Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with several viruses (Conhost, SysWow64, etc)


  • This topic is locked This topic is locked
24 replies to this topic

#1 gheller22

gheller22

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 29 August 2014 - 01:21 PM

I downloaded one bad torrent, and now I have these programs running in Task Manager:

 

nvstreamersvc.exe

csrss.exe

winlogon.exe

nvxdsync.exe

nvvsvc.exe

conhost.exe

 

Plus I have a SysWow64 folder in my c:/windows/system32. None of which I can stop or delete or do anything with and who knows what is buried in the system. I need help big time! Thank you so much in advance!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Revan at 14:07:20 on 2014-08-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.4613 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\LockKey\LockKey.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\84F4D454D214342323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\D41474E45445 : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 HybridDisk;HybridDisk;C:\Windows\System32\drivers\HybridDiskX64.sys [2012-8-28 38496]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-31 20464]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-8-28 39008]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-8-28 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-28 32544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-7-31 56208]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-12 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-12 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [2014-8-25 1588016]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-12 162392]
R1 hybridcfile;hybridcfile;C:\Windows\System32\drivers\HybridCFileX64.sys [2012-8-28 13920]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140829.001\IDSviA64.sys [2014-8-29 633560]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-8-28 59488]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-12 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-12 593112]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 772064]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 161560]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe [2014-8-12 265040]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-6-21 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-21 69640]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-2 1721800]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-2 18974152]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-28 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-8-28 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-8-28 39976]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2014-7-31 352144]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-12 142128]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-8 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-31 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-31 795632]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-13 104048]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-25 21448]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-25 40392]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2012-8-28 8208488]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-5-29 185352]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-8-24 39168]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2012/08/28 19:25:44;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-8-28 120160]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2014-5-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-31 110336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-3 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-31 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-3 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-08-29 18:05:57 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-29 02:30:08 -------- d-----w- C:\Program Files\Enigma Software Group
2014-08-29 02:29:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-08-28 23:39:30 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-08-28 23:32:11 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-08-28 23:20:22 36456 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-08-28 23:20:20 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-28 22:57:24 -------- d-----w- C:\NPE
2014-08-28 22:55:25 -------- d-----w- C:\Users\Revan\AppData\Local\NPE
2014-08-28 22:34:23 -------- d-----w- C:\Users\Revan\AppData\Roaming\Groovorio
2014-08-28 21:27:03 -------- d-----w- C:\Windows\SysWow64\NV
2014-08-28 21:27:03 -------- d-----w- C:\Windows\System32\NV
2014-08-28 21:13:10 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-28 21:13:10 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-28 16:28:39 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-28 16:28:07 -------- d-----w- C:\AdwCleaner
2014-08-28 15:16:05 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 15:16:05 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 15:16:05 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-25 20:24:13 -------- d-----w- C:\Users\Revan\AppData\Roaming\SplitPlayPC
2014-08-24 21:10:56 -------- d-----w- C:\Program Files\MiniFrame
2014-08-24 21:10:54 73624 ----a-w- C:\Windows\System32\drivers\mfcore.sys
2014-08-24 21:10:54 67472 ----a-w- C:\Windows\SysWow64\mfcoresfp.x86
2014-08-24 21:10:54 531352 ----a-w- C:\Windows\SysWow64\mfcoresfp.dll
2014-08-24 21:10:54 420744 ----a-w- C:\Windows\System32\mfcoredll.dll
2014-08-24 21:10:54 382856 ----a-w- C:\Windows\SysWow64\mfcoredll.dll
2014-08-24 21:10:54 316760 ----a-w- C:\Windows\SysWow64\mfcoresfp.exe
2014-08-24 21:10:54 16792 ----a-w- C:\Windows\System32\mfcoresvc.exe
2014-08-24 21:10:54 147344 ----a-w- C:\Windows\System32\mfcoresfp.x64
2014-08-24 21:10:54 1283480 ----a-w- C:\Windows\System32\mfcoresfp.dll
2014-08-24 21:10:54 1241440 ----a-w- C:\Windows\System32\mfcoresfp.exe
2014-08-24 21:10:16 -------- d-----w- C:\Users\Revan\AppData\Local\Downloaded Installations
2014-08-24 20:30:39 39168 ----a-w- C:\Windows\System32\drivers\ScpVBus.sys
2014-08-24 20:19:54 -------- d-----r- C:\Sandbox
2014-08-24 20:05:29 -------- d-----w- C:\Program Files\Sandboxie
2014-08-15 07:00:21 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 07:00:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 07:00:21 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 07:00:21 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 07:00:21 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 07:00:21 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 07:00:18 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:00:18 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-12 23:00:10 4575232 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-08-12 22:32:31 875736 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\srtsp64.sys
2014-08-12 22:32:31 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys
2014-08-12 22:32:31 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys
2014-08-12 22:32:31 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtspx64.sys
2014-08-12 22:32:31 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys
2014-08-12 22:32:31 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symelam.sys
2014-08-12 22:32:31 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys
2014-08-12 22:32:31 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys
2014-08-12 22:32:21 -------- d-----w- C:\Windows\System32\drivers\N360x64\1505000.013
2014-08-08 23:06:07 -------- d-----w- C:\Users\Revan\AppData\Roaming\fltk.org
2014-08-08 23:06:07 -------- d-----w- C:\Users\Revan\AppData\Roaming\Braid
2014-08-08 23:06:07 -------- d-----w- C:\ProgramData\fltk.org
2014-08-06 18:13:21 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-02 21:56:08 -------- d-----w- C:\Users\Revan\AppData\Local\XGen Studios, Inc
2014-08-02 20:03:11 464104 ----a-w- C:\Windows\System32\MZA64.dll
2014-08-02 20:02:52 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.4
2014-08-02 18:32:19 -------- d-----w- C:\Users\Revan\AppData\Roaming\Rogue Legacy
2014-08-01 01:59:57 -------- d-----w- C:\Program Files (x86)\Cisco
2014-08-01 01:58:49 -------- d-----w- C:\ProgramData\Package Cache
2014-07-31 17:53:21 -------- d-----w- C:\Users\Revan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-07-31 17:52:18 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-07-31 17:42:51 -------- d-----w- C:\ProgramData\ALM
2014-07-31 17:38:18 -------- d-----w- C:\Users\Revan\Adobe Flash Builder 4.6
2014-07-31 17:31:59 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2014-07-31 17:31:59 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2014-07-31 17:31:59 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2014-07-31 17:31:58 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2014-07-31 17:31:58 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2014-07-31 17:31:55 -------- d-----w- C:\Program Files (x86)\My Company Name
2014-07-31 17:26:06 -------- d-----w- C:\Users\Revan\AppData\Local\Adobe
2014-07-31 14:59:42 795632 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys
2014-07-31 14:59:42 358896 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys
2014-07-31 14:59:42 20464 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys
2014-07-31 13:35:49 223760 ----a-w- C:\Windows\SysWow64\CbFsNetRdr3.dll
2014-07-31 13:35:49 190480 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll
2014-07-31 13:35:49 158224 ----a-w- C:\Windows\SysWow64\CbFsMntNtf3.dll
2014-07-31 13:35:49 141328 ----a-w- C:\Windows\System32\CbFsNetRdr3.dll
2014-07-31 13:35:41 352144 ----a-w- C:\Windows\System32\drivers\cbfs3.sys
2014-07-31 13:21:49 -------- d-----w- C:\Users\Revan\AppData\Local\Macroplant,_LLC
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-07-31 13:21:07 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-07-31 13:14:52 -------- d-----w- C:\Program Files (x86)\Sharepod
2014-07-31 08:40:37 -------- d-----w- C:\Users\Revan\AppData\Roaming\redsn0w
2014-07-31 08:28:12 -------- d-----w- C:\Users\Revan\AppData\Roaming\iMobie
2014-07-31 08:28:12 -------- d-----w- C:\Users\Revan\AppData\Local\iMobie_Inc
2014-07-31 07:35:03 -------- d-----w- C:\Program Files (x86)\Samsung
2014-07-31 07:34:12 57344 ----a-r- C:\Users\Revan\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
2014-07-31 07:34:12 53248 ----a-r- C:\Users\Revan\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\ARPPRODUCTICON.exe
2014-07-31 07:28:31 57344 ----a-r- C:\Users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2014-07-31 07:28:31 57344 ----a-r- C:\Users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2014-07-31 07:28:31 53248 ----a-r- C:\Users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\ARPPRODUCTICON.exe
2014-07-31 07:26:43 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2014-07-31 07:26:43 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-07-31 07:26:42 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-07-31 07:26:42 110336 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-07-31 07:26:42 -------- d-----w- C:\Program Files\SAMSUNG
2014-07-31 07:26:29 -------- d-----w- C:\ProgramData\Samsung
2014-07-31 06:54:03 -------- d-----w- C:\Users\Revan\AppData\Roaming\VERIZON
2014-07-31 06:30:02 -------- d-----w- C:\drivers
.
==================== Find3M  ====================
.
2014-08-09 00:28:49 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:28:35 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 23:59:56 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 23:59:55 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 04:22:40 547531 ----a-w- C:\Users\Revan\dragon age awakening- velanna.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-08 08:53:48 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 618440 ----a-w- C:\Windows\SysWow64\oemdspif.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 14:07:42.97 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 03 September 2014 - 01:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546209 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 September 2014 - 05:35 PM

