012-08-09 04:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-03-02 18:57 - 2012-08-09 04:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-14 16:44 - 2012-11-14 16:44 - 02875463 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2012-11-14 12:42 - 2012-11-14 12:42 - 00651331 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2012-09-18 16:45 - 2012-09-18 16:45 - 01335362 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2012-11-09 18:51 - 2012-11-09 18:51 - 01429582 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 16:11 - 2003-02-14 16:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2010-06-10 17:52 - 2010-06-10 17:52 - 00110592 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2012-09-17 18:25 - 2012-09-17 18:25 - 00106496 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 17:22 - 2008-05-07 17:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 17:01 - 2012-05-08 17:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2011-10-18 11:26 - 2011-10-18 11:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2012-11-14 16:00 - 2012-11-14 16:00 - 01499204 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2011-09-14 19:12 - 2011-09-14 19:12 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-03-12 07:40 - 2010-03-12 07:40 - 04449632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2010-06-24 17:50 - 2010-06-24 17:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 21:00 - 2011-03-01 21:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2010-03-12 07:40 - 2010-03-12 07:40 - 00423256 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2012-11-20 19:38 - 2012-11-20 19:38 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2014-03-02 18:59 - 2014-03-02 18:59 - 00016384 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\383a156f397a297227152516920e8e8d\PSIClient.ni.dll
2014-03-02 20:08 - 2014-02-19 19:02 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebEngine => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WLMS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DrWebEngine => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WLMS => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/02/2014 08:41:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: kcslzpsi.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: kcslzpsi.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x4cc
Faulting application start time: 0xkcslzpsi.exe0
Faulting application path: kcslzpsi.exe1
Faulting module path: kcslzpsi.exe2
Report Id: kcslzpsi.exe3
Faulting package full name: kcslzpsi.exe4
Faulting package-relative application ID: kcslzpsi.exe5
 
Error: (03/02/2014 07:40:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
Exception code: 0xc0000005
Fault offset: 0x0003e182
Faulting process id: 0x6f4
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5
 
Error: (03/02/2014 07:40:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
Exception code: 0xc0000005
Fault offset: 0x0003e182
Faulting process id: 0x10ec
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5
 
Error: (03/02/2014 07:39:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.3.9600.16384, time stamp: 0x52159015
Exception code: 0xc0000005
Fault offset: 0x0003e182
Faulting process id: 0x1294
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3
Faulting package full name: aswMBR.exe4
Faulting package-relative application ID: aswMBR.exe5
 
Error: (03/02/2014 07:13:32 PM) (Source: Perflib) (User: )
Description: rdyboost4
 
Error: (03/02/2014 07:09:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16384, time stamp: 0x52157231
Faulting module name: Dldrv.ocx, version: 1.4.206.11, time stamp: 0x413529b7
Exception code: 0xc0000005
Fault offset: 0x0001bd49
Faulting process id: 0x12c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (03/02/2014 07:01:15 PM) (Source: DrWebFWSvc) (User: )
Description: Runtime error occured, details are provided below:
Condition: Service start failed
Error: 2 (0x2)
Additional information: Can't open \\.\DRWEBAF device.
 
Error: (03/02/2014 07:01:15 PM) (Source: DrWebFWSvc) (User: )
Description: Runtime error occured, details are provided below:
Condition: Failed to initialize application identity cache
Error: 2 (0x2)
Additional information: Can't open kernel cache manager.
 
Error: (03/02/2014 06:52:53 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/02/2014 06:52:05 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0eebbb45-29d4-49cb-ba87-a23db0cce40a;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (03/02/2014 07:11:07 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT AUTHORITY)
Description: SAM failed to start the TCP/IP or SPX/IPX listening thread
 
Error: (03/02/2014 07:10:58 PM) (Source: BugCheck) (User: )
Description: 0x000000ef (0xffffe00001bdc500, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP
 
Error: (03/02/2014 07:10:58 PM) (Source: BugCheck) (User: )
Description: 
 
Error: (03/02/2014 07:10:57 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:50:18 PM on ‎3/‎2/‎2014 was unexpected.
 
Error: (03/02/2014 07:01:15 PM) (Source: Service Control Manager) (User: )
Description: The Dr.Web Firewall Service service terminated with the following error: 
%%2
 
Error: (03/02/2014 06:52:14 PM) (Source: Service Control Manager) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/02/2014 06:49:09 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service terminated with the following error: 
%%21
 
Error: (03/02/2014 06:49:06 PM) (Source: Service Control Manager) (User: )
Description: The IP Helper service terminated with the following error: 
%%1058
 
Error: (03/02/2014 06:48:54 PM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (03/02/2014 08:41:48 PM) (Source: Application Error)(User: )
Description: kcslzpsi.exe2.1.19357.052e7ea83kcslzpsi.exe2.1.19357.052e7ea83c0000005000011aa4cc01cf368a1dc2ab50E:\Tools\kcslzpsi.exeE:\Tools\kcslzpsi.exe5d43f0f1-a27d-11e3-824e-74d43517ad36
 
Error: (03/02/2014 07:40:36 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.3.9600.1638452159015c00000050003e1826f401cf36818fc8309aE:\Tools\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dlld0a4ab7b-a274-11e3-824e-74d43517ad36
 
Error: (03/02/2014 07:40:08 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.3.9600.1638452159015c00000050003e18210ec01cf36817f2279afE:\Tools\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dllbfdd2af4-a274-11e3-824e-74d43517ad36
 
Error: (03/02/2014 07:39:16 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.3.9600.1638452159015c00000050003e182129401cf36815a734ac3E:\Tools\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dlla0df7c0c-a274-11e3-824e-74d43517ad36
 
Error: (03/02/2014 07:13:32 PM) (Source: Perflib)(User: )
Description: rdyboost4
 
Error: (03/02/2014 07:09:40 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.1638452157231Dldrv.ocx1.4.206.11413529b7c00000050001bd4912c01cf367cca9cd36aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\Dldrv.ocx7e5616ba-a270-11e3-824c-74d43517ad36
 
Error: (03/02/2014 07:01:15 PM) (Source: DrWebFWSvc)(User: )
Description: Service start failed20x2Can't open \\.\DRWEBAF device.
 
Error: (03/02/2014 07:01:15 PM) (Source: DrWebFWSvc)(User: )
Description: Failed to initialize application identity cache20x2Can't open kernel cache manager.
 
Error: (03/02/2014 06:52:53 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (03/02/2014 06:52:05 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0eebbb45-29d4-49cb-ba87-a23db0cce40a;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 8152.04 MB
Available physical RAM: 5889.06 MB
Total Pagefile: 16344.04 MB
Available Pagefile: 13297.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.56 GB) (Free:23.21 GB) NTFS
Drive e: (XBOOT) (Removable) (Total:29.84 GB) (Free:20.57 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: 08E14C90)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 0D090D09)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Thanks!


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 03 March 2014 - 11:46 AM

Im not seeing anything in the logs that would indicate a current infection.

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 03 March 2014 - 06:31 PM

Will get on this as soon as I get home. This is probably my 10th install of Windows. Have bought two new motherboards and a new drive. What will happen is suddenly windows defender will stop and not allow me to turn it in and around 14 alternative data streams kick in. A stream analyzer labeled them as Bifrose. As well, folders are shifted and the real location hidden. I know this sounds paranoid, and I'm hoping as the system starts to turn bad that these logs will show it. One example is these forums have huge ads at the bottom and an overlay that says Dell. I will try and screen shot it when I post these next logs. I appreciate your help.

#6 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 03 March 2014 - 07:54 PM

Adwcleaner Log:

# AdwCleaner v3.020 - Report created 03/03/2014 at 16:51:23
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8.1 Enterprise Evaluation  (64 bits)
# Username : Steve - HOME-PC
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\S
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [734 octets] - [03/03/2014 16:51:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [793 octets] ##########
 
RogueKiller Log: 
 
RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Scan -- Date : 03/03/2014 16:51:01
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Patriot Pyro +++++
--- User ---
[MBR] 1f570532368bacd8c6cb63ca3fce2caa
[BSP] 1f92d97ec215cd46d32d4dadccf4b39a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 56889 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03032014_165101.txt >>
 
 
 
 


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 03 March 2014 - 08:54 PM

Please delete your copy of TDSSKiller and download the latest version from here and save it to your Desktop.
 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    image001h.png
  • Click the Start Scan button.

    19695967.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]


Edited by fireman4it, 03 March 2014 - 08:55 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 04 March 2014 - 01:03 AM

Well, I believe the bad stuff is starting to happen. When I click on that link, I do download the file for TDSS Killer. When I run it, it asks to load update. Doing so launches a web window that downloads a tdskiller.zip, and although it says it is saving it to my desktop, it isn't there. As well, clicking on the zip in Chrome Downloads says I do not have administrative rights to access the file. I did run it without updating and it found one hidden service: http://imgur.com/Jvzjh3r

 

The log is here:

 

21:36:16.0903 4332  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:36:16.0903 4332  UEFI system
21:36:18.0904 4332  ============================================================
21:36:18.0904 4332  Current date / time: 2014/03/03 21:36:18.0904
21:36:18.0904 4332  SystemInfo:
21:36:18.0904 4332  
21:36:18.0904 4332  OS Version: 6.2.9200 ServicePack: 0.0
21:36:18.0904 4332  Product type: Workstation
21:36:18.0904 4332  ComputerName: HOME
21:36:18.0904 4332  UserName: Steve
21:36:18.0904 4332  Windows directory: C:\Windows
21:36:18.0904 4332  System windows directory: C:\Windows
21:36:18.0904 4332  Running under WOW64
21:36:18.0904 4332  Processor architecture: Intel x64
21:36:18.0904 4332  Number of processors: 4
21:36:18.0904 4332  Page size: 0x1000
21:36:18.0904 4332  Boot type: Normal boot
21:36:18.0904 4332  ============================================================
21:36:19.0140 4332  Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:19.0141 4332  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:19.0143 4332  ============================================================
21:36:19.0143 4332  \Device\Harddisk0\DR0:
21:36:19.0143 4332  GPT partitions:
21:36:19.0143 4332  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5542F617-905D-4DF2-8C39-7EC5E3FC8BEB}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
21:36:19.0143 4332  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {082DD9FC-21E6-4720-A3EE-23C0F96EAB19}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
21:36:19.0143 4332  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5A10C83D-4122-41B8-8CE0-375E686E93F3}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
21:36:19.0143 4332  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6CD702C9-41EA-4A2D-97BC-18B8B5C14933}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0x1BE1B800
21:36:19.0143 4332  MBR partitions:
21:36:19.0143 4332  \Device\Harddisk1\DR1:
21:36:19.0143 4332  Invalid mbr signature
21:36:19.0143 4332  ============================================================
21:36:19.0144 4332  C: <-> \Device\Harddisk0\DR0\Partition4
21:36:19.0144 4332  ============================================================
21:36:19.0144 4332  Initialize success
21:36:19.0144 4332  ============================================================
21:36:46.0008 2512  ============================================================
21:36:46.0008 2512  Scan started
21:36:46.0008 2512  Mode: Manual; SigCheck; TDLFS; 
21:36:46.0008 2512  ============================================================
21:36:46.0164 2512  ================ Scan system memory ========================
21:36:46.0164 2512  System memory - ok
21:36:46.0164 2512  ================ Scan services =============================
21:36:46.0195 2512  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
21:36:46.0222 2512  1394ohci - ok
21:36:46.0224 2512  Suspicious service (Hidden): 1636673
21:36:46.0226 2512  1636673 ( HiddenService.Multi.Generic ) - warning
21:36:46.0226 2512  1636673 - detected HiddenService.Multi.Generic (1)
21:36:46.0229 2512  [ AD508A1A46EC21B740AB31C28EFDFDB1 ] 3ware           C:\Windows\system32\drivers\3ware.sys
21:36:46.0236 2512  3ware - ok
21:36:46.0243 2512  [ E19D921EBBD1A2CA4C48D7B5F1685B30 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:36:46.0256 2512  ACPI - ok
21:36:46.0259 2512  [ AC8279D229398BCF05C3154ADCA86813 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
21:36:46.0271 2512  acpiex - ok
21:36:46.0274 2512  [ A8970D9BF23CD309E0403978A1B58F3F ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
21:36:46.0282 2512  acpipagr - ok
21:36:46.0285 2512  [ 111A89C99C5B4F1A7BCE5F643DD86F65 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
21:36:46.0295 2512  AcpiPmi - ok
21:36:46.0298 2512  [ 5758387D68A20AE7D3245011B07E36E7 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
21:36:46.0305 2512  acpitime - ok
21:36:46.0312 2512  [ 7C1FDF1B48298CBA7CE4BDD4978951AD ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
21:36:46.0328 2512  ADP80XX - ok
21:36:46.0332 2512  [ B19CA8E441D35AA2B1EE51C10B27DA1B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:36:46.0344 2512  AeLookupSvc - ok
21:36:46.0350 2512  [ 239268BAB58EAE9A3FF4E08334C00451 ] AFD             C:\Windows\system32\drivers\afd.sys
21:36:46.0361 2512  AFD - ok
21:36:46.0363 2512  [ 7DFAEBA9AD62D20102B576D5CAC45EC8 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:36:46.0370 2512  agp440 - ok
21:36:46.0372 2512  [ 8E8E34B7BA059050EED827410D0697A2 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
21:36:46.0381 2512  ahcache - ok
21:36:46.0384 2512  [ A91D8E1E433EFB32551BCE69037E1CE7 ] ALG             C:\Windows\System32\alg.exe
21:36:46.0392 2512  ALG - ok
21:36:46.0395 2512  [ 7589DE749DB6F71A68489DCE04158729 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
21:36:46.0402 2512  AmdK8 - ok
21:36:46.0405 2512  [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
21:36:46.0412 2512  AmdPPM - ok
21:36:46.0414 2512  [ D2BF2F94A47D332814910FD47C6BBCD2 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:36:46.0421 2512  amdsata - ok
21:36:46.0425 2512  [ A8E04943C7BBA7219AA50400272C3C6E ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:36:46.0434 2512  amdsbs - ok
21:36:46.0436 2512  [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:36:46.0442 2512  amdxata - ok
21:36:46.0445 2512  [ 04951A9A937CBE28A2D3FEEA360B6D1F ] AppID           C:\Windows\system32\drivers\appid.sys
21:36:46.0452 2512  AppID - ok
21:36:46.0455 2512  [ C0DC3F58214A227980AEB091CFD2F973 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:36:46.0462 2512  AppIDSvc - ok
21:36:46.0464 2512  [ 7E790DE2487CEDB349D1750B9E47F090 ] Appinfo         C:\Windows\System32\appinfo.dll
21:36:46.0474 2512  Appinfo - ok
21:36:46.0477 2512  [ 8176FBA685178FB0F52D46693474FA50 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:36:46.0485 2512  AppMgmt - ok
21:36:46.0491 2512  [ EF0EE63BE56D2CAC3FA07850770326F1 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
21:36:46.0501 2512  AppReadiness - ok
21:36:46.0513 2512  [ 0B726D9ED75C787D6FFAF1E3873BCC70 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
21:36:46.0530 2512  AppXSvc - ok
21:36:46.0533 2512  [ 65045784366F7EC5FB4E71BCF923187B ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:36:46.0540 2512  arcsas - ok
21:36:46.0542 2512  [ 3DB7721F06BC2FEDB25029EA23AB27DA ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:46.0550 2512  AsyncMac - ok
21:36:46.0552 2512  [ 74B14192CF79A72F7536B27CB8814FBD ] atapi           C:\Windows\system32\drivers\atapi.sys
21:36:46.0558 2512  atapi - ok
21:36:46.0562 2512  [ 4903CBC14742B5AB4DCF7A92F7DEC483 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:36:46.0570 2512  AudioEndpointBuilder - ok
21:36:46.0578 2512  [ EF276593AD1BDF5A99032F62D6272848 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:36:46.0591 2512  Audiosrv - ok
21:36:46.0594 2512  [ 96E8CAF20FC4B6C31CAD7816A801EB78 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:36:46.0601 2512  AxInstSV - ok
21:36:46.0606 2512  [ A4A73F631FE2AA2826FBE4A399B04DEF ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:36:46.0619 2512  b06bdrv - ok
21:36:46.0624 2512  [ 8CC7F7E4AFCBA605921B137ED7992C68 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
21:36:46.0630 2512  BasicDisplay - ok
21:36:46.0632 2512  [ 2748E116F8621A4DB0D39FCDD7318C01 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
21:36:46.0639 2512  BasicRender - ok
21:36:46.0642 2512  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
21:36:46.0652 2512  bcmfn2 - ok
21:36:46.0656 2512  [ BBE61A40665B83488901E41082A6097D ] BDESVC          C:\Windows\System32\bdesvc.dll
21:36:46.0666 2512  BDESVC - ok
21:36:46.0668 2512  [ EC19013E4CF87609534165DF897274D6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:36:46.0675 2512  Beep - ok
21:36:46.0682 2512  [ 6468B696C65775D51A06615830E0E79D ] BFE             C:\Windows\System32\bfe.dll
21:36:46.0695 2512  BFE - ok
21:36:46.0704 2512  [ 15225081966C785A9192782401643FD4 ] BITS            C:\Windows\System32\qmgr.dll
21:36:46.0721 2512  BITS - ok
21:36:46.0724 2512  [ 6B4FFFDDC618FCF64473CAA86E305697 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:36:46.0731 2512  bowser - ok
21:36:46.0736 2512  [ A6207A88B596F726DE558425F3B7E592 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:36:46.0744 2512  BrokerInfrastructure - ok
21:36:46.0747 2512  [ D528D6A92D187777691993DD757AF19A ] Browser         C:\Windows\System32\browser.dll
21:36:46.0755 2512  Browser - ok
21:36:46.0757 2512  [ A8F23D453A424FF4DE04989C4727ECC7 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
21:36:46.0764 2512  BthAvrcpTg - ok
21:36:46.0767 2512  [ 746B9F94214915AECDE4B7FEA5FF9664 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
21:36:46.0774 2512  BthHFEnum - ok
21:36:46.0777 2512  [ 71FE2A48E4C93DDB9798C024880B6C07 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
21:36:46.0783 2512  bthhfhid - ok
21:36:46.0786 2512  [ 07E33226AD218A2A162662A05CAFB52F ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
21:36:46.0794 2512  BTHMODEM - ok
21:36:46.0797 2512  [ E5E48FEED73D463175EAB1542495191C ] bthserv         C:\Windows\system32\bthserv.dll
21:36:46.0806 2512  bthserv - ok
21:36:46.0808 2512  [ 2FA6510E33F7DEFEC03658B74101A9B9 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:36:46.0816 2512  cdfs - ok
21:36:46.0819 2512  [ C6796EA22B513E3457514D92DCDB1A3D ] cdrom           C:\Windows\System32\drivers\cdrom.sys
21:36:46.0827 2512  cdrom - ok
21:36:46.0831 2512  [ AB285CE3431FF3D2ACE669245874C1C7 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:36:46.0840 2512  CertPropSvc - ok
21:36:46.0843 2512  [ BE9936EDD3267FAAFF94A7835867F00B ] circlass        C:\Windows\System32\drivers\circlass.sys
21:36:46.0850 2512  circlass - ok
21:36:46.0855 2512  [ 7F006813C2AFE622C13D7AF94F56CD07 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
21:36:46.0865 2512  CLFS - ok
21:36:46.0872 2512  [ EF6EF85DADC3184A10D8F2F7159973CB ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
21:36:46.0878 2512  CmBatt - ok
21:36:46.0884 2512  [ 825BE21E6395E00698D8A23955A87972 ] CNG             C:\Windows\system32\Drivers\cng.sys
21:36:46.0897 2512  CNG - ok
21:36:46.0900 2512  [ 03AAED827C36F35D70900558B8274905 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
21:36:46.0908 2512  CompositeBus - ok
21:36:46.0910 2512  COMSysApp - ok
21:36:46.0913 2512  [ A1FF7DFBFBE164CF92603C651D304DD2 ] condrv          C:\Windows\system32\drivers\condrv.sys
21:36:46.0920 2512  condrv - ok
21:36:46.0924 2512  [ 0EFE4B5884A8032617826A4D76F80969 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:36:46.0932 2512  CryptSvc - ok
21:36:46.0938 2512  [ EE2F3C0D6ADBC975D6B621EC15ACF4E2 ] CSC             C:\Windows\system32\drivers\csc.sys
21:36:46.0949 2512  CSC - ok
21:36:46.0956 2512  [ 936D9E2871CEEFF6A33695D98374367B ] CscService      C:\Windows\System32\cscsvc.dll
21:36:46.0968 2512  CscService - ok
21:36:46.0971 2512  [ 315BA4BC19316D72B2E037534E048B93 ] dam             C:\Windows\system32\drivers\dam.sys
21:36:46.0977 2512  dam - ok
21:36:46.0985 2512  [ 3FD5AE42EC87C6F532A931F96BE731DD ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:36:46.0998 2512  DcomLaunch - ok