The problem is still the same. There does't appear to be anything wrong with the machine, but those programs are still running. I don't think I have the original Windows CD anymore, but I could go digging if it's necessary. Thanks!
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Revan at 18:31:23 on 2014-09-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.4978 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Lenovo\Nsd\startup.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\LockKey\LockKey.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coieplg.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [LockKey] C:\Program Files (x86)\LockKey\LockKey.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [Intelligent Touchpad] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\84F4D454D214342323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{85DF3953-69A8-4506-8202-03D5F201F2DB}\D41474E45445 : DHCPNameServer = 192.168.1.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coieplg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynLenovoGestureMgr] C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 HybridDisk;HybridDisk;C:\Windows\System32\drivers\HybridDiskX64.sys [2012-8-28 38496]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-7-31 20464]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2012-8-28 39008]
R0 NSD;NSD;C:\Windows\System32\drivers\nsd.sys [2012-8-28 24160]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-28 32544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2014-7-31 56208]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys [2014-8-12 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys [2014-8-12 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [2014-8-25 1588016]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys [2014-8-12 162392]
R1 hybridcfile;hybridcfile;C:\Windows\System32\drivers\HybridCFileX64.sys [2012-8-28 13920]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140903.001\IDSviA64.sys [2014-9-3 633560]
R1 Nsdfltr;Nsdfltr;C:\Windows\System32\drivers\Nsdfltr.sys [2012-8-28 59488]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys [2014-8-12 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys [2014-8-12 593112]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2014-2-5 772064]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-9-12 135984]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-8-28 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-28 161560]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe [2014-8-12 265040]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-6-21 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-6-21 69640]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-2 1721800]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-2 18974152]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-28 363800]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-8 3674864]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-8-28 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-8-28 615976]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-8-28 39976]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2014-7-31 352144]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2011-1-29 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-12 142128]
R3 hswpan;WPAN Driver;C:\Windows\System32\drivers\hswpan.sys [2012-1-27 109056]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-8 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-7-31 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-7-31 795632]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-10-26 173656]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-13 104048]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-25 21448]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-25 40392]
R3 rtsuvc;Lenovo EasyCamera;C:\Windows\System32\drivers\rtsuvc.sys [2012-8-28 8208488]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2014-5-29 185352]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-8-24 39168]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2012/08/28 19:25:44;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 NSDSvc;Fast boot service of lenovo;C:\Windows\System32\NSDSvc.exe [2012-8-28 120160]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2013-7-29 164832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [2014-5-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-31 110336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-8 284912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-3 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-31 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-5-3 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-5-3 1255736]
S3 wsvd;wsvd;C:\Windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-09-02 19:49:48 -------- d-----w- C:\Users\Revan\AppData\Roaming\OpenOffice
2014-09-02 19:48:57 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2014-08-30 16:36:06 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-30 16:36:06 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-30 16:36:06 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-29 02:30:08 -------- d-----w- C:\Program Files\Enigma Software Group
2014-08-29 02:29:18 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-29 02:29:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-08-28 23:39:30 -------- d-----w- C:\Program Files (x86)\Runtime Software
2014-08-28 23:32:11 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-08-28 23:20:22 36456 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-08-28 23:20:20 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-28 22:57:24 -------- d-----w- C:\NPE
2014-08-28 22:55:25 -------- d-----w- C:\Users\Revan\AppData\Local\NPE
2014-08-28 22:34:23 -------- d-----w- C:\Users\Revan\AppData\Roaming\Groovorio
2014-08-28 21:27:03 -------- d-----w- C:\Windows\SysWow64\NV
2014-08-28 21:27:03 -------- d-----w- C:\Windows\System32\NV
2014-08-28 21:13:10 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-08-28 21:13:10 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-08-28 16:28:39 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-28 16:28:07 -------- d-----w- C:\AdwCleaner
2014-08-25 20:24:13 -------- d-----w- C:\Users\Revan\AppData\Roaming\SplitPlayPC
2014-08-24 21:10:56 -------- d-----w- C:\Program Files\MiniFrame
2014-08-24 21:10:54 73624 ----a-w- C:\Windows\System32\drivers\mfcore.sys
2014-08-24 21:10:54 67472 ----a-w- C:\Windows\SysWow64\mfcoresfp.x86
2014-08-24 21:10:54 531352 ----a-w- C:\Windows\SysWow64\mfcoresfp.dll
2014-08-24 21:10:54 420744 ----a-w- C:\Windows\System32\mfcoredll.dll
2014-08-24 21:10:54 382856 ----a-w- C:\Windows\SysWow64\mfcoredll.dll
2014-08-24 21:10:54 316760 ----a-w- C:\Windows\SysWow64\mfcoresfp.exe
2014-08-24 21:10:54 16792 ----a-w- C:\Windows\System32\mfcoresvc.exe
2014-08-24 21:10:54 147344 ----a-w- C:\Windows\System32\mfcoresfp.x64
2014-08-24 21:10:54 1283480 ----a-w- C:\Windows\System32\mfcoresfp.dll
2014-08-24 21:10:54 1241440 ----a-w- C:\Windows\System32\mfcoresfp.exe
2014-08-24 21:10:16 -------- d-----w- C:\Users\Revan\AppData\Local\Downloaded Installations
2014-08-24 20:30:39 39168 ----a-w- C:\Windows\System32\drivers\ScpVBus.sys
2014-08-24 20:19:54 -------- d-----r- C:\Sandbox
2014-08-24 20:05:29 -------- d-----w- C:\Program Files\Sandboxie
2014-08-15 07:00:21 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-15 07:00:21 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-15 07:00:21 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-15 07:00:21 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-15 07:00:21 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-15 07:00:21 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-15 07:00:18 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:00:18 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-12 23:00:10 4575232 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-08-12 22:32:31 875736 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\srtsp64.sys
2014-08-12 22:32:31 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\symnets.sys
2014-08-12 22:32:31 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symds64.sys
2014-08-12 22:32:31 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\srtspx64.sys
2014-08-12 22:32:31 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ironx64.sys
2014-08-12 22:32:31 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\symelam.sys
2014-08-12 22:32:31 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1505000.013\ccsetx64.sys
2014-08-12 22:32:31 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1505000.013\symefa64.sys
2014-08-12 22:32:21 -------- d-----w- C:\Windows\System32\drivers\N360x64\1505000.013
2014-08-08 23:06:07 -------- d-----w- C:\Users\Revan\AppData\Roaming\fltk.org
2014-08-08 23:06:07 -------- d-----w- C:\Users\Revan\AppData\Roaming\Braid
2014-08-08 23:06:07 -------- d-----w- C:\ProgramData\fltk.org
2014-08-06 18:13:21 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2014-08-09 00:28:49 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-08-09 00:28:35 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 23:59:56 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-24 23:59:55 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-23 22:32:36 464104 ----a-w- C:\Windows\System32\MZA64.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 04:22:40 547531 ----a-w- C:\Users\Revan\dragon age awakening- velanna.exe
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-08 08:53:48 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 618440 ----a-w- C:\Windows\SysWow64\oemdspif.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 06:01:38 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2014-06-16 06:01:38 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-06-16 06:01:38 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-06-16 06:01:38 110336 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 18:31:39.36 ===============
 

Attached Files



#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 06 September 2014 - 10:30 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, gheller22

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

The list of services running you stated, they are normal. The existence of syswow64 folder is also normal for a 64-bit system.

Apart from that, I'm not seeing much. But we will still go through the process to make you a little more at ease.

---------------------------------------------------------------------------------------------------

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attached)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 07 September 2014 - 09:12 PM

I know that those programs and folders are named the same as legitimate files, but my layman's understanding of it was that I should still be able to stop the programs or delete the folders. When I try to stop the programs, it says I don't have permission and when I try to delete sysWOW64, it says that I require permission from "TrustedInstaller". Apart from that, my Norton Antivirus found and quarantined two files a few days ago, they were: mza64.dll and mezza.library.dll.vir with a comment on both of them (Adware.Mezza). Thanks for your help!

 

aswMBR Log:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-09-07 21:56:19
-----------------------------
21:56:19.477    OS Version: Windows x64 6.1.7601 Service Pack 1
21:56:19.477    Number of processors: 8 586 0x3A09
21:56:19.478    ComputerName: REVAN-PC  UserName: Revan
21:56:20.200    Initialize success
21:56:20.200    VM: initialized successfully
21:56:20.203    VM: Intel CPU BiosDisabled 
21:56:21.963    VM: supported disk I/O iaStor.sys
21:56:41.549    AVAST engine defs: 14090701
21:56:48.144    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:56:48.146    Disk 0 Vendor: SAMSUNG_ CXM1 Size: 984401MB BusType: 3
21:56:48.148    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:56:48.150    Disk 1 Vendor: WDC_WD10 01.0 Size: 984401MB BusType: 3
21:56:48.157    Disk 0 MBR read successfully
21:56:48.159    Disk 0 MBR scan
21:56:48.163    Disk 0 Windows 7 default MBR code
21:56:48.165    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
21:56:48.168    Disk 0 default boot code
21:56:48.173    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       939198 MB offset 411648
21:56:48.178    Disk 0 Partition 3 00     07    HPFS/NTFS             25000 MB offset 1923890608
21:56:48.389    Disk 0 Partition 4 00     12  Compaq diag             20001 MB offset 1975090608
21:56:48.395    Disk 0 scanning C:\Windows\system32\drivers
21:56:48.399    Service scanning
21:56:49.084    Service BHDrvx64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys **LOCKED** 5
21:56:50.109    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
21:56:50.215    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
21:56:51.040    Service IDSVia64 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140905.001\IDSvia64.sys **LOCKED** 5
21:56:52.315    Service NAVENG C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140907.003\ENG64.SYS **LOCKED** 5
21:56:52.389    Service NAVEX15 C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140907.003\EX64.SYS **LOCKED** 5
21:56:57.743    Modules scanning
21:56:57.749    Disk 0 trace - called modules:
21:56:57.755    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:56:57.759    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009fd0790]
21:56:57.763    3 CLASSPNP.SYS[fffff88001efc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800779f050]
21:56:58.562    AVAST engine scan C:\Windows
21:56:58.566    AVAST engine scan C:\Windows\system32
21:56:58.571    AVAST engine scan C:\Windows\system32\drivers
21:56:58.575    AVAST engine scan C:\Users\Revan
21:56:58.579    AVAST engine scan C:\ProgramData
21:56:58.583    Scan finished successfully
21:57:08.944    Disk 0 MBR has been saved successfully to "C:\Users\Revan\Desktop\MBR.dat"
21:57:08.948    The log file has been saved successfully to "C:\Users\Revan\Desktop\aswMBR.txt"
 