21:36:47.0003 2512  [ F4CCAADC2C78F57E4F16B24C9201CE22 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:36:47.0016 2512  defragsvc - ok
21:36:47.0021 2512  [ 0BC71D4D3B5883903C37BF4E13B0F0C5 ] DeviceAssociationService C:\Windows\system32\das.dll
21:36:47.0031 2512  DeviceAssociationService - ok
21:36:47.0034 2512  [ 752A457320A946E03C3AA86C3ACD735E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
21:36:47.0045 2512  DeviceInstall - ok
21:36:47.0048 2512  [ 5DB26D7E0216D0BF364A81D3829AD7B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
21:36:47.0056 2512  Dfsc - ok
21:36:47.0060 2512  [ 8B107F55FD61654A6C9F1B819AEC5FC4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:36:47.0069 2512  Dhcp - ok
21:36:47.0072 2512  [ 4D40C9B33F738797CF50E77CB7C53E85 ] disk            C:\Windows\system32\drivers\disk.sys
21:36:47.0079 2512  disk - ok
21:36:47.0082 2512  [ EB70A894708D1BC176AFD690FF06085F ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
21:36:47.0088 2512  dmvsc - ok
21:36:47.0092 2512  [ FBD2D7F491F3EBC5C54C5C4DB2564953 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:36:47.0101 2512  Dnscache - ok
21:36:47.0105 2512  [ 50288EA079BB520C2B8C8A154202D518 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:36:47.0115 2512  dot3svc - ok
21:36:47.0118 2512  [ 281BEE07BA97E3E98D12A822D923D0D8 ] DPS             C:\Windows\system32\dps.dll
21:36:47.0129 2512  DPS - ok
21:36:47.0131 2512  [ DDC11A202207C0400CBE07315B8FDE5E ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:36:47.0137 2512  drmkaud - ok
21:36:47.0193 2512  [ C71868013CDD08EA503E560C4FCC6D4E ] DrWebAVService  C:\Program Files\DrWeb\dwservice.exe
21:36:47.0270 2512  DrWebAVService - ok
21:36:47.0305 2512  [ 3093F7A2509892170B99C261ACA331D2 ] DrWebEngine     C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
21:36:47.0334 2512  DrWebEngine - ok
21:36:47.0351 2512  [ 83C840C35478B8D6CFFEC2C73B8AA38C ] DrWebFwSvc      C:\Program Files\DrWeb\frwl_svc.exe
21:36:47.0372 2512  DrWebFwSvc - ok
21:36:47.0376 2512  [ 0E73E71A0E03E77DB0CB18508E67D29B ] DrWebLwf        C:\Windows\system32\drivers\DrWebLwf.sys
21:36:47.0382 2512  DrWebLwf - ok
21:36:47.0422 2512  [ 2877340E36B286DFB2F10CB8DD9C4D0E ] DrWebNetFilter  C:\Program Files\DrWeb\dwnetfilter.exe
21:36:47.0480 2512  DrWebNetFilter - ok
21:36:47.0484 2512  [ E13A0A2DD9971AC18E0252087FBFC69D ] DrWebWfp        C:\Windows\system32\drivers\dw_wfp.sys
21:36:47.0489 2512  DrWebWfp - ok
21:36:47.0492 2512  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
21:36:47.0504 2512  DsmSvc - ok
21:36:47.0508 2512  [ 5028040188FF334D64DD854365B9C900 ] DwProt          C:\Windows\system32\drivers\dwprot.sys
21:36:47.0515 2512  DwProt - ok
21:36:47.0527 2512  [ A3D1CB64DF885ACE126543E6D7067348 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:36:47.0554 2512  DXGKrnl - ok
21:36:47.0557 2512  [ 6073537F250B45E1CB2A02E97F0FE1B2 ] Eaphost         C:\Windows\System32\eapsvc.dll
21:36:47.0565 2512  Eaphost - ok
21:36:47.0589 2512  [ 114BCFDF367FF37C3F1B0A96AF542E4D ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:36:47.0638 2512  ebdrv - ok
21:36:47.0641 2512  [ F6F209DDB94959BA104FC8FC87C53759 ] EFS             C:\Windows\System32\lsass.exe
21:36:47.0648 2512  EFS - ok
21:36:47.0657 2512  [ 43531A5993380CC5113242C29D265FD9 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
21:36:47.0663 2512  EhStorClass - ok
21:36:47.0666 2512  [ 6F8E738A9505A388B1157FDDE7B3101B ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:36:47.0674 2512  EhStorTcgDrv - ok
21:36:47.0676 2512  [ DFFFAE1442BA4076E18EED5E406FA0D3 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
21:36:47.0682 2512  ErrDev - ok
21:36:47.0686 2512  [ 23DE163660895D178A2A6FCF785FF040 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys
21:36:47.0690 2512  ESProtectionDriver - ok
21:36:47.0696 2512  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3 ] EventSystem     C:\Windows\system32\es.dll
21:36:47.0707 2512  EventSystem - ok
21:36:47.0710 2512  [ 7729D294A555C7AEB281ED8E4D0E01E4 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:36:47.0721 2512  exfat - ok
21:36:47.0724 2512  [ 7C4E0D5900B2A1D11EDD626D6DDB937B ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:36:47.0733 2512  fastfat - ok
21:36:47.0739 2512  [ 2BC8532ABF2B3756B78FA1DA54147DDE ] Fax             C:\Windows\system32\fxssvc.exe
21:36:47.0751 2512  Fax - ok
21:36:47.0753 2512  [ 5D8402613E778B3BD45E687A8372710B ] fdc             C:\Windows\System32\drivers\fdc.sys
21:36:47.0760 2512  fdc - ok
21:36:47.0762 2512  [ DC1A78BCCCB7EE53D6FD3BD615A8E222 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:36:47.0772 2512  fdPHost - ok
21:36:47.0775 2512  [ E5AD448F2DC84B1CF387FA7F2A3D1936 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:36:47.0785 2512  FDResPub - ok
21:36:47.0788 2512  [ 0046E0BD031213D37123876B0D0FA61C ] fhsvc           C:\Windows\system32\fhsvc.dll
21:36:47.0799 2512  fhsvc - ok
21:36:47.0802 2512  [ 957A7A8F5ACCAF23DD9DFF6DAA393CE5 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:36:47.0808 2512  FileInfo - ok
21:36:47.0811 2512  [ A1A66C4FDAFD6B0289523232AFB7D8AF ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:36:47.0820 2512  Filetrace - ok
21:36:47.0823 2512  [ BE743083CF7063C486A4398E3AEFE59A ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
21:36:47.0830 2512  flpydisk - ok
21:36:47.0834 2512  [ 60D5067FCE6D9433D35E04C01D8538B3 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:36:47.0844 2512  FltMgr - ok
21:36:47.0855 2512  [ 183CA7699474FDE235853967D1DA4D9B ] FontCache       C:\Windows\system32\FntCache.dll
21:36:47.0876 2512  FontCache - ok
21:36:47.0879 2512  [ 1C52387BF5A127F5F3BFB31288F30D93 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:47.0885 2512  FontCache3.0.0.0 - ok
21:36:47.0888 2512  [ 35005534E600E993A90B036E4E599F2B ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:36:47.0894 2512  FsDepends - ok
21:36:47.0896 2512  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:36:47.0902 2512  Fs_Rec - ok
21:36:47.0908 2512  [ 83E1F0983B02A6F8EC764D18E24ECF10 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:36:47.0921 2512  fvevol - ok
21:36:47.0923 2512  [ 9591D0B9351ED489EAFD9D1CE52A8015 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
21:36:47.0930 2512  FxPPM - ok
21:36:47.0932 2512  [ FC3EF65EE20D39F8749C2218DBA681CA ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:36:47.0939 2512  gagp30kx - ok
21:36:47.0941 2512  [ 0BF5CAD281E25F1418E5B8875DC5ADD1 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
21:36:47.0947 2512  gencounter - ok
21:36:47.0950 2512  [ FDA72810CA2F8409D9B31E833C448E34 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
21:36:47.0958 2512  GPIOClx0101 - ok
21:36:47.0968 2512  [ 0BDE0FCF597E9B65600121EF54FF8340 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:36:47.0987 2512  gpsvc - ok
21:36:47.0990 2512  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:47.0996 2512  gupdate - ok
21:36:47.0998 2512  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:48.0003 2512  gupdatem - ok
21:36:48.0007 2512  [ 56F69F7C25FB67C970997D7066DBC593 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:48.0017 2512  HdAudAddService - ok
21:36:48.0020 2512  [ 03909BDBFF0DCACCABF2B2D4ADEE44DC ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
21:36:48.0027 2512  HDAudBus - ok
21:36:48.0029 2512  [ 10A70BC1871CD955D85CD88372724906 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
21:36:48.0035 2512  HidBatt - ok
21:36:48.0038 2512  [ 1EA1B4FABB8CC348E73CA90DBA22E104 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
21:36:48.0045 2512  HidBth - ok
21:36:48.0048 2512  [ C241A8BAFBBFC90176EA0F5240EACC17 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
21:36:48.0055 2512  hidi2c - ok
21:36:48.0057 2512  [ 9BDDEE26255421017E161CCB9D5EDA95 ] HidIr           C:\Windows\System32\drivers\hidir.sys
21:36:48.0064 2512  HidIr - ok
21:36:48.0066 2512  [ 449A20A674AA3FAA7F0DD4E33EE2DC20 ] hidserv         C:\Windows\system32\hidserv.dll
21:36:48.0073 2512  hidserv - ok
21:36:48.0076 2512  [ F31397220D9687E11EB448649AA6E038 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
21:36:48.0083 2512  HidUsb - ok
21:36:48.0085 2512  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:36:48.0094 2512  hkmsvc - ok
21:36:48.0098 2512  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:48.0107 2512  HomeGroupListener - ok
21:36:48.0111 2512  [ BE5F89BAFBD4272D5A0C0A37B97865ED ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:48.0121 2512  HomeGroupProvider - ok
21:36:48.0124 2512  [ A6AACEA4C785789BDA5912AD1FEDA80D ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:36:48.0130 2512  HpSAMD - ok
21:36:48.0138 2512  [ 3502776E366C913D49C0DA928AE3E6CB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:36:48.0157 2512  HTTP - ok
21:36:48.0159 2512  [ 90656C0B3864804B090434EFC582404F ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:36:48.0165 2512  hwpolicy - ok
21:36:48.0167 2512  [ 6D6F9E3BF0484967E52F7E846BFF1CA1 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
21:36:48.0173 2512  hyperkbd - ok
21:36:48.0175 2512  [ 907C870F8C31F8DDD6F090857B46AB25 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
21:36:48.0182 2512  HyperVideo - ok
21:36:48.0185 2512  [ 84CFC5EFA97D0C965EDE1D56F116A541 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
21:36:48.0192 2512  i8042prt - ok
21:36:48.0195 2512  [ 5D90E32E36CE5D4C535D17CE08AEAF05 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
21:36:48.0199 2512  iaLPSSi_GPIO - ok
21:36:48.0202 2512  [ DD05E7E80F52ADE9AEB292819920F32C ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
21:36:48.0207 2512  iaLPSSi_I2C - ok
21:36:48.0213 2512  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
21:36:48.0226 2512  iaStorAV - ok
21:36:48.0230 2512  [ A2200C3033FA4EF249FC096A7A7D02A2 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:36:48.0241 2512  iaStorV - ok
21:36:48.0243 2512  IEEtwCollectorService - ok
21:36:48.0252 2512  [ B82255670D270B75D2D2F0F8747D1443 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:36:48.0268 2512  IKEEXT - ok
21:36:48.0273 2512  [ 4E448FCFFD00E8D657CD9E48D3E47157 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:36:48.0279 2512  intelide - ok
21:36:48.0281 2512  [ 139CFCDCD36B1B1782FD8C0014AC9B0E ] intelpep        C:\Windows\system32\drivers\intelpep.sys
21:36:48.0287 2512  intelpep - ok
21:36:48.0290 2512  [ 47E74A8E53C7C24DCE38311E1451C1D9 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
21:36:48.0297 2512  intelppm - ok
21:36:48.0299 2512  [ 9DB76D7F9E4E53EFE5DD8C53DE837514 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:48.0308 2512  IpFilterDriver - ok
21:36:48.0315 2512  [ 201EDF3C5E674BF1FE44D28CC6A76EA2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:36:48.0331 2512  iphlpsvc - ok
21:36:48.0333 2512  [ 9949A3C7590B8C536C05312205079A82 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
21:36:48.0340 2512  IPMIDRV - ok
21:36:48.0343 2512  [ B7342B3C58E91107F6E946A93D9D4EFD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:36:48.0351 2512  IPNAT - ok
21:36:48.0354 2512  [ AE44C526AB5F8A487D941CEB57B10C97 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:36:48.0363 2512  IRENUM - ok
21:36:48.0365 2512  [ 8AFEEA3955AA43616A60F133B1D25F21 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:36:48.0371 2512  isapnp - ok
21:36:48.0375 2512  [ 034D4BD9DC67C64F3A4C8A049B5173BF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
21:36:48.0384 2512  iScsiPrt - ok
21:36:48.0387 2512  [ 8BE92376799B6B44D543E8D07CDCF885 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
21:36:48.0394 2512  kbdclass - ok
21:36:48.0405 2512  [ FB6E47E569D4872ABEB506BE03A45FBA ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
21:36:48.0411 2512  kbdhid - ok
21:36:48.0414 2512  [ DB7A09BC90DF20F44F16F8B0F9ED3491 ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
21:36:48.0420 2512  kbldfltr - ok
21:36:48.0422 2512  [ 813871C7D402A05F2E3A7075F9584A05 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
21:36:48.0428 2512  kdnic - ok
21:36:48.0430 2512  [ F6F209DDB94959BA104FC8FC87C53759 ] KeyIso          C:\Windows\system32\lsass.exe
21:36:48.0437 2512  KeyIso - ok
21:36:48.0439 2512  [ ADDECBCC777665BD113BED437E602AB0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:36:48.0446 2512  KSecDD - ok
21:36:48.0449 2512  [ 7296EA420134EAC390798B3232D066A4 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:36:48.0457 2512  KSecPkg - ok
21:36:48.0459 2512  [ 11AFB527AA370B1DAFD5C36F35F6D45F ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:36:48.0466 2512  ksthunk - ok
21:36:48.0470 2512  [ 32B1A8351160F307A8C66BCB0F94A9C2 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:36:48.0481 2512  KtmRm - ok
21:36:48.0484 2512  [ 50AECF8C21AB2A6428A6E1E10549D8E5 ] L1C             C:\Windows\system32\DRIVERS\L1C63x64.sys
21:36:48.0489 2512  L1C - ok
21:36:48.0494 2512  [ 27B58E16CF895AC1F1A97C04814C2239 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:36:48.0503 2512  LanmanServer - ok
21:36:48.0508 2512  [ D0D9C2ECA4D03A8F06DCD91236B90C98 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:48.0518 2512  LanmanWorkstation - ok
21:36:48.0523 2512  [ EE289BD147FDFF95EF1B9BD65D3B974A ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
21:36:48.0534 2512  lfsvc - ok
21:36:48.0536 2512  [ C09010B3680860131631F53E8FE7BAD8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:36:48.0544 2512  lltdio - ok
21:36:48.0548 2512  [ 00E070FC0C673311AFD4B068D1242780 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:36:48.0559 2512  lltdsvc - ok
21:36:48.0561 2512  [ D113FAD71A5E67AA94B32A0F8828D265 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:36:48.0568 2512  lmhosts - ok
21:36:48.0571 2512  [ C755AE4635457AA2A11F79C0DF857ABC ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:36:48.0579 2512  LSI_SAS - ok
21:36:48.0581 2512  [ ADAC09CBE7A2040B7F68B5E5C9A75141 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:36:48.0588 2512  LSI_SAS2 - ok
21:36:48.0590 2512  [ 04D1274BB9BBCCF12BD12374002AA191 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
21:36:48.0597 2512  LSI_SAS3 - ok
21:36:48.0600 2512  [ 327469EEF3833D0C584B7E88A76AEC0C ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
21:36:48.0606 2512  LSI_SSS - ok
21:36:48.0613 2512  [ B6B69FF200F68888A7FAFDF204D00C91 ] LSM             C:\Windows\System32\lsm.dll
21:36:48.0625 2512  LSM - ok
21:36:48.0628 2512  [ 5EF604B0698F4FA962778285E8C5F1F2 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:36:48.0639 2512  luafv - ok
21:36:48.0641 2512  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:36:48.0646 2512  MBAMProtector - ok
21:36:48.0651 2512  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:36:48.0658 2512  MBAMScheduler - ok
21:36:48.0664 2512  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:48.0674 2512  MBAMService - ok
21:36:48.0677 2512  [ EB5C03A070F30D64A6DF80E53B22F53F ] megasas         C:\Windows\system32\drivers\megasas.sys
21:36:48.0683 2512  megasas - ok
21:36:48.0688 2512  [ F6F13533196DE7A582D422B0241E4363 ] megasr          C:\Windows\system32\drivers\megasr.sys
21:36:48.0702 2512  megasr - ok
21:36:48.0705 2512  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
21:36:48.0709 2512  MEIx64 - ok
21:36:48.0712 2512  [ FD788C2D96EA91469A3C1D13E80D7473 ] MMCSS           C:\Windows\system32\mmcss.dll
21:36:48.0720 2512  MMCSS - ok
21:36:48.0722 2512  [ 8B38C44F69259987C95135C9627E2378 ] Modem           C:\Windows\system32\drivers\modem.sys
21:36:48.0730 2512  Modem - ok
21:36:48.0732 2512  [ 601589000CC90F0DF8DA2CC254A3CCC9 ] monitor         C:\Windows\System32\drivers\monitor.sys
21:36:48.0739 2512  monitor - ok
21:36:48.0742 2512  [ CEAC6D40FE887CE8406C2393CF97DE06 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
21:36:48.0748 2512  mouclass - ok
21:36:48.0751 2512  [ 02D98BF804084E9A0D69D1C69B02CCA9 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
21:36:48.0758 2512  mouhid - ok
21:36:48.0761 2512  [ 515549560D481138E6E21AF7C6998E56 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:36:48.0768 2512  mountmgr - ok
21:36:48.0771 2512  [ F170510BE94CF45E3C6274578F6204B2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:36:48.0780 2512  mpsdrv - ok
21:36:48.0789 2512  [ D186C5844393252147BE934F3871DB7A ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:36:48.0805 2512  MpsSvc - ok
21:36:48.0808 2512  [ 59DCEC7499095DE5AED741358037AE2D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:36:48.0818 2512  MRxDAV - ok
21:36:48.0823 2512  [ 79B6F3DF7CDFD12159871FF71464F0CE ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:48.0834 2512  mrxsmb - ok
21:36:48.0837 2512  [ 295771B092D4F7FCF2B62F80CCD14320 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:48.0846 2512  mrxsmb10 - ok
21:36:48.0849 2512  [ AAF56E4E84D35411B4E446C445732DFE ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:48.0857 2512  mrxsmb20 - ok
21:36:48.0860 2512  [ 4E888019078AC363076A5433E89AA4F8 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
21:36:48.0868 2512  MsBridge - ok
21:36:48.0872 2512  [ A082C17D14D0790E27D064EA4B138AE1 ] MSDTC           C:\Windows\System32\msdtc.exe
21:36:48.0879 2512  MSDTC - ok
21:36:48.0883 2512  [ D13329FBF8345B28AB30F44CC247DC08 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:36:48.0891 2512  Msfs - ok
21:36:48.0893 2512  [ C6B474E46F9E543B875981ED3FFE6ADD ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
21:36:48.0900 2512  msgpiowin32 - ok
21:36:48.0902 2512  [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:36:48.0909 2512  mshidkmdf - ok
21:36:48.0911 2512  [ 52299F086AC2DAFD100DD5DC4A8614BA ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
21:36:48.0917 2512  mshidumdf - ok
21:36:48.0920 2512  [ 36D92AF3343C3A3E57FEF11C449AEA4C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:36:48.0926 2512  msisadrv - ok
21:36:48.0929 2512  [ 810F8A0A0680662BB0CE44D0E2CEF90C ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:36:48.0936 2512  MSiSCSI - ok
21:36:48.0939 2512  msiserver - ok
21:36:48.0941 2512  [ D22AE5313F6B7EFDDD8C117B5501F4A3 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
21:36:48.0948 2512  MsKeyboardFilter - ok
21:36:48.0951 2512  [ A9BBBD2BAE6142253B9195E949AC2E8D ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:36:48.0957 2512  MSKSSRV - ok
21:36:48.0960 2512  [ 375E44168F2DFB91A68B8A3F619C5A7C ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
21:36:48.0968 2512  MsLldp - ok
21:36:48.0970 2512  [ 7B2128EB875DCBC006E6A913211006D6 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:48.0977 2512  MSPCLOCK - ok
21:36:48.0979 2512  [ 1E88171579B218115C7A772F8DE04BD8 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:36:48.0985 2512  MSPQM - ok
21:36:48.0989 2512  [ BBE2A455053E63BECBF42C2F9B21FAE0 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:36:49.0000 2512  MsRPC - ok
21:36:49.0003 2512  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
21:36:49.0009 2512  mssmbios - ok
21:36:49.0011 2512  [ 115019AE01E0EB9C048530D2928AB4A2 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:36:49.0018 2512  MSTEE - ok
21:36:49.0020 2512  [ 96D604A35070360F0DD4A7A8AF410B5E ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
21:36:49.0027 2512  MTConfig - ok
21:36:49.0029 2512  [ 619CA29326B82372621DB2C0964D8365 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:36:49.0036 2512  Mup - ok
21:36:49.0039 2512  [ B8C35C94DCB2DFEAF03BB42131F2F77F ] mvumis          C:\Windows\system32\drivers\mvumis.sys
21:36:49.0045 2512  mvumis - ok
21:36:49.0050 2512  [ 41A45D2A75494EABF2806EA051E00376 ] napagent        C:\Windows\system32\qagentRT.dll
21:36:49.0062 2512  napagent - ok
21:36:49.0067 2512  [ CF8B989D89D6807B887690F2CF24EFD9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:36:49.0077 2512  NativeWifiP - ok
21:36:49.0080 2512  [ 71E3C0100AA19D11373CCEB2F51A6008 ] NcaSvc          C:\Windows\System32\ncasvc.dll
21:36:49.0090 2512  NcaSvc - ok
21:36:49.0093 2512  [ 51DF09CAB2CAC64FEE3E371D9028ED01 ] NcbService      C:\Windows\System32\ncbservice.dll
21:36:49.0102 2512  NcbService - ok
21:36:49.0104 2512  [ 2586C4C167499210DCBF3ECFD8CCE210 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
21:36:49.0117 2512  NcdAutoSetup - ok
21:36:49.0129 2512  [ ED39D676080A1AEA755F1DEC1A8DF1A4 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:36:49.0150 2512  NDIS - ok
21:36:49.0152 2512  [ C6BB12BC35D1637CA17AE16D3A4725EB ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:49.0161 2512  NdisCap - ok
21:36:49.0163 2512  [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
21:36:49.0173 2512  NdisImPlatform - ok
21:36:49.0175 2512  [ 9423421E735BD5394351E0C47C76BB92 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:49.0185 2512  NdisTapi - ok
21:36:49.0187 2512  [ B832B35055BA2B7B4181861FF94D8E59 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:49.0194 2512  Ndisuio - ok
21:36:49.0196 2512  [ 1F58E48EF75F34C35D8E93A0DC535CFE ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
21:36:49.0205 2512  NdisVirtualBus - ok
21:36:49.0208 2512  [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:49.0217 2512  NdisWan - ok
21:36:49.0220 2512  [ DEC29080202D4F9F17F55E18BCFCC41A ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:49.0229 2512  NdisWanLegacy - ok
21:36:49.0231 2512  [ A5BD69A8812FA79D1A487691DD3FB244 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:36:49.0240 2512  NDProxy - ok
21:36:49.0243 2512  [ 5A072F0B90C29C5233D78BE33EF5ED78 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
21:36:49.0251 2512  Ndu - ok
21:36:49.0254 2512  [ A83D67D347A684F10B7D3019C8A6380C ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:36:49.0262 2512  NetBIOS - ok
21:36:49.0272 2512  [ 0217532E19A748F0E5D569307363D5FD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:36:49.0284 2512  NetBT - ok
21:36:49.0286 2512  [ F6F209DDB94959BA104FC8FC87C53759 ] Netlogon        C:\Windows\system32\lsass.exe
21:36:49.0293 2512  Netlogon - ok
21:36:49.0297 2512  [ B7AD851A21FEBA3BA214972627614207 ] Netman          C:\Windows\System32\netman.dll
21:36:49.0307 2512  Netman - ok
21:36:49.0312 2512  [ F0F0A372C2EF6358399C4936F91B6131 ] netprofm        C:\Windows\System32\netprofmsvc.dll
21:36:49.0325 2512  netprofm - ok