TDSSKiller Log:
 
21:58:39.0627 0x3ee4  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
21:58:44.0290 0x3ee4  ============================================================
21:58:44.0291 0x3ee4  Current date / time: 2014/09/07 21:58:44.0290
21:58:44.0291 0x3ee4  SystemInfo:
21:58:44.0291 0x3ee4  
21:58:44.0291 0x3ee4  OS Version: 6.1.7601 ServicePack: 1.0
21:58:44.0291 0x3ee4  Product type: Workstation
21:58:44.0291 0x3ee4  ComputerName: REVAN-PC
21:58:44.0291 0x3ee4  UserName: Revan
21:58:44.0291 0x3ee4  Windows directory: C:\Windows
21:58:44.0291 0x3ee4  System windows directory: C:\Windows
21:58:44.0291 0x3ee4  Running under WOW64
21:58:44.0291 0x3ee4  Processor architecture: Intel x64
21:58:44.0291 0x3ee4  Number of processors: 8
21:58:44.0291 0x3ee4  Page size: 0x1000
21:58:44.0291 0x3ee4  Boot type: Normal boot
21:58:44.0291 0x3ee4  ============================================================
21:58:44.0429 0x3ee4  KLMD registered as C:\Windows\system32\drivers\67215832.sys
21:58:44.0662 0x3ee4  System UUID: {75DB0291-ABB3-A920-BEE2-22ED293246A5}
21:58:44.0960 0x3ee4  Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000 ( 29.82 Gb ), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:44.0967 0x3ee4  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:58:44.0971 0x3ee4  ============================================================
21:58:44.0971 0x3ee4  \Device\Harddisk0\DR0:
21:58:44.0971 0x3ee4  MBR partitions:
21:58:44.0971 0x3ee4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
21:58:44.0971 0x3ee4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x72A5F5B0
21:58:44.0971 0x3ee4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72AC3DB0, BlocksNum 0x30D4000
21:58:44.0971 0x3ee4  \Device\Harddisk1\DR1:
21:58:44.0971 0x3ee4  MBR partitions:
21:58:44.0971 0x3ee4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x6EF22000, BlocksNum 0x30D4000
21:58:44.0971 0x3ee4  ============================================================
21:58:44.0979 0x3ee4  C: <-> \Device\Harddisk0\DR0\Partition2
21:58:44.0979 0x3ee4  ============================================================
21:58:44.0979 0x3ee4  Initialize success
21:58:44.0979 0x3ee4  ============================================================
21:58:48.0917 0x3bc8  ============================================================
21:58:48.0917 0x3bc8  Scan started
21:58:48.0917 0x3bc8  Mode: Manual; 
21:58:48.0917 0x3bc8  ============================================================
21:58:48.0917 0x3bc8  KSN ping started
21:58:55.0005 0x3bc8  KSN ping finished: true
21:58:55.0611 0x3bc8  ================ Scan system memory ========================
21:58:55.0611 0x3bc8  System memory - ok
21:58:55.0611 0x3bc8  ================ Scan services =============================
21:58:55.0676 0x3bc8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:58:55.0681 0x3bc8  1394ohci - ok
21:58:55.0706 0x3bc8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:58:55.0712 0x3bc8  ACPI - ok
21:58:55.0715 0x3bc8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:58:55.0716 0x3bc8  AcpiPmi - ok
21:58:55.0723 0x3bc8  [ 5E813B11629007309E4FC0F0FD2B7C30, A8FDC3994D236248B7FAEA572E987C8D5903AF5305E06D624909DE786FA811BA ] ACPIVPC         C:\Windows\system32\DRIVERS\AcpiVpc.sys
21:58:55.0724 0x3bc8  ACPIVPC - ok
21:58:55.0754 0x3bc8  AdobeFlashPlayerUpdateSvc - ok
21:58:55.0772 0x3bc8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:58:55.0780 0x3bc8  adp94xx - ok
21:58:55.0793 0x3bc8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:58:55.0798 0x3bc8  adpahci - ok
21:58:55.0807 0x3bc8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:58:55.0810 0x3bc8  adpu320 - ok
21:58:55.0818 0x3bc8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:58:55.0819 0x3bc8  AeLookupSvc - ok
21:58:55.0821 0x3bc8  AFD - ok
21:58:55.0827 0x3bc8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
21:58:55.0829 0x3bc8  agp440 - ok
21:58:55.0835 0x3bc8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
21:58:55.0837 0x3bc8  ALG - ok
21:58:55.0840 0x3bc8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:58:55.0841 0x3bc8  aliide - ok
21:58:55.0845 0x3bc8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:58:55.0846 0x3bc8  amdide - ok
21:58:55.0853 0x3bc8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:58:55.0854 0x3bc8  AmdK8 - ok
21:58:55.0860 0x3bc8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:58:55.0861 0x3bc8  AmdPPM - ok
21:58:55.0868 0x3bc8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:58:55.0870 0x3bc8  amdsata - ok
21:58:55.0877 0x3bc8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:58:55.0881 0x3bc8  amdsbs - ok
21:58:55.0885 0x3bc8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:58:55.0886 0x3bc8  amdxata - ok
21:58:55.0888 0x3bc8  AMPPAL - ok
21:58:55.0890 0x3bc8  AMPPALP - ok
21:58:55.0899 0x3bc8  AMPPALR3 - ok
21:58:55.0904 0x3bc8  AntiLog32 - ok
21:58:55.0908 0x3bc8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
21:58:55.0910 0x3bc8  AppID - ok
21:58:55.0915 0x3bc8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:58:55.0916 0x3bc8  AppIDSvc - ok
21:58:55.0918 0x3bc8  Appinfo - ok
21:58:55.0923 0x3bc8  Apple Mobile Device - ok
21:58:55.0929 0x3bc8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
21:58:55.0931 0x3bc8  arc - ok
21:58:55.0936 0x3bc8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:58:55.0938 0x3bc8  arcsas - ok
21:58:55.0958 0x3bc8  aspnet_state - ok
21:58:55.0963 0x3bc8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:55.0964 0x3bc8  AsyncMac - ok
21:58:55.0969 0x3bc8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:58:55.0970 0x3bc8  atapi - ok
21:58:55.0993 0x3bc8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:58:56.0004 0x3bc8  AudioEndpointBuilder - ok
21:58:56.0017 0x3bc8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:58:56.0026 0x3bc8  AudioSrv - ok
21:58:56.0033 0x3bc8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:58:56.0035 0x3bc8  AxInstSV - ok
21:58:56.0052 0x3bc8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:58:56.0060 0x3bc8  b06bdrv - ok
21:58:56.0072 0x3bc8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:56.0077 0x3bc8  b57nd60a - ok
21:58:56.0085 0x3bc8  [ BC9E4469FE2CE605902D4C8BB09E8236, 13C906DEE487E46037F6DAB82CD65B49CECCA8A7BAC9E1FFD34767AA288A9B76 ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
21:58:56.0088 0x3bc8  bcbtums - ok
21:58:56.0095 0x3bc8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:58:56.0097 0x3bc8  BDESVC - ok
21:58:56.0101 0x3bc8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:58:56.0102 0x3bc8  Beep - ok
21:58:56.0126 0x3bc8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
21:58:56.0138 0x3bc8  BFE - ok
21:58:56.0143 0x3bc8  BHDrvx64 - ok
21:58:56.0168 0x3bc8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
21:58:56.0185 0x3bc8  BITS - ok
21:58:56.0192 0x3bc8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:58:56.0193 0x3bc8  blbdrive - ok
21:58:56.0196 0x3bc8  Bonjour Service - ok
21:58:56.0204 0x3bc8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:58:56.0206 0x3bc8  bowser - ok
21:58:56.0209 0x3bc8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:58:56.0210 0x3bc8  BrFiltLo - ok
21:58:56.0214 0x3bc8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:58:56.0215 0x3bc8  BrFiltUp - ok
21:58:56.0217 0x3bc8  Browser - ok
21:58:56.0226 0x3bc8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:58:56.0231 0x3bc8  Brserid - ok
21:58:56.0234 0x3bc8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:56.0235 0x3bc8  BrSerWdm - ok
21:58:56.0239 0x3bc8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:56.0240 0x3bc8  BrUsbMdm - ok
21:58:56.0243 0x3bc8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:56.0244 0x3bc8  BrUsbSer - ok
21:58:56.0247 0x3bc8  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:58:56.0248 0x3bc8  BthEnum - ok
21:58:56.0252 0x3bc8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:58:56.0253 0x3bc8  BTHMODEM - ok
21:58:56.0259 0x3bc8  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:58:56.0261 0x3bc8  BthPan - ok
21:58:56.0277 0x3bc8  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
21:58:56.0286 0x3bc8  BTHPORT - ok
21:58:56.0292 0x3bc8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
21:58:56.0294 0x3bc8  bthserv - ok
21:58:56.0295 0x3bc8  BTHSSecurityMgr - ok
21:58:56.0303 0x3bc8  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
21:58:56.0304 0x3bc8  BTHUSB - ok
21:58:56.0322 0x3bc8  [ 93F0E54C65EF7FCB56287FA685E4C4B7, FF8644C2F9DC4CDB1BDBD7C25968225769B2DAE7E063BE0FEDCD51809C48CB4D ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
21:58:56.0332 0x3bc8  btwampfl - ok
21:58:56.0341 0x3bc8  [ D1F3C58892C621935947C0261BAEF3C0, AEDAF86A78F615C9124A968568FAA41AA145E6AAE910AB16E370B83BC67BB603 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:58:56.0344 0x3bc8  btwaudio - ok
21:58:56.0353 0x3bc8  [ 9C7A3858D87F3A2574C1D326CA6C1461, EA98D1DE3E1BF3BB952FC11511082EC1D398B448C712141B7FC35AFB7E40C4E5 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
21:58:56.0357 0x3bc8  btwavdt - ok
21:58:56.0385 0x3bc8  [ CE6AD9E2874D19069569F03C819B558C, 719326983BC442B416651DB51DD20AA32455B93A79C48B386913296F65B50E6F ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
21:58:56.0402 0x3bc8  btwdins - ok
21:58:56.0406 0x3bc8  [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:58:56.0407 0x3bc8  btwl2cap - ok
21:58:56.0412 0x3bc8  [ BB892C59D453E127797F8C5B203678DC, 9ED6E44B1E1050F275BEDE733970F455867147F6EC08CD6522E5AA2F55CB5B71 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:58:56.0413 0x3bc8  btwrchid - ok
21:58:56.0415 0x3bc8  cbfs3 - ok
21:58:56.0418 0x3bc8  ccSet_N360 - ok
21:58:56.0422 0x3bc8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:58:56.0424 0x3bc8  cdfs - ok
21:58:56.0429 0x3bc8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:58:56.0431 0x3bc8  cdrom - ok
21:58:56.0436 0x3bc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:58:56.0437 0x3bc8  CertPropSvc - ok
21:58:56.0441 0x3bc8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:58:56.0442 0x3bc8  circlass - ok
21:58:56.0451 0x3bc8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
21:58:56.0457 0x3bc8  CLFS - ok
21:58:56.0466 0x3bc8  [ 524DC3807CB1746225F9D26ADD19C319, DC23392E8C542B02860BA1F57F03AD08A58B256D155CC6B81A48691A79D3A3F6 ] CLKMSVC10_3A60B698 C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe
21:58:56.0471 0x3bc8  CLKMSVC10_3A60B698 - ok
21:58:56.0476 0x3bc8  clr_optimization_v2.0.50727_32 - ok
21:58:56.0479 0x3bc8  clr_optimization_v2.0.50727_64 - ok
21:58:56.0486 0x3bc8  clr_optimization_v4.0.30319_32 - ok
21:58:56.0489 0x3bc8  clr_optimization_v4.0.30319_64 - ok
21:58:56.0492 0x3bc8  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
21:58:56.0493 0x3bc8  clwvd - ok
21:58:56.0496 0x3bc8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:58:56.0497 0x3bc8  CmBatt - ok
21:58:56.0499 0x3bc8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:58:56.0500 0x3bc8  cmdide - ok
21:58:56.0502 0x3bc8  CNG - ok
21:58:56.0505 0x3bc8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:58:56.0506 0x3bc8  Compbatt - ok
21:58:56.0510 0x3bc8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:58:56.0511 0x3bc8  CompositeBus - ok
21:58:56.0513 0x3bc8  COMSysApp - ok
21:58:56.0534 0x3bc8  cphs - ok
21:58:56.0536 0x3bc8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:58:56.0537 0x3bc8  crcdisk - ok
21:58:56.0540 0x3bc8  CryptSvc - ok
21:58:56.0545 0x3bc8  DAUpdaterSvc - ok
21:58:56.0558 0x3bc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:58:56.0566 0x3bc8  DcomLaunch - ok
21:58:56.0575 0x3bc8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:58:56.0579 0x3bc8  defragsvc - ok
21:58:56.0584 0x3bc8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:58:56.0586 0x3bc8  DfsC - ok
21:58:56.0588 0x3bc8  dg_ssudbus - ok
21:58:56.0597 0x3bc8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:58:56.0602 0x3bc8  Dhcp - ok
21:58:56.0605 0x3bc8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
21:58:56.0606 0x3bc8  discache - ok
21:58:56.0610 0x3bc8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
21:58:56.0612 0x3bc8  Disk - ok
21:58:56.0617 0x3bc8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:58:56.0621 0x3bc8  Dnscache - ok
21:58:56.0628 0x3bc8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:58:56.0632 0x3bc8  dot3svc - ok
21:58:56.0639 0x3bc8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
21:58:56.0642 0x3bc8  DPS - ok
21:58:56.0645 0x3bc8  drmkaud - ok
21:58:56.0647 0x3bc8  DXGKrnl - ok
21:58:56.0651 0x3bc8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
21:58:56.0654 0x3bc8  EapHost - ok
21:58:56.0710 0x3bc8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
21:58:56.0762 0x3bc8  ebdrv - ok
21:58:56.0777 0x3bc8  [ 5E346ADBAD5110EAB2E9808ABE877A00, 4B72C34E41B8AA15D166F65B5A037A1230A9FF65F827D18A57E2198573616EAD ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:58:56.0784 0x3bc8  eeCtrl - ok
21:58:56.0787 0x3bc8  EFS - ok
21:58:56.0803 0x3bc8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:58:56.0814 0x3bc8  ehRecvr - ok
21:58:56.0819 0x3bc8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
21:58:56.0822 0x3bc8  ehSched - ok
21:58:56.0834 0x3bc8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:58:56.0843 0x3bc8  elxstor - ok
21:58:56.0845 0x3bc8  EraserUtilRebootDrv - ok
21:58:56.0848 0x3bc8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:58:56.0849 0x3bc8  ErrDev - ok
21:58:56.0861 0x3bc8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
21:58:56.0866 0x3bc8  EventSystem - ok
21:58:56.0883 0x3bc8  [ C8559336BB21FF701CBEF14527D7660F, AE8CD6514C0B121B260D9101D76E6225599B832504EB5719FD110E348C9E6682 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:58:56.0893 0x3bc8  EvtEng - ok
21:58:56.0899 0x3bc8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:58:56.0903 0x3bc8  exfat - ok
21:58:56.0909 0x3bc8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:58:56.0912 0x3bc8  fastfat - ok
21:58:56.0927 0x3bc8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
21:58:56.0938 0x3bc8  Fax - ok
21:58:56.0942 0x3bc8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
21:58:56.0943 0x3bc8  fdc - ok
21:58:56.0945 0x3bc8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
21:58:56.0946 0x3bc8  fdPHost - ok
21:58:56.0949 0x3bc8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:58:56.0951 0x3bc8  FDResPub - ok
21:58:56.0954 0x3bc8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:58:56.0955 0x3bc8  FileInfo - ok
21:58:56.0959 0x3bc8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:58:56.0960 0x3bc8  Filetrace - ok
21:58:56.0962 0x3bc8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:58:56.0963 0x3bc8  flpydisk - ok
21:58:56.0971 0x3bc8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:58:56.0976 0x3bc8  FltMgr - ok
21:58:56.0978 0x3bc8  FontCache - ok
21:58:56.0982 0x3bc8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:58:56.0983 0x3bc8  FontCache3.0.0.0 - ok
21:58:56.0986 0x3bc8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:58:56.0987 0x3bc8  FsDepends - ok
21:58:56.0991 0x3bc8  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:58:56.0992 0x3bc8  fssfltr - ok
21:58:57.0014 0x3bc8  [ 695CD01298D8D79654F7583DD075F356, DDC33A9235C3AF3825F419B2859653ED31F8BAF1D5945A8D0B7E653009277EF4 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:58:57.0085 0x3bc8  Suspicious file ( Forged ): C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe. Real md5: 695CD01298D8D79654F7583DD075F356, sha256: DDC33A9235C3AF3825F419B2859653ED31F8BAF1D5945A8D0B7E653009277EF4, fake md5: 4CE9DAC1518FF7E77BD213E6394B9D77, fake sha256: D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03
21:58:57.0086 0x3bc8  fsssvc - detected ForgedFile.Multi.Generic ( 1 )
21:58:59.0598 0x3bc8  Detect skipped due to KSN trusted
21:58:59.0598 0x3bc8  fsssvc - ok
21:58:59.0603 0x3bc8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:58:59.0604 0x3bc8  Fs_Rec - ok
21:58:59.0606 0x3bc8  fvevol - ok
21:58:59.0610 0x3bc8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:58:59.0611 0x3bc8  gagp30kx - ok
21:58:59.0614 0x3bc8  GEARAspiWDM - ok
21:58:59.0631 0x3bc8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:58:59.0644 0x3bc8  gpsvc - ok
21:58:59.0650 0x3bc8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:59.0652 0x3bc8  gupdate - ok
21:58:59.0656 0x3bc8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:59.0659 0x3bc8  gupdatem - ok
21:58:59.0661 0x3bc8  gusvc - ok
21:58:59.0664 0x3bc8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:58:59.0666 0x3bc8  hcw85cir - ok
21:58:59.0674 0x3bc8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:58:59.0680 0x3bc8  HdAudAddService - ok