21:36:49.0331 2512  [ 1092B3190E69E0C5ECBCE90F171DE047 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:49.0339 2512  NetTcpPortSharing - ok
21:36:49.0342 2512  [ 70414DB660BFBB7BD58FCE8EA4364E1B ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
21:36:49.0349 2512  netvsc - ok
21:36:49.0354 2512  [ 3A280F3B3C7A46E29C404ACD46ECBF5E ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:36:49.0366 2512  NlaSvc - ok
21:36:49.0368 2512  [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:36:49.0376 2512  Npfs - ok
21:36:49.0378 2512  [ CBDB4F0871C88DF930FC0E8588CA67FC ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
21:36:49.0384 2512  npsvctrig - ok
21:36:49.0387 2512  [ 6E2271ED0C3E95B8E29F3752B91B9E84 ] nsi             C:\Windows\system32\nsisvc.dll
21:36:49.0395 2512  nsi - ok
21:36:49.0397 2512  [ E490B459978CB87779E84C761D22B827 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:36:49.0404 2512  nsiproxy - ok
21:36:49.0420 2512  [ 4412D565C0278C401575E11072C7DCE3 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:36:49.0453 2512  Ntfs - ok
21:36:49.0456 2512  [ EF1B290FC9F0E47CC0B537292BEE5904 ] Null            C:\Windows\system32\drivers\Null.sys
21:36:49.0462 2512  Null - ok
21:36:49.0550 2512  [ E71E299FF15390E585BACF2C18F55078 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:36:49.0682 2512  nvlddmkm - ok
21:36:49.0687 2512  [ BC6B5942AFF25EBAF62DE43C3807EDF8 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:36:49.0696 2512  nvraid - ok
21:36:49.0699 2512  [ 1F43ABFFAC3D6CA356851D517392966E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:36:49.0707 2512  nvstor - ok
21:36:49.0715 2512  [ 415695F5A54E91E869EEBFEA261361A6 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:36:49.0728 2512  nvsvc - ok
21:36:49.0748 2512  [ AA130938A27BB80A8B6438EF83232275 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:36:49.0765 2512  nvUpdatusService - ok
21:36:49.0768 2512  [ 6934A936A7369DFE37B7DBA93F5E5E49 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:36:49.0776 2512  nv_agp - ok
21:36:49.0779 2512  [ 6F722C84CCCEF77A871D0F7E50AB25EB ] OpenVPNService  C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
21:36:49.0784 2512  OpenVPNService - ok
21:36:49.0789 2512  [ 3B510F20806B94E389784ED09DBD2111 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:36:49.0800 2512  p2pimsvc - ok
21:36:49.0806 2512  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B ] p2psvc          C:\Windows\system32\p2psvc.dll
21:36:49.0817 2512  p2psvc - ok
21:36:49.0819 2512  [ 764B1121867B2D9B31C491668AC72B2B ] Parport         C:\Windows\System32\drivers\parport.sys
21:36:49.0827 2512  Parport - ok
21:36:49.0829 2512  [ EF0C1749C9A8CEE9A457473D433CC00F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:36:49.0836 2512  partmgr - ok
21:36:49.0841 2512  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:36:49.0853 2512  PcaSvc - ok
21:36:49.0860 2512  [ C0D3F3BC1C84B4BA746D9847314C1164 ] pci             C:\Windows\system32\drivers\pci.sys
21:36:49.0870 2512  pci - ok
21:36:49.0872 2512  [ 346E38FCC6859A727DD28AFAD1F0AFF4 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:36:49.0878 2512  pciide - ok
21:36:49.0881 2512  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:36:49.0888 2512  pcmcia - ok
21:36:49.0890 2512  [ BF28771D1436C88BE1D297D3098B0F7D ] pcw             C:\Windows\system32\drivers\pcw.sys
21:36:49.0897 2512  pcw - ok
21:36:49.0900 2512  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4 ] pdc             C:\Windows\system32\drivers\pdc.sys
21:36:49.0906 2512  pdc - ok
21:36:49.0913 2512  [ BA50CC0BD19004AAB88BE37338B6FA0D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:36:49.0926 2512  PEAUTH - ok
21:36:49.0942 2512  [ 084DE525DFE82AE7453DD527390FA110 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:36:49.0965 2512  PeerDistSvc - ok
21:36:49.0984 2512  [ 8E3C640FFF5A963F570233AE99C0FFF3 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:36:49.0991 2512  PerfHost - ok
21:36:50.0005 2512  [ 928061178CD9856CA6B67FFFCE6BA766 ] pla             C:\Windows\system32\pla.dll
21:36:50.0027 2512  pla - ok
21:36:50.0030 2512  [ 752A457320A946E03C3AA86C3ACD735E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:36:50.0040 2512  PlugPlay - ok
21:36:50.0043 2512  [ 045EB4F260606A03BE340D09DEAF3BA4 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:36:50.0050 2512  PNRPAutoReg - ok
21:36:50.0054 2512  [ 3B510F20806B94E389784ED09DBD2111 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:36:50.0063 2512  PNRPsvc - ok
21:36:50.0068 2512  [ C16097D77A232A288D65F299E2E01105 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:36:50.0080 2512  PolicyAgent - ok
21:36:50.0083 2512  [ 00E08B30E7F7C13ECE2CDF4F46A77311 ] Power           C:\Windows\system32\umpo.dll
21:36:50.0091 2512  Power - ok
21:36:50.0094 2512  [ E075CC071022BD4E9BE7C024717C0E0A ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:36:50.0103 2512  PptpMiniport - ok
21:36:50.0123 2512  [ B7DB57A000D46D4DE75BC0C563E58072 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
21:36:50.0153 2512  PrintNotify - ok
21:36:50.0156 2512  [ ECD373F9571C745894367CC2635EA44F ] Processor       C:\Windows\System32\drivers\processr.sys
21:36:50.0163 2512  Processor - ok
21:36:50.0167 2512  [ 9E5A3A3B702ECB9E88AA07731F0E65EB ] ProfSvc         C:\Windows\system32\profsvc.dll
21:36:50.0176 2512  ProfSvc - ok
21:36:50.0179 2512  [ 8528BB05E4D4E25945F78B00B2555FB7 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:36:50.0189 2512  Psched - ok
21:36:50.0194 2512  [ AF90BB44C99D6820BE52C9BBAA523283 ] QWAVE           C:\Windows\system32\qwave.dll
21:36:50.0205 2512  QWAVE - ok
21:36:50.0208 2512  [ 3FB466684609A4329858CF2EBD62E0FD ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:36:50.0216 2512  QWAVEdrv - ok
21:36:50.0219 2512  [ 2C56F0EE27E4EF70CA4B4983D3638905 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:36:50.0227 2512  RasAcd - ok
21:36:50.0230 2512  [ 55FE43112F61836D0581D615C72AA113 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:50.0237 2512  RasAgileVpn - ok
21:36:50.0240 2512  [ 5F061AC45266841A2860C1858ED863B8 ] RasAuto         C:\Windows\System32\rasauto.dll
21:36:50.0249 2512  RasAuto - ok
21:36:50.0252 2512  [ BBB6272B7F46C4640A8CDB8A70C3450F ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:50.0261 2512  Rasl2tp - ok
21:36:50.0266 2512  [ BF3B17016764F20F9D28CF1A8DC210C0 ] RasMan          C:\Windows\System32\rasmans.dll
21:36:50.0279 2512  RasMan - ok
21:36:50.0281 2512  [ 5247F308C4103CDC4FE12AE1D235800A ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:50.0290 2512  RasPppoe - ok
21:36:50.0293 2512  [ 2B0F1677CDD08967005F34488559BC6F ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:36:50.0301 2512  RasSstp - ok
21:36:50.0306 2512  [ B939A2A0F9D6C6C186721E268EB6FA93 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:36:50.0315 2512  rdbss - ok
21:36:50.0318 2512  [ 6B21EBF892CD8CACB71669B35AB5DE32 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
21:36:50.0330 2512  rdpbus - ok
21:36:50.0333 2512  [ 680C1DAE268B6FB67FA21B389A8B79EF ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:36:50.0341 2512  RDPDR - ok
21:36:50.0346 2512  [ 858776908AF838E3790F3261B799CDA6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:36:50.0352 2512  RdpVideoMiniport - ok
21:36:50.0356 2512  [ 06250FF7F8E5F98DAA6F2D6251B1694E ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:36:50.0365 2512  rdyboost - ok
21:36:50.0373 2512  [ 036746D54347FD2D0385668E2A4064E4 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
21:36:50.0391 2512  ReFS - ok
21:36:50.0396 2512  [ BFFB40FBE6D2C3469F8D06EE5E4934AB ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:36:50.0406 2512  RemoteAccess - ok
21:36:50.0409 2512  [ 4DCCABE03D06955ED61BABBD8EF9F30F ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:36:50.0420 2512  RemoteRegistry - ok
21:36:50.0426 2512  [ D894CBD7DA753C881EE8D5E33B583225 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:36:50.0434 2512  RpcEptMapper - ok
21:36:50.0436 2512  [ 5CAE8F47B31D5CFC322B5B898C19E0FE ] RpcLocator      C:\Windows\system32\locator.exe
21:36:50.0443 2512  RpcLocator - ok
21:36:50.0450 2512  [ 3FD5AE42EC87C6F532A931F96BE731DD ] RpcSs           C:\Windows\system32\rpcss.dll
21:36:50.0462 2512  RpcSs - ok
21:36:50.0465 2512  [ 2D05A5508F4685412F2B89E8C2189ABC ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:36:50.0474 2512  rspndr - ok
21:36:50.0476 2512  [ 1A063730F221B2746FF00457AE17E4F0 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
21:36:50.0482 2512  s3cap - ok
21:36:50.0485 2512  [ F6F209DDB94959BA104FC8FC87C53759 ] SamSs           C:\Windows\system32\lsass.exe
21:36:50.0491 2512  SamSs - ok
21:36:50.0495 2512  [ E20128053F3F4641A2627ECFA7149ECA ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
21:36:50.0502 2512  SbieDrv - ok
21:36:50.0505 2512  [ 0FA1025D7AC725EEA5EA3076965EEA6B ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
21:36:50.0510 2512  SbieSvc - ok
21:36:50.0513 2512  [ C624A1B32211C3166EDB3F4AB02A30B7 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:36:50.0520 2512  sbp2port - ok
21:36:50.0524 2512  [ 47C497FA4DDEA908633CAA60CEBE6805 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:36:50.0534 2512  SCardSvr - ok
21:36:50.0537 2512  [ E76C4E98302AE39CC6FA5D20FC8B5438 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
21:36:50.0547 2512  ScDeviceEnum - ok
21:36:50.0549 2512  [ ABD0237B15DBD2B4695F4B7D734A58F7 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:36:50.0557 2512  scfilter - ok
21:36:50.0566 2512  [ 888A30EAB651502352C18745367FD179 ] Schedule        C:\Windows\system32\schedsvc.dll
21:36:50.0585 2512  Schedule - ok
21:36:50.0588 2512  [ AB285CE3431FF3D2ACE669245874C1C7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:36:50.0597 2512  SCPolicySvc - ok
21:36:50.0600 2512  [ 2F9A3380B8C0380E5608E29C7AA66899 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
21:36:50.0609 2512  sdbus - ok
21:36:50.0612 2512  [ 4EAF4DCF9DBD9A56952A58F56D61C005 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
21:36:50.0618 2512  sdstor - ok
21:36:50.0621 2512  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:36:50.0627 2512  secdrv - ok
21:36:50.0630 2512  [ C49009F897BA4F2F4F31043663AA1485 ] seclogon        C:\Windows\system32\seclogon.dll
21:36:50.0639 2512  seclogon - ok
21:36:50.0642 2512  [ A88882E64BDC1D8E8D6E727B71CCCC53 ] SENS            C:\Windows\System32\sens.dll
21:36:50.0652 2512  SENS - ok
21:36:50.0656 2512  [ E66A7C8CE7ED22DED6DF1CA479FB4790 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:36:50.0664 2512  SensrSvc - ok
21:36:50.0667 2512  [ DB2FF24CE0BDD15FE75870AFE312BA89 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
21:36:50.0674 2512  SerCx - ok
21:36:50.0677 2512  [ 0044B31F93946D5D41982314381FE431 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
21:36:50.0684 2512  SerCx2 - ok
21:36:50.0687 2512  [ 3CD600C089C1251BEEB4CD4CD5164F9E ] Serenum         C:\Windows\System32\drivers\serenum.sys
21:36:50.0693 2512  Serenum - ok
21:36:50.0696 2512  [ D864381BC9C725FAB01D94C060660166 ] Serial          C:\Windows\System32\drivers\serial.sys
21:36:50.0703 2512  Serial - ok