21:58:59.0685 0x3bc8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:58:59.0688 0x3bc8  HDAudBus - ok
21:58:59.0691 0x3bc8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:58:59.0692 0x3bc8  HidBatt - ok
21:58:59.0696 0x3bc8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:58:59.0698 0x3bc8  HidBth - ok
21:58:59.0701 0x3bc8  [ D2A9A5AA05260DF1ACF2A5DFC006D72D, 862AFD8E1D7D8C855520D0E3E02B21BBE2E614062E3DC3ED4E7B0F93803B8C85 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:58:59.0741 0x3bc8  Suspicious file ( Forged ): C:\Windows\system32\drivers\hidir.sys. Real md5: D2A9A5AA05260DF1ACF2A5DFC006D72D, sha256: 862AFD8E1D7D8C855520D0E3E02B21BBE2E614062E3DC3ED4E7B0F93803B8C85, fake md5: 0A77D29F311B88CFAE3B13F9C1A73825, fake sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
21:58:59.0741 0x3bc8  HidIr - detected ForgedFile.Multi.Generic ( 1 )
21:59:02.0434 0x3bc8  Detect skipped due to KSN trusted
21:59:02.0434 0x3bc8  HidIr - ok
21:59:02.0438 0x3bc8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
21:59:02.0440 0x3bc8  hidserv - ok
21:59:02.0442 0x3bc8  HidUsb - ok
21:59:02.0446 0x3bc8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:59:02.0449 0x3bc8  hkmsvc - ok
21:59:02.0456 0x3bc8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:02.0461 0x3bc8  HomeGroupListener - ok
21:59:02.0467 0x3bc8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:02.0471 0x3bc8  HomeGroupProvider - ok
21:59:02.0475 0x3bc8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:59:02.0477 0x3bc8  HpSAMD - ok
21:59:02.0481 0x3bc8  [ 436819F9B8B0032791400BD5B4934FAB, B5BEF99DA8F352BED7041052B220EE2AA421FFF8BE9053DAAE20B47D274DE323 ] hswpan          C:\Windows\system32\DRIVERS\hswpan.sys
21:59:02.0484 0x3bc8  hswpan - ok
21:59:02.0500 0x3bc8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:59:02.0512 0x3bc8  HTTP - ok
21:59:02.0515 0x3bc8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:59:02.0515 0x3bc8  hwpolicy - ok
21:59:02.0518 0x3bc8  [ 2EB5187E2EC1C43DAC0DDC4BC8BFA956, 5F8E854C87CA03EB1DDCDA6B5DBA33A2F3DB49F55B9AB898D881031FE00772E9 ] hybridcfile     C:\Windows\system32\DRIVERS\HybridCFileX64.sys
21:59:02.0519 0x3bc8  hybridcfile - ok
21:59:02.0522 0x3bc8  [ BD626AE95B6E156F318D673E32012C14, 380B7BC52D8DC4312434D60C84B0D45069F40357DCCF349F0753DF180BCBE4D0 ] HybridDisk      C:\Windows\system32\DRIVERS\HybridDiskX64.sys
21:59:02.0523 0x3bc8  HybridDisk - ok
21:59:02.0527 0x3bc8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:02.0529 0x3bc8  i8042prt - ok
21:59:02.0543 0x3bc8  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:59:02.0550 0x3bc8  iaStor - ok
21:59:02.0555 0x3bc8  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:59:02.0555 0x3bc8  IAStorDataMgrSvc - ok
21:59:02.0565 0x3bc8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:59:02.0572 0x3bc8  iaStorV - ok
21:59:02.0577 0x3bc8  idsvc - ok
21:59:02.0581 0x3bc8  IDSVia64 - ok
21:59:02.0583 0x3bc8  IEEtwCollectorService - ok
21:59:02.0585 0x3bc8  igfx - ok
21:59:02.0590 0x3bc8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:59:02.0591 0x3bc8  iirsp - ok
21:59:02.0593 0x3bc8  IKEEXT - ok
21:59:02.0598 0x3bc8  [ CADDF0927DAC63EDAE48F5C35A61D87D, C46006461311B1563C1D149B9D60B202F30147265B9D93069B084D03A09D2BEC ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:59:02.0599 0x3bc8  intaud_WaveExtensible - ok
21:59:02.0679 0x3bc8  [ D830262519DDCDFC8BE34EB7047C22DC, A3D41BD7EDBAD0B64245824E920804FB98468E32A649A7983AB3C13C89144D23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:59:02.0754 0x3bc8  IntcAzAudAddService - ok
21:59:02.0767 0x3bc8  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
21:59:02.0773 0x3bc8  IntcDAud - ok
21:59:02.0787 0x3bc8  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:59:02.0797 0x3bc8  Intel® Capability Licensing Service Interface - ok
21:59:02.0800 0x3bc8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:59:02.0801 0x3bc8  intelide - ok
21:59:02.0805 0x3bc8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:59:02.0806 0x3bc8  intelppm - ok
21:59:02.0811 0x3bc8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:59:02.0813 0x3bc8  IPBusEnum - ok
21:59:02.0817 0x3bc8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:02.0819 0x3bc8  IpFilterDriver - ok
21:59:02.0821 0x3bc8  iphlpsvc - ok
21:59:02.0825 0x3bc8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:59:02.0827 0x3bc8  IPMIDRV - ok
21:59:02.0831 0x3bc8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:59:02.0833 0x3bc8  IPNAT - ok
21:59:02.0835 0x3bc8  iPod Service - ok
21:59:02.0838 0x3bc8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:59:02.0839 0x3bc8  IRENUM - ok
21:59:02.0842 0x3bc8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:59:02.0843 0x3bc8  isapnp - ok
21:59:02.0850 0x3bc8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:59:02.0855 0x3bc8  iScsiPrt - ok
21:59:02.0857 0x3bc8  iusb3hcs - ok
21:59:02.0859 0x3bc8  iusb3hub - ok
21:59:02.0861 0x3bc8  iusb3xhc - ok
21:59:02.0865 0x3bc8  [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
21:59:02.0867 0x3bc8  iwdbus - ok
21:59:02.0872 0x3bc8  [ 09CA717536671E0896E07D239EE6740F, 5E1A4A1490D38DBDF21DD655D2139FC2856F5CAED6A72C4C6E65BF6C01C896CE ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
21:59:02.0875 0x3bc8  jhi_service - ok
21:59:02.0881 0x3bc8  [ DD931496F49CDDF4F0B440455423E162, 333F2631ADD9F8CC72ADE94D280C25BF90927D4A1C0ABA5FED902B392ECC5502 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
21:59:02.0884 0x3bc8  JMCR - ok
21:59:02.0888 0x3bc8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:02.0889 0x3bc8  kbdclass - ok
21:59:02.0892 0x3bc8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:02.0893 0x3bc8  kbdhid - ok
21:59:02.0895 0x3bc8  KeyIso - ok
21:59:02.0897 0x3bc8  KSecDD - ok
21:59:02.0899 0x3bc8  KSecPkg - ok
21:59:02.0902 0x3bc8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:59:02.0903 0x3bc8  ksthunk - ok
21:59:02.0912 0x3bc8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:59:02.0919 0x3bc8  KtmRm - ok
21:59:02.0923 0x3bc8  [ FC741259B7C22379EE83257D7CF91151, 37FAA2E03DFE8C04762178EC7C0AD7AB383155772EFF857D7D27225F8DF29C5B ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
21:59:02.0926 0x3bc8  L1C - ok
21:59:02.0933 0x3bc8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:59:02.0938 0x3bc8  LanmanServer - ok
21:59:02.0942 0x3bc8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:59:02.0946 0x3bc8  LanmanWorkstation - ok
21:59:02.0950 0x3bc8  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX64.sys
21:59:02.0951 0x3bc8  LHDmgr - ok
21:59:02.0954 0x3bc8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:59:02.0956 0x3bc8  lltdio - ok
21:59:02.0964 0x3bc8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:59:02.0970 0x3bc8  lltdsvc - ok
21:59:02.0973 0x3bc8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:59:02.0974 0x3bc8  lmhosts - ok
21:59:02.0981 0x3bc8  [ A60D56228FF3EE7EC1A56A908924680E, A50D75BB87CF4858681720380E9E1EF7FDFE1411E10D856F3E7BBAF3FB1EDDFC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:59:02.0985 0x3bc8  LMS - ok
21:59:02.0991 0x3bc8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:59:02.0993 0x3bc8  LSI_FC - ok
21:59:02.0998 0x3bc8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:59:03.0000 0x3bc8  LSI_SAS - ok
21:59:03.0003 0x3bc8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:59:03.0005 0x3bc8  LSI_SAS2 - ok
21:59:03.0009 0x3bc8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:59:03.0012 0x3bc8  LSI_SCSI - ok
21:59:03.0016 0x3bc8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
21:59:03.0018 0x3bc8  luafv - ok
21:59:03.0020 0x3bc8  McAfee SiteAdvisor Service - ok
21:59:03.0025 0x3bc8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:59:03.0027 0x3bc8  Mcx2Svc - ok
21:59:03.0030 0x3bc8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:59:03.0031 0x3bc8  megasas - ok
21:59:03.0037 0x3bc8  [ A2BD129C8B7E87EA4DA821D729F177BB, 436DF7C10C5E7BE6FEDEE1D98DE6A080322C956A17D7E2339BEB1703D45C89EC ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:59:03.0095 0x3bc8  Suspicious file ( Forged ): C:\Windows\system32\drivers\MegaSR.sys. Real md5: A2BD129C8B7E87EA4DA821D729F177BB, sha256: 436DF7C10C5E7BE6FEDEE1D98DE6A080322C956A17D7E2339BEB1703D45C89EC, fake md5: BAF74CE0072480C3B6B7C13B2A94D6B3, fake sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
21:59:03.0096 0x3bc8  MegaSR - detected ForgedFile.Multi.Generic ( 1 )
21:59:05.0552 0x3bc8  Detect skipped due to KSN trusted
21:59:05.0552 0x3bc8  MegaSR - ok
21:59:05.0555 0x3bc8  MEIx64 - ok
21:59:05.0562 0x3bc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
21:59:05.0563 0x3bc8  MMCSS - ok
21:59:05.0566 0x3bc8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
21:59:05.0567 0x3bc8  Modem - ok
21:59:05.0570 0x3bc8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:59:05.0571 0x3bc8  monitor - ok
21:59:05.0575 0x3bc8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:59:05.0576 0x3bc8  mouclass - ok
21:59:05.0579 0x3bc8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:59:05.0580 0x3bc8  mouhid - ok
21:59:05.0584 0x3bc8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:59:05.0586 0x3bc8  mountmgr - ok
21:59:05.0592 0x3bc8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:59:05.0595 0x3bc8  mpio - ok
21:59:05.0598 0x3bc8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:59:05.0600 0x3bc8  mpsdrv - ok
21:59:05.0618 0x3bc8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:59:05.0633 0x3bc8  MpsSvc - ok
21:59:05.0635 0x3bc8  MRxDAV - ok
21:59:05.0641 0x3bc8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:05.0644 0x3bc8  mrxsmb - ok
21:59:05.0651 0x3bc8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:05.0656 0x3bc8  mrxsmb10 - ok
21:59:05.0661 0x3bc8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:05.0664 0x3bc8  mrxsmb20 - ok
21:59:05.0667 0x3bc8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:59:05.0668 0x3bc8  msahci - ok
21:59:05.0673 0x3bc8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:59:05.0675 0x3bc8  msdsm - ok
21:59:05.0680 0x3bc8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
21:59:05.0684 0x3bc8  MSDTC - ok
21:59:05.0688 0x3bc8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:59:05.0690 0x3bc8  Msfs - ok
21:59:05.0692 0x3bc8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:59:05.0693 0x3bc8  mshidkmdf - ok
21:59:05.0695 0x3bc8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:59:05.0696 0x3bc8  msisadrv - ok
21:59:05.0701 0x3bc8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:59:05.0705 0x3bc8  MSiSCSI - ok
21:59:05.0707 0x3bc8  msiserver - ok
21:59:05.0710 0x3bc8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:59:05.0711 0x3bc8  MSKSSRV - ok
21:59:05.0713 0x3bc8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:05.0714 0x3bc8  MSPCLOCK - ok
21:59:05.0716 0x3bc8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:59:05.0717 0x3bc8  MSPQM - ok
21:59:05.0725 0x3bc8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:59:05.0731 0x3bc8  MsRPC - ok
21:59:05.0736 0x3bc8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:05.0737 0x3bc8  mssmbios - ok
21:59:05.0739 0x3bc8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:59:05.0740 0x3bc8  MSTEE - ok
21:59:05.0742 0x3bc8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:59:05.0743 0x3bc8  MTConfig - ok
21:59:05.0746 0x3bc8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
21:59:05.0748 0x3bc8  Mup - ok
21:59:05.0750 0x3bc8  MyWiFiDHCPDNS - ok
21:59:05.0752 0x3bc8  N360 - ok
21:59:05.0764 0x3bc8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
21:59:05.0772 0x3bc8  napagent - ok
21:59:05.0781 0x3bc8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:59:05.0787 0x3bc8  NativeWifiP - ok
21:59:05.0789 0x3bc8  NAVENG - ok
21:59:05.0791 0x3bc8  NAVEX15 - ok
21:59:05.0794 0x3bc8  NDIS - ok
21:59:05.0798 0x3bc8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:05.0799 0x3bc8  NdisCap - ok
21:59:05.0802 0x3bc8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:05.0803 0x3bc8  NdisTapi - ok
21:59:05.0806 0x3bc8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:05.0808 0x3bc8  Ndisuio - ok
21:59:05.0813 0x3bc8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:05.0816 0x3bc8  NdisWan - ok
21:59:05.0820 0x3bc8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:59:05.0821 0x3bc8  NDProxy - ok
21:59:05.0825 0x3bc8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:59:05.0826 0x3bc8  NetBIOS - ok
21:59:05.0833 0x3bc8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:59:05.0838 0x3bc8  NetBT - ok
21:59:05.0840 0x3bc8  Netlogon - ok
21:59:05.0849 0x3bc8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
21:59:05.0855 0x3bc8  Netman - ok
21:59:05.0861 0x3bc8  NetMsmqActivator - ok
21:59:05.0863 0x3bc8  NetPipeActivator - ok
21:59:05.0874 0x3bc8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
21:59:05.0882 0x3bc8  netprofm - ok
21:59:05.0884 0x3bc8  NetTcpActivator - ok
21:59:05.0886 0x3bc8  NetTcpPortSharing - ok
21:59:06.0073 0x3bc8  [ DB8B323B4F2B46B32ECD2BAE7955E4AA, 89BC9F951B08A8566837DF442C95842061B921B79102A8AD2245783717355B34 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw00.sys
21:59:06.0254 0x3bc8  NETwNs64 - ok
21:59:06.0268 0x3bc8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:59:06.0269 0x3bc8  nfrd960 - ok
21:59:06.0277 0x3bc8  [ D8EC8F32FCA97215C68F7BDC872207C5, A66F2DCB6C6869B5D96B72011A12FA0FDFACE516D835F2AABF870FE7E822CD09 ] NitroDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
21:59:06.0290 0x3bc8  NitroDriverReadSpool2 - ok
21:59:06.0293 0x3bc8  NlaSvc - ok
21:59:06.0317 0x3bc8  [ 35DE38E9AD9A05A4B9D48AD19BB5A746, 1D793F5159AC1AFCF816086257AD28E652F5D571808D1E1DCE97A9A1E38329AC ] nlsX86cc        C:\Windows\SysWOW64\NLSSRV32.EXE
21:59:06.0330 0x3bc8  nlsX86cc - ok
21:59:06.0333 0x3bc8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:59:06.0335 0x3bc8  Npfs - ok
21:59:06.0338 0x3bc8  [ 686398C3A52EE6588948EAC0C01B126C, 81712D5154535F54E492BA14F3B9140AF3A179D4BED5A1E084F3961275A6B39D ] NSD             C:\Windows\system32\drivers\nsd.sys
21:59:06.0339 0x3bc8  NSD - ok
21:59:06.0342 0x3bc8  [ 2152DC8E58391562C9F07998C6FCCF8C, BE89243A90FC3A3D5A628E6C1DF9CB2B51839C907AD4CE1A30C38D4260FC0DCC ] Nsdfltr         C:\Windows\system32\drivers\Nsdfltr.sys
21:59:06.0344 0x3bc8  Nsdfltr - ok
21:59:06.0348 0x3bc8  [ 486EC2BDC09FBAC5814032D38215010A, 70B1588AAF8897F36D09922BEECD8DBC6B922904B2B0E3EE3F0561624C0DE634 ] NSDSvc          C:\Windows\System32\NSDSvc.exe
21:59:06.0351 0x3bc8  NSDSvc - ok
21:59:06.0354 0x3bc8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
21:59:06.0356 0x3bc8  nsi - ok
21:59:06.0358 0x3bc8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:59:06.0359 0x3bc8  nsiproxy - ok
21:59:06.0362 0x3bc8  Ntfs - ok
21:59:06.0364 0x3bc8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
21:59:06.0365 0x3bc8  Null - ok
21:59:06.0368 0x3bc8  nvlddmkm - ok
21:59:06.0370 0x3bc8  NvNetworkService - ok
21:59:06.0372 0x3bc8  nvpciflt - ok
21:59:06.0378 0x3bc8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:59:06.0381 0x3bc8  nvraid - ok
21:59:06.0386 0x3bc8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:59:06.0389 0x3bc8  nvstor - ok
21:59:06.0394 0x3bc8  [ 86E50463CBA2B4F96A7D314FBEFC155A, 28CAC5E036C9283D2D2751F83643AB72BA63E0C939E4A71022C5343E1BF1E080 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
21:59:06.0395 0x3bc8  NvStreamKms - ok
21:59:06.0397 0x3bc8  NvStreamSvc - ok
21:59:06.0417 0x3bc8  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:59:06.0434 0x3bc8  nvsvc - ok
21:59:06.0437 0x3bc8  nvvad_WaveExtensible - ok
21:59:06.0442 0x3bc8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:59:06.0444 0x3bc8  nv_agp - ok
21:59:06.0449 0x3bc8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:59:06.0451 0x3bc8  ohci1394 - ok
21:59:06.0459 0x3bc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:59:06.0465 0x3bc8  p2pimsvc - ok
21:59:06.0476 0x3bc8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
21:59:06.0484 0x3bc8  p2psvc - ok
21:59:06.0489 0x3bc8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
21:59:06.0491 0x3bc8  Parport - ok
21:59:06.0495 0x3bc8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:59:06.0497 0x3bc8  partmgr - ok
21:59:06.0503 0x3bc8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:59:06.0507 0x3bc8  PcaSvc - ok
21:59:06.0515 0x3bc8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
21:59:06.0518 0x3bc8  pci - ok
21:59:06.0521 0x3bc8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:59:06.0522 0x3bc8  pciide - ok
21:59:06.0529 0x3bc8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:59:06.0533 0x3bc8  pcmcia - ok
21:59:06.0537 0x3bc8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:59:06.0538 0x3bc8  pcw - ok