21:36:50.0705 2512  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D ] sermouse        C:\Windows\System32\drivers\sermouse.sys
21:36:50.0712 2512  sermouse - ok
21:36:50.0719 2512  [ 441E6FF1F34D7A942946DB42A15FB519 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:36:50.0729 2512  SessionEnv - ok
21:36:50.0731 2512  [ 472B7A5AC181C050888DB454663DD764 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
21:36:50.0738 2512  sfloppy - ok
21:36:50.0743 2512  [ F4414F57DF2CECB8FC969AA43A6B0D50 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:36:50.0753 2512  SharedAccess - ok
21:36:50.0760 2512  [ 0D190D8B4B20446BE6299AC734DFADF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:50.0776 2512  ShellHWDetection - ok
21:36:50.0780 2512  [ 2F518D13DD6F3053837FE606F1A2EA1F ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:36:50.0786 2512  SiSRaid2 - ok
21:36:50.0790 2512  [ 1AC9A200A9C49C4508F04AAFFCA34A3F ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:36:50.0797 2512  SiSRaid4 - ok
21:36:50.0799 2512  [ 587ACA15210D1B01FBF272E07A08F91A ] smphost         C:\Windows\System32\smphost.dll
21:36:50.0807 2512  smphost - ok
21:36:50.0811 2512  [ 49EEB92DE930B8566EF615D600781DB4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:36:50.0819 2512  SNMPTRAP - ok
21:36:50.0824 2512  [ F6EBE514D13ECE7EDC23440039CDF9AB ] spaceport       C:\Windows\system32\drivers\spaceport.sys
21:36:50.0835 2512  spaceport - ok
21:36:50.0838 2512  [ F337BE11071818FC3F5DC2940B6BDE34 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
21:36:50.0844 2512  SpbCx - ok
21:36:50.0848 2512  [ B34BAFC007B7BA547B3F9683A8568645 ] SpiderG3        C:\Windows\system32\drivers\spiderg3.sys
21:36:50.0854 2512  SpiderG3 - ok
21:36:50.0861 2512  [ FE0CB40F36D3FCDD3A1B312EF72C38D5 ] Spooler         C:\Windows\System32\spoolsv.exe
21:36:50.0873 2512  Spooler - ok
21:36:50.0914 2512  [ E6DEC72A2A23FAA53EB9FEC3C7E29D66 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:36:50.0997 2512  sppsvc - ok
21:36:51.0003 2512  [ CD7534BA5BA92086B1BC10ADF880FC49 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:36:51.0013 2512  srv - ok
21:36:51.0020 2512  [ C1AE59C0B0817236EC083A91C396005A ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:36:51.0032 2512  srv2 - ok
21:36:51.0035 2512  [ 77195C32175FC63D6054EBA5A066D727 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:36:51.0044 2512  srvnet - ok
21:36:51.0048 2512  [ BB9ED3EDD8E85008215A7250D325A72E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:36:51.0058 2512  SSDPSRV - ok
21:36:51.0061 2512  [ 3911418AFDE10EA6823B7799E4815524 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:36:51.0071 2512  SstpSvc - ok
21:36:51.0075 2512  [ 882E2063832AA21716D2C17F11BE4079 ] Start8          C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
21:36:51.0081 2512  Start8 - ok
21:36:51.0086 2512  [ A9D26626BEADF5A0641BF6B5095EF309 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:36:51.0094 2512  Stereo Service - ok
21:36:51.0096 2512  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:36:51.0102 2512  stexstor - ok
21:36:51.0109 2512  [ D638904FE86A5FE542A1BA13A9D68E5C ] stisvc          C:\Windows\System32\wiaservc.dll
21:36:51.0121 2512  stisvc - ok
21:36:51.0124 2512  [ 0ED2E318ABB68C1A35A8B8038BDB4C90 ] storahci        C:\Windows\system32\drivers\storahci.sys
21:36:51.0131 2512  storahci - ok
21:36:51.0133 2512  [ 7A08CEE1535F5A448215634C5EA74E50 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
21:36:51.0140 2512  storflt - ok
21:36:51.0142 2512  [ D57AEE34C7C0DD1DC8B6B54B7A89649C ] stornvme        C:\Windows\system32\drivers\stornvme.sys
21:36:51.0148 2512  stornvme - ok
21:36:51.0151 2512  [ 3118058E3D07021A55324A943C6D722B ] StorSvc         C:\Windows\system32\storsvc.dll
21:36:51.0158 2512  StorSvc - ok
21:36:51.0160 2512  [ 548759755BC73DAD663250239D7E0B9F ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:36:51.0166 2512  storvsc - ok
21:36:51.0169 2512  [ 03618F935379614837F915D04C45FC0E ] storvsp         C:\Windows\System32\drivers\storvsp.sys
21:36:51.0175 2512  storvsp - ok
21:36:51.0178 2512  [ D8E1AE075AB3E8AD56F69C44AA978596 ] svsvc           C:\Windows\system32\svsvc.dll
21:36:51.0188 2512  svsvc - ok
21:36:51.0190 2512  [ 84E0F5D41C138C5CC975137A2A98F6D3 ] swenum          C:\Windows\System32\drivers\swenum.sys
21:36:51.0196 2512  swenum - ok
21:36:51.0203 2512  [ A5DC2E63F5E5D3C0B843307374998479 ] swprv           C:\Windows\System32\swprv.dll
21:36:51.0219 2512  swprv - ok
21:36:51.0229 2512  [ E45DA7CBBA34510C8B9473AD7D4FFD0B ] SysMain         C:\Windows\system32\sysmain.dll
21:36:51.0246 2512  SysMain - ok
21:36:51.0250 2512  [ D65B1C952AEB864C2BAC7A770B17ECCE ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:36:51.0259 2512  SystemEventsBroker - ok
21:36:51.0262 2512  [ BA6DD39266A5E15515C8C14DA2DA3E5C ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:51.0276 2512  TabletInputService - ok
21:36:51.0279 2512  [ 3C32FF010F869BC184DF71290477384E ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
21:36:51.0284 2512  tap0901 - ok
21:36:51.0288 2512  [ B517410F157693043DACA21B19B258A6 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:36:51.0298 2512  TapiSrv - ok
21:36:51.0316 2512  [ 3D9A5AC880D7AA2305812D665D24ED23 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:36:51.0354 2512  Tcpip - ok
21:36:51.0371 2512  [ 3D9A5AC880D7AA2305812D665D24ED23 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:36:51.0406 2512  TCPIP6 - ok
21:36:51.0409 2512  [ 33A7D83EEB15431773A6E186CFAABA21 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:36:51.0417 2512  tcpipreg - ok
21:36:51.0421 2512  [ FFF28F9F6823EB1756C60F1649560BBF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:36:51.0429 2512  tdx - ok
21:36:51.0431 2512  [ 232D185D2337F141311D0CF1983E1431 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
21:36:51.0437 2512  terminpt - ok
21:36:51.0446 2512  [ 2C77831737491F4D684D315B95C62883 ] TermService     C:\Windows\System32\termsrv.dll
21:36:51.0461 2512  TermService - ok
21:36:51.0463 2512  [ 05FBE1F7C13E87AF7A414CDF288B1F62 ] Themes          C:\Windows\system32\themeservice.dll
21:36:51.0475 2512  Themes - ok
21:36:51.0478 2512  [ FD788C2D96EA91469A3C1D13E80D7473 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:36:51.0485 2512  THREADORDER - ok
21:36:51.0489 2512  [ 347A3E49CE18402305B8119A6EC7CFEB ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
21:36:51.0501 2512  TimeBroker - ok
21:36:51.0504 2512  [ 82F909359600D3603FE852DB7F135626 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:36:51.0512 2512  TPM - ok
21:36:51.0515 2512  [ C97E14BB6A196B0554D6EB67D8818175 ] TrkWks          C:\Windows\System32\trkwks.dll
21:36:51.0523 2512  TrkWks - ok
21:36:51.0526 2512  [ DA56FFA46030E6FEB215E3D5DAA65B11 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:51.0533 2512  TrustedInstaller - ok
21:36:51.0536 2512  [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:36:51.0543 2512  TsUsbFlt - ok
21:36:51.0545 2512  [ E0088068DCE2EE82897027DDB8E05254 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
21:36:51.0552 2512  TsUsbGD - ok
21:36:51.0555 2512  [ C8E0E78B5D284C2FF59BDFFDAF997242 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:36:51.0564 2512  tunnel - ok
21:36:51.0567 2512  [ F6EEAD052943B5A3104C1405BB856C54 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:36:51.0573 2512  uagp35 - ok
21:36:51.0576 2512  [ FE6067B1FD4E63650C667B33D080565B ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
21:36:51.0582 2512  UASPStor - ok
21:36:51.0585 2512  [ 5D1B430EA11064C56E7C8F84B90DEB6A ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
21:36:51.0594 2512  UCX01000 - ok
21:36:51.0598 2512  [ 1EC649F112896FAE33250F0B97AC5D0B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:36:51.0610 2512  udfs - ok
21:36:51.0612 2512  [ 9578691F297E1B1F519970FE6D47CB21 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
21:36:51.0618 2512  UEFI - ok
21:36:51.0623 2512  [ 320878AFECDBBD61BBE98624A6CAAC08 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:36:51.0632 2512  UI0Detect - ok
21:36:51.0634 2512  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:36:51.0641 2512  uliagpkx - ok
21:36:51.0643 2512  [ DA34C39A18E60E7C3FA0630566408034 ] umbus           C:\Windows\System32\drivers\umbus.sys
21:36:51.0650 2512  umbus - ok
21:36:51.0652 2512  [ AE8294875E5446E359B1E8035D40C05E ] UmPass          C:\Windows\System32\drivers\umpass.sys
21:36:51.0659 2512  UmPass - ok
21:36:51.0663 2512  [ E3DDF7D43E05784FAA5E042605EEE528 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:36:51.0672 2512  UmRdpService - ok
21:36:51.0677 2512  [ 4A2FFDAC45F317E17DF642C7160EB633 ] upnphost        C:\Windows\System32\upnphost.dll
21:36:51.0689 2512  upnphost - ok
21:36:51.0692 2512  [ 3432E857B8EC1C1316AB098F2BCCDFB6 ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
21:36:51.0700 2512  usbccgp - ok
21:36:51.0703 2512  [ B3D6457D841A0CAEF4C52D88621715F2 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
21:36:51.0710 2512  usbcir - ok
21:36:51.0712 2512  [ 5477D6E27C7D266EF8C152B9A25ADE5E ] usbehci         C:\Windows\System32\drivers\usbehci.sys
21:36:51.0719 2512  usbehci - ok
21:36:51.0724 2512  [ DF56C2C04EFA328D7A66B69007130266 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
21:36:51.0735 2512  usbhub - ok
21:36:51.0740 2512  [ C0E33820326199CE3CFD3B9F27F81D99 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
21:36:51.0753 2512  USBHUB3 - ok
21:36:51.0755 2512  [ 3019097FB6C985EF24C058090FF3BDBD ] usbohci         C:\Windows\System32\drivers\usbohci.sys
21:36:51.0762 2512  usbohci - ok
21:36:51.0764 2512  [ 4D655E3B684BE9B0F7FFD8A2935C348C ] usbprint        C:\Windows\System32\drivers\usbprint.sys
21:36:51.0771 2512  usbprint - ok
21:36:51.0775 2512  [ 4628B415A84EA9D4D396A56F1D0CB6C6 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
21:36:51.0782 2512  USBSTOR - ok
21:36:51.0785 2512  [ BA4FA655E0FC577DB7436FC963932CE4 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
21:36:51.0791 2512  usbuhci - ok
21:36:51.0796 2512  [ 3B44CB989757428208CCFCC028C13110 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
21:36:51.0806 2512  USBXHCI - ok
21:36:51.0809 2512  [ F6F209DDB94959BA104FC8FC87C53759 ] VaultSvc        C:\Windows\system32\lsass.exe
21:36:51.0815 2512  VaultSvc - ok
21:36:51.0817 2512  [ FEB26E3B8345A7E8D62F945C4AE86562 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:36:51.0823 2512  vdrvroot - ok
21:36:51.0833 2512  [ CFBAD6B48EDFAA0828A52646B7C4C08D ] vds             C:\Windows\System32\vds.exe
21:36:51.0852 2512  vds - ok
21:36:51.0855 2512  [ A026EDEAA5EECAE0B08E2748B616D4BD ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
21:36:51.0863 2512  VerifierExt - ok
21:36:51.0868 2512  [ 041D3EF364E624DBB2703A64A5AADF89 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
21:36:51.0881 2512  vhdmp - ok
21:36:51.0884 2512  [ 06D38968028E9AB19DE9B618C7B6D199 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:36:51.0890 2512  viaide - ok
21:36:51.0893 2512  [ 3CE922E34DB12D9F3C0EA856BC09687C ] Vid             C:\Windows\System32\drivers\Vid.sys
21:36:51.0901 2512  Vid - ok