21:59:06.0552 0x3bc8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:59:06.0563 0x3bc8  PEAUTH - ok
21:59:06.0568 0x3bc8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:59:06.0569 0x3bc8  PerfHost - ok
21:59:06.0599 0x3bc8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
21:59:06.0624 0x3bc8  pla - ok
21:59:06.0635 0x3bc8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:59:06.0642 0x3bc8  PlugPlay - ok
21:59:06.0646 0x3bc8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:59:06.0648 0x3bc8  PNRPAutoReg - ok
21:59:06.0656 0x3bc8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:59:06.0661 0x3bc8  PNRPsvc - ok
21:59:06.0673 0x3bc8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:59:06.0681 0x3bc8  PolicyAgent - ok
21:59:06.0688 0x3bc8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
21:59:06.0692 0x3bc8  Power - ok
21:59:06.0697 0x3bc8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:59:06.0699 0x3bc8  PptpMiniport - ok
21:59:06.0703 0x3bc8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
21:59:06.0704 0x3bc8  Processor - ok
21:59:06.0706 0x3bc8  ProfSvc - ok
21:59:06.0709 0x3bc8  ProtectedStorage - ok
21:59:06.0713 0x3bc8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:59:06.0716 0x3bc8  Psched - ok
21:59:06.0718 0x3bc8  PxHlpa64 - ok
21:59:06.0747 0x3bc8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:59:06.0773 0x3bc8  ql2300 - ok
21:59:06.0779 0x3bc8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:59:06.0782 0x3bc8  ql40xx - ok
21:59:06.0789 0x3bc8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
21:59:06.0794 0x3bc8  QWAVE - ok
21:59:06.0797 0x3bc8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:59:06.0799 0x3bc8  QWAVEdrv - ok
21:59:06.0802 0x3bc8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:59:06.0803 0x3bc8  RasAcd - ok
21:59:06.0807 0x3bc8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:06.0809 0x3bc8  RasAgileVpn - ok
21:59:06.0813 0x3bc8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
21:59:06.0816 0x3bc8  RasAuto - ok
21:59:06.0821 0x3bc8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:06.0824 0x3bc8  Rasl2tp - ok
21:59:06.0832 0x3bc8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
21:59:06.0839 0x3bc8  RasMan - ok
21:59:06.0844 0x3bc8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:06.0846 0x3bc8  RasPppoe - ok
21:59:06.0850 0x3bc8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:59:06.0852 0x3bc8  RasSstp - ok
21:59:06.0860 0x3bc8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:59:06.0866 0x3bc8  rdbss - ok
21:59:06.0869 0x3bc8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:59:06.0870 0x3bc8  rdpbus - ok
21:59:06.0873 0x3bc8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:06.0874 0x3bc8  RDPCDD - ok
21:59:06.0878 0x3bc8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:59:06.0878 0x3bc8  RDPENCDD - ok
21:59:06.0882 0x3bc8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:59:06.0882 0x3bc8  RDPREFMP - ok
21:59:06.0886 0x3bc8  RdpVideoMiniport - ok
21:59:06.0888 0x3bc8  RDPWD - ok
21:59:06.0895 0x3bc8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:59:06.0899 0x3bc8  rdyboost - ok
21:59:06.0903 0x3bc8  RegSrvc - ok
21:59:06.0907 0x3bc8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:59:06.0910 0x3bc8  RemoteAccess - ok
21:59:06.0916 0x3bc8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:59:06.0920 0x3bc8  RemoteRegistry - ok
21:59:06.0925 0x3bc8  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:59:06.0928 0x3bc8  RFCOMM - ok
21:59:06.0934 0x3bc8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:59:06.0936 0x3bc8  RpcEptMapper - ok
21:59:06.0939 0x3bc8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
21:59:06.0940 0x3bc8  RpcLocator - ok
21:59:06.0951 0x3bc8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
21:59:06.0960 0x3bc8  RpcSs - ok
21:59:06.0964 0x3bc8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:59:06.0966 0x3bc8  rspndr - ok
21:59:07.0102 0x3bc8  [ C736749AC756503C0F94D94F5BC39B0E, 1CE0D359C377E7557C3B215ED95420286FD64688FD0CF98290CCDFFFCD2C6386 ] rtsuvc          C:\Windows\system32\DRIVERS\rtsuvc.sys
21:59:07.0234 0x3bc8  rtsuvc - ok
21:59:07.0245 0x3bc8  SamSs - ok
21:59:07.0248 0x3bc8  SbieDrv - ok
21:59:07.0251 0x3bc8  SbieSvc - ok
21:59:07.0256 0x3bc8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:59:07.0259 0x3bc8  sbp2port - ok
21:59:07.0265 0x3bc8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:59:07.0269 0x3bc8  SCardSvr - ok
21:59:07.0273 0x3bc8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:59:07.0274 0x3bc8  scfilter - ok
21:59:07.0295 0x3bc8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
21:59:07.0315 0x3bc8  Schedule - ok
21:59:07.0320 0x3bc8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:59:07.0322 0x3bc8  SCPolicySvc - ok
21:59:07.0324 0x3bc8  ScpVBus - ok
21:59:07.0330 0x3bc8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:59:07.0332 0x3bc8  sdbus - ok
21:59:07.0338 0x3bc8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:59:07.0342 0x3bc8  SDRSVC - ok
21:59:07.0346 0x3bc8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:59:07.0347 0x3bc8  secdrv - ok
21:59:07.0350 0x3bc8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
21:59:07.0352 0x3bc8  seclogon - ok
21:59:07.0356 0x3bc8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
21:59:07.0358 0x3bc8  SENS - ok
21:59:07.0362 0x3bc8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:59:07.0364 0x3bc8  SensrSvc - ok
21:59:07.0367 0x3bc8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:59:07.0368 0x3bc8  Serenum - ok
21:59:07.0372 0x3bc8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
21:59:07.0374 0x3bc8  Serial - ok
21:59:07.0378 0x3bc8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:59:07.0379 0x3bc8  sermouse - ok
21:59:07.0387 0x3bc8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
21:59:07.0390 0x3bc8  SessionEnv - ok
21:59:07.0392 0x3bc8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:59:07.0393 0x3bc8  sffdisk - ok
21:59:07.0396 0x3bc8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:59:07.0397 0x3bc8  sffp_mmc - ok
21:59:07.0399 0x3bc8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:59:07.0400 0x3bc8  sffp_sd - ok
21:59:07.0403 0x3bc8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:59:07.0404 0x3bc8  sfloppy - ok
21:59:07.0413 0x3bc8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:59:07.0420 0x3bc8  SharedAccess - ok
21:59:07.0429 0x3bc8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:59:07.0437 0x3bc8  ShellHWDetection - ok
21:59:07.0440 0x3bc8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:59:07.0442 0x3bc8  SiSRaid2 - ok
21:59:07.0446 0x3bc8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:59:07.0448 0x3bc8  SiSRaid4 - ok
21:59:07.0452 0x3bc8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:59:07.0454 0x3bc8  Smb - ok
21:59:07.0459 0x3bc8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:59:07.0461 0x3bc8  SNMPTRAP - ok
21:59:07.0465 0x3bc8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:59:07.0466 0x3bc8  spldr - ok
21:59:07.0469 0x3bc8  Spooler - ok
21:59:07.0529 0x3bc8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
21:59:07.0586 0x3bc8  sppsvc - ok
21:59:07.0594 0x3bc8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:59:07.0596 0x3bc8  sppuinotify - ok
21:59:07.0600 0x3bc8  SRTSP - ok
21:59:07.0602 0x3bc8  SRTSPX - ok
21:59:07.0614 0x3bc8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:59:07.0621 0x3bc8  srv - ok
21:59:07.0631 0x3bc8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:59:07.0638 0x3bc8  srv2 - ok
21:59:07.0644 0x3bc8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:59:07.0647 0x3bc8  srvnet - ok
21:59:07.0654 0x3bc8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:59:07.0658 0x3bc8  SSDPSRV - ok
21:59:07.0662 0x3bc8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:59:07.0665 0x3bc8  SstpSvc - ok
21:59:07.0669 0x3bc8  ssudmdm - ok
21:59:07.0687 0x3bc8  [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
21:59:07.0701 0x3bc8  Steam Client Service - ok
21:59:07.0705 0x3bc8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:59:07.0706 0x3bc8  stexstor - ok
21:59:07.0719 0x3bc8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
21:59:07.0730 0x3bc8  stisvc - ok
21:59:07.0733 0x3bc8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:59:07.0734 0x3bc8  swenum - ok