21:36:51.0904 2512  [ C6305BDFC4F7CE51F72BB072C03D4ACE ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:36:51.0911 2512  vmbus - ok
21:36:51.0913 2512  [ DA40BEA0A863CE768C940CA9723BF81F ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
21:36:51.0919 2512  VMBusHID - ok
21:36:51.0922 2512  [ 68F8C26DEA2D42E8DEC0778943433C80 ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
21:36:51.0930 2512  vmbusr - ok
21:36:51.0935 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicguestinterface C:\Windows\System32\ICSvc.dll
21:36:51.0946 2512  vmicguestinterface - ok
21:36:51.0950 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
21:36:51.0959 2512  vmicheartbeat - ok
21:36:51.0964 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmickvpexchange C:\Windows\System32\ICSvc.dll
21:36:51.0974 2512  vmickvpexchange - ok
21:36:51.0979 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicrdv         C:\Windows\System32\ICSvc.dll
21:36:51.0989 2512  vmicrdv - ok
21:36:51.0994 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicshutdown    C:\Windows\System32\ICSvc.dll
21:36:52.0003 2512  vmicshutdown - ok
21:36:52.0008 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmictimesync    C:\Windows\System32\ICSvc.dll
21:36:52.0018 2512  vmictimesync - ok
21:36:52.0022 2512  [ 9067880BBB1C18703DBFF27D731D7ECA ] vmicvss         C:\Windows\System32\ICSvc.dll
21:36:52.0032 2512  vmicvss - ok
21:36:52.0034 2512  [ 55D7D963DE85162F1C49721E502F9744 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:36:52.0041 2512  volmgr - ok
21:36:52.0046 2512  [ CCB9E901F7254BF96D28EB1B0E5329B7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:36:52.0057 2512  volmgrx - ok
21:36:52.0062 2512  [ 9F9CE33B50611A1C61A46B8911E0B30B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:36:52.0071 2512  volsnap - ok
21:36:52.0074 2512  [ 01355C98B5C3ED1EC446743CDA848FCE ] vpci            C:\Windows\System32\drivers\vpci.sys
21:36:52.0081 2512  vpci - ok
21:36:52.0083 2512  [ ADBE96C33D1A5BB1BBAF90B4BC84F523 ] vpcivsp         C:\Windows\System32\drivers\vpcivsp.sys
21:36:52.0090 2512  vpcivsp - ok
21:36:52.0093 2512  [ 4539F45F9F4C9757A86A56C949421E07 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:36:52.0101 2512  vsmraid - ok
21:36:52.0112 2512  [ D51D7EF1EA5ED2BB01E9D07E6E0533BC ] VSS             C:\Windows\system32\vssvc.exe
21:36:52.0134 2512  VSS - ok
21:36:52.0138 2512  [ 0849B7260F26FE05EA56DED0672E2F4B ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
21:36:52.0147 2512  VSTXRAID - ok
21:36:52.0151 2512  [ 350C67FAB363E6E26F14B3EA5326918C ] VUSB3HUB        C:\Windows\System32\drivers\ViaHub3.sys
21:36:52.0159 2512  VUSB3HUB - ok
21:36:52.0161 2512  [ BE970C369E43B509C1EDA2B8FA7CECB0 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:36:52.0168 2512  vwifibus - ok
21:36:52.0173 2512  [ 7599E582CA3A6AAA95A18FFE1172D339 ] W32Time         C:\Windows\system32\w32time.dll
21:36:52.0185 2512  W32Time - ok
21:36:52.0188 2512  [ 0910AB9ED404C1434E2D0376C2AD5D8B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
21:36:52.0194 2512  WacomPen - ok
21:36:52.0197 2512  [ AFCD4054D61BD708B82991348ED1C763 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:36:52.0205 2512  Wanarp - ok
21:36:52.0208 2512  [ AFCD4054D61BD708B82991348ED1C763 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:36:52.0215 2512  Wanarpv6 - ok
21:36:52.0227 2512  [ 92BF4B3EBD6F163B94B7A20C65E7B698 ] wbengine        C:\Windows\system32\wbengine.exe
21:36:52.0246 2512  wbengine - ok
21:36:52.0252 2512  [ 58F28103889817C93E5B5AFABC87E709 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:36:52.0261 2512  WbioSrvc - ok
21:36:52.0273 2512  [ 772365894F14652D376B2E5030179DC9 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
21:36:52.0283 2512  Wcmsvc - ok
21:36:52.0288 2512  [ D2726823DF7E19F213F4805A9D6D145F ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:36:52.0300 2512  wcncsvc - ok
21:36:52.0302 2512  [ 846C02A8B48CBD921A3D6AB521AA0DC4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:52.0310 2512  WcsPlugInService - ok
21:36:52.0313 2512  [ 694B28DE12AD47031FFB4B052662131A ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
21:36:52.0319 2512  WdBoot - ok
21:36:52.0326 2512  [ CB6C63FF8342B467E2EF76E98D5B934D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:36:52.0344 2512  Wdf01000 - ok
21:36:52.0347 2512  [ 0B99529A3BECC3528D865DDECB62503B ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
21:36:52.0357 2512  WdFilter - ok
21:36:52.0360 2512  [ 40C67D1A4891120874767F6E6604D6C5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:36:52.0371 2512  WdiServiceHost - ok
21:36:52.0373 2512  [ 40C67D1A4891120874767F6E6604D6C5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:36:52.0384 2512  WdiSystemHost - ok
21:36:52.0386 2512  [ 282E7D46310338FF4A6B7680440EB0DA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
21:36:52.0394 2512  WdNisDrv - ok
21:36:52.0396 2512  WdNisSvc - ok
21:36:52.0402 2512  [ 6588A957873326361AB1CAC4E76F8394 ] WebClient       C:\Windows\System32\webclnt.dll
21:36:52.0414 2512  WebClient - ok
21:36:52.0418 2512  [ 3274312F263882B51B964329FAF49734 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:36:52.0428 2512  Wecsvc - ok
21:36:52.0431 2512  [ 7CDD84E0023A0C5C230B06A7965EC65E ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
21:36:52.0439 2512  WEPHOSTSVC - ok
21:36:52.0442 2512  [ AA1315B87D9B2E39584165318A59F15D ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:36:52.0454 2512  wercplsupport - ok
21:36:52.0457 2512  [ 22B4C24AB921BFF7827FFBCA1F4E1BB3 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:36:52.0470 2512  WerSvc - ok
21:36:52.0473 2512  [ 2E3E82D7B1076B90F4E228A8EF17B261 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
21:36:52.0481 2512  WFPLWFS - ok
21:36:52.0483 2512  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2 ] WiaRpc          C:\Windows\System32\wiarpc.dll
21:36:52.0491 2512  WiaRpc - ok
21:36:52.0493 2512  [ 867BCC69ED9C31C501465EB0E8BA9DFA ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:36:52.0500 2512  WIMMount - ok
21:36:52.0501 2512  WinDefend - ok
21:36:52.0511 2512  [ DD079EC8F44DCA3A176B345C6ADEFB66 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:36:52.0522 2512  WinHttpAutoProxySvc - ok
21:36:52.0528 2512  [ 9DB490F3E823C5C3C070644B96CB9D59 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:36:52.0537 2512  Winmgmt - ok
21:36:52.0555 2512  [ 690C3FC5C9DBD6B9AEDF8341EC720E41 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:36:52.0583 2512  WinRM - ok
21:36:52.0596 2512  [ 728D3349FAB251B0265EFA55C67DCA2D ] WlanSvc         C:\Windows\System32\wlansvc.dll
21:36:52.0614 2512  WlanSvc - ok
21:36:52.0626 2512  [ C2838466CCC44FAEF2C3D4C1E5971ECB ] wlidsvc         C:\Windows\system32\wlidsvc.dll
21:36:52.0646 2512  wlidsvc - ok
21:36:52.0648 2512  [ 2834D9D3B4F554A39C72F00EA3F0E128 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
21:36:52.0654 2512  WmiAcpi - ok
21:36:52.0659 2512  [ 7AFAC828F52D62F304A911EC32F42EEE ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:36:52.0668 2512  wmiApSrv - ok
21:36:52.0670 2512  WMPNetworkSvc - ok
21:36:52.0683 2512  [ 53A36BD7ABD1E56C9A0C923F09C717E3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
21:36:52.0706 2512  workfolderssvc - ok
21:36:52.0708 2512  [ E746BCDBA2E02CF6B8D6B26FB167FBE0 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
21:36:52.0714 2512  wpcfltr - ok
21:36:52.0717 2512  [ 4E6A0F60DA7EF050D3D26417CD4D24E9 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:36:52.0724 2512  WPCSvc - ok
21:36:52.0727 2512  [ D27491CFCE452C154CECFA155AD0EBC8 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:36:52.0734 2512  WPDBusEnum - ok
21:36:52.0736 2512  [ 9F2904B55F6CECCD1A8D986B5CE2609A ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
21:36:52.0742 2512  WpdUpFltr - ok
21:36:52.0744 2512  [ AE072B0339D0A18E455DC21666CAD572 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:36:52.0752 2512  ws2ifsl - ok
21:36:52.0755 2512  [ 5CFA46C4ACB2FD70572017052378DAE5 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:36:52.0765 2512  wscsvc - ok
21:36:52.0767 2512  WSearch - ok
21:36:52.0791 2512  [ D8E3A4701376CCFD0BE542D745FA4809 ] WSService       C:\Windows\System32\WSService.dll
21:36:52.0845 2512  WSService - ok
21:36:52.0870 2512  [ A4158154BABB7A29BF5639CFAB3CEC2C ] wuauserv        C:\Windows\system32\wuaueng.dll
21:36:52.0904 2512  wuauserv - ok
21:36:52.0908 2512  [ 2FEAE33E9B2B56104596E1BA444405A9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:36:52.0916 2512  WudfPf - ok
21:36:52.0920 2512  [ 19240C13F526125554B5370566F21A0A ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
21:36:52.0928 2512  WUDFRd - ok
21:36:52.0932 2512  [ BB73CBC65AABC4EA0A5C6A1474A0A743 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:36:52.0940 2512  wudfsvc - ok
21:36:52.0943 2512  [ 19240C13F526125554B5370566F21A0A ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:52.0951 2512  WUDFWpdFs - ok
21:36:52.0957 2512  [ 2FA9794CA36147756F3FDFD6CA29B46F ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:36:52.0970 2512  WwanSvc - ok
21:36:52.0974 2512  [ 0AAE55167EEA520DECE824A2003E1C02 ] xhcdrv          C:\Windows\System32\drivers\xhcdrv.sys
21:36:52.0982 2512  xhcdrv - ok
21:36:52.0986 2512  ================ Scan global ===============================
21:36:52.0988 2512  [ C89780A6F58D113C28A96D85D1261DC5 ] C:\Windows\system32\basesrv.dll
21:36:52.0991 2512  [ 599F1244C60E3D6C28A8DA7FBA7A2C13 ] C:\Windows\system32\winsrv.dll
21:36:52.0995 2512  [ 9C1833ABD62876856836C5AE55C7CE86 ] C:\Windows\system32\sxssrv.dll
21:36:53.0000 2512  [ B4B610BBCB002EC478C6FD80CF915697 ] C:\Windows\system32\services.exe
21:36:53.0002 2512  [Global] - ok
21:36:53.0003 2512  ================ Scan MBR ==================================
21:36:53.0004 2512  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:36:53.0017 2512  \Device\Harddisk0\DR0 - ok
21:36:53.0018 2512  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:36:53.0102 2512  \Device\Harddisk1\DR1 - ok
21:36:53.0102 2512  ================ Scan VBR ==================================
21:36:53.0104 2512  [ 929C68F211557E1C2F2F54CC40DCC00A ] \Device\Harddisk0\DR0\Partition1
21:36:53.0105 2512  \Device\Harddisk0\DR0\Partition1 - ok
21:36:53.0107 2512  [ 4779059ECFF0F37A4C882BDC7A1D7561 ] \Device\Harddisk0\DR0\Partition2
21:36:53.0107 2512  \Device\Harddisk0\DR0\Partition2 - ok
21:36:53.0109 2512  [ C1BB331357BF33C1C0E1760E3A43430E ] \Device\Harddisk0\DR0\Partition3
21:36:53.0109 2512  \Device\Harddisk0\DR0\Partition3 - ok
21:36:53.0111 2512  [ B0CE853116CDB217940E7E4E36C67365 ] \Device\Harddisk0\DR0\Partition4
21:36:53.0112 2512  \Device\Harddisk0\DR0\Partition4 - ok
21:36:53.0112 2512  ============================================================
21:36:53.0112 2512  Scan finished
21:36:53.0112 2512  ============================================================
21:36:53.0116 5576  Detected object count: 1
21:36:53.0116 5576  Actual detected object count: 1
21:37:45.0751 5576  1636673 ( HiddenService.Multi.Generic ) - skipped by user
21:37:45.0751 5576  1636673 ( HiddenService.Multi.Generic ) - User select action: Skip 
 
 
When I unzip the archive for mbar, it does not appear on the desktop, and the original file disappears. I don't know where it is to run it!


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 04 March 2014 - 11:53 AM

Do you have a flash drive you can download it to then run it from there?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 04 March 2014 - 11:30 PM

Ok, got it to run:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.03.04.11
 
Windows 8 x64 FAT32
Internet Explorer 11.0.9600.16384
Steve-Admin :: PHOENIX1 [administrator]
 
3/4/2014 10:08:44 PM
mbar-log-2014-03-04 (22-08-44).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 228560
Time elapsed: 3 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 05 March 2014 - 12:40 PM

There should have been two logs created when you ran MBAR . I need the system-log.txt also.

 

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 zenmonkey

zenmonkey
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:30 AM

Posted 08 March 2014 - 08:23 PM

Fireman4it,

 

I ended up unable to restart my system. It would load, show a blue screen, then reboot. Both recovery disk and restore points failed. I've since reflashed my motherboard, low level formatted an older drive I had, and just finished installing Windows 7. Should we close this thread and I will start a new one if this doesn't fix it? I really do appreciate your time. This has been insane---a five week ordeal. I teach at a university and it's even affected my ability to prepare lectures and the like. I can't tell you enough  how much value there is in the work you and the other malware fighters are doing to keep those of us, the less savvy, safe.



#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:30 AM

Posted 08 March 2014 - 11:43 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users