21:59:07.0737 0x3bc8  SwitchBoard - ok
21:59:07.0749 0x3bc8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
21:59:07.0759 0x3bc8  swprv - ok
21:59:07.0762 0x3bc8  SymDS - ok
21:59:07.0765 0x3bc8  SymEFA - ok
21:59:07.0771 0x3bc8  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:59:07.0774 0x3bc8  SymEvent - ok
21:59:07.0777 0x3bc8  SymIRON - ok
21:59:07.0780 0x3bc8  SymNetS - ok
21:59:07.0791 0x3bc8  [ E6A9BD45EF10EFA2EB2D380A32FBA7B6, 520798E914A0C99E59FBBF05E4DC98A0C6DEEBE3D799CC99DF5456A9E3D7A0A1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:59:07.0797 0x3bc8  SynTP - ok
21:59:07.0830 0x3bc8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
21:59:07.0861 0x3bc8  SysMain - ok
21:59:07.0866 0x3bc8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:59:07.0869 0x3bc8  TabletInputService - ok
21:59:07.0878 0x3bc8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:59:07.0884 0x3bc8  TapiSrv - ok
21:59:07.0888 0x3bc8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
21:59:07.0891 0x3bc8  TBS - ok
21:59:07.0893 0x3bc8  Tcpip - ok
21:59:07.0896 0x3bc8  TCPIP6 - ok
21:59:07.0900 0x3bc8  tcpipreg - ok
21:59:07.0904 0x3bc8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:59:07.0905 0x3bc8  TDPIPE - ok
21:59:07.0908 0x3bc8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:59:07.0909 0x3bc8  TDTCP - ok
21:59:07.0914 0x3bc8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:59:07.0916 0x3bc8  tdx - ok
21:59:07.0920 0x3bc8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:59:07.0922 0x3bc8  TermDD - ok
21:59:07.0938 0x3bc8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
21:59:07.0950 0x3bc8  TermService - ok
21:59:07.0955 0x3bc8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
21:59:07.0957 0x3bc8  Themes - ok
21:59:07.0961 0x3bc8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:59:07.0963 0x3bc8  THREADORDER - ok
21:59:07.0966 0x3bc8  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
21:59:07.0967 0x3bc8  TPM - ok
21:59:07.0972 0x3bc8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
21:59:07.0975 0x3bc8  TrkWks - ok
21:59:07.0982 0x3bc8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:59:07.0985 0x3bc8  TrustedInstaller - ok
21:59:07.0988 0x3bc8  tssecsrv - ok
21:59:07.0991 0x3bc8  TsUsbFlt - ok
21:59:07.0994 0x3bc8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:59:07.0995 0x3bc8  TsUsbGD - ok
21:59:08.0000 0x3bc8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:59:08.0003 0x3bc8  tunnel - ok
21:59:08.0007 0x3bc8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:59:08.0008 0x3bc8  uagp35 - ok
21:59:08.0017 0x3bc8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:59:08.0022 0x3bc8  udfs - ok
21:59:08.0029 0x3bc8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:59:08.0031 0x3bc8  UI0Detect - ok
21:59:08.0035 0x3bc8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:59:08.0036 0x3bc8  uliagpkx - ok
21:59:08.0040 0x3bc8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:59:08.0041 0x3bc8  umbus - ok
21:59:08.0045 0x3bc8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:59:08.0046 0x3bc8  UmPass - ok
21:59:08.0055 0x3bc8  [ A0153CC9D28568A10BDAEE5EC612CFC8, C980FBB978545A1DDCA9FAB88CD9468FE1EF39D93272F0BEE13B7625B9787547 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:59:08.0061 0x3bc8  UNS - ok
21:59:08.0071 0x3bc8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
21:59:08.0077 0x3bc8  upnphost - ok
21:59:08.0081 0x3bc8  USBAAPL64 - ok
21:59:08.0083 0x3bc8  usbccgp - ok
21:59:08.0086 0x3bc8  usbcir - ok
21:59:08.0089 0x3bc8  usbehci - ok
21:59:08.0092 0x3bc8  usbhub - ok
21:59:08.0095 0x3bc8  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:59:08.0096 0x3bc8  usbohci - ok
21:59:08.0099 0x3bc8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:59:08.0100 0x3bc8  usbprint - ok
21:59:08.0103 0x3bc8  usbscan - ok
21:59:08.0107 0x3bc8  [ F442F354DE4742824EB10AFB9DF81615, 1664AE2E885C9D61C0843B1DD6C8F918AAFBE0937D4FD67340168B6BFC1B3711 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:59:08.0109 0x3bc8  Suspicious file ( Forged ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. Real md5: F442F354DE4742824EB10AFB9DF81615, sha256: 1664AE2E885C9D61C0843B1DD6C8F918AAFBE0937D4FD67340168B6BFC1B3711, fake md5: FED648B01349A3C8395A5169DB5FB7D6, fake sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
21:59:08.0109 0x3bc8  USBSTOR - detected ForgedFile.Multi.Generic ( 1 )
21:59:10.0528 0x3bc8  Detect skipped due to KSN trusted
21:59:10.0528 0x3bc8  USBSTOR - ok
21:59:10.0533 0x3bc8  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:59:10.0534 0x3bc8  usbuhci - ok
21:59:10.0536 0x3bc8  usbvideo - ok
21:59:10.0540 0x3bc8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
21:59:10.0542 0x3bc8  UxSms - ok
21:59:10.0546 0x3bc8  VaultSvc - ok
21:59:10.0549 0x3bc8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:59:10.0551 0x3bc8  vdrvroot - ok
21:59:10.0563 0x3bc8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
21:59:10.0573 0x3bc8  vds - ok
21:59:10.0577 0x3bc8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:59:10.0578 0x3bc8  vga - ok
21:59:10.0581 0x3bc8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:59:10.0582 0x3bc8  VgaSave - ok
21:59:10.0589 0x3bc8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:59:10.0593 0x3bc8  vhdmp - ok
21:59:10.0597 0x3bc8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:59:10.0597 0x3bc8  viaide - ok
21:59:10.0602 0x3bc8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:59:10.0603 0x3bc8  volmgr - ok
21:59:10.0613 0x3bc8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:59:10.0619 0x3bc8  volmgrx - ok
21:59:10.0627 0x3bc8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:59:10.0632 0x3bc8  volsnap - ok
21:59:10.0639 0x3bc8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:59:10.0642 0x3bc8  vsmraid - ok
21:59:10.0672 0x3bc8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
21:59:10.0699 0x3bc8  VSS - ok
21:59:10.0703 0x3bc8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:59:10.0705 0x3bc8  vwifibus - ok
21:59:10.0708 0x3bc8  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:59:10.0709 0x3bc8  vwififlt - ok
21:59:10.0712 0x3bc8  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:59:10.0713 0x3bc8  vwifimp - ok
21:59:10.0723 0x3bc8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
21:59:10.0730 0x3bc8  W32Time - ok
21:59:10.0735 0x3bc8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:59:10.0736 0x3bc8  WacomPen - ok
21:59:10.0740 0x3bc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:59:10.0742 0x3bc8  WANARP - ok
21:59:10.0745 0x3bc8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:59:10.0747 0x3bc8  Wanarpv6 - ok
21:59:10.0749 0x3bc8  WatAdminSvc - ok
21:59:10.0778 0x3bc8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
21:59:10.0804 0x3bc8  wbengine - ok
21:59:10.0812 0x3bc8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:59:10.0816 0x3bc8  WbioSrvc - ok
21:59:10.0826 0x3bc8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:59:10.0833 0x3bc8  wcncsvc - ok
21:59:10.0837 0x3bc8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:59:10.0839 0x3bc8  WcsPlugInService - ok
21:59:10.0843 0x3bc8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
21:59:10.0844 0x3bc8  Wd - ok
21:59:10.0846 0x3bc8  Wdf01000 - ok
21:59:10.0851 0x3bc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:59:10.0854 0x3bc8  WdiServiceHost - ok
21:59:10.0857 0x3bc8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:59:10.0859 0x3bc8  WdiSystemHost - ok
21:59:10.0862 0x3bc8  WebClient - ok
21:59:10.0869 0x3bc8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:59:10.0874 0x3bc8  Wecsvc - ok
21:59:10.0879 0x3bc8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:59:10.0881 0x3bc8  wercplsupport - ok
21:59:10.0886 0x3bc8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:59:10.0889 0x3bc8  WerSvc - ok
21:59:10.0892 0x3bc8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:59:10.0893 0x3bc8  WfpLwf - ok
21:59:10.0896 0x3bc8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:59:10.0897 0x3bc8  WIMMount - ok
21:59:10.0900 0x3bc8  WinDefend - ok
21:59:10.0905 0x3bc8  WinHttpAutoProxySvc - ok
21:59:10.0915 0x3bc8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:59:10.0920 0x3bc8  Winmgmt - ok
21:59:10.0956 0x3bc8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:59:10.0991 0x3bc8  WinRM - ok
21:59:10.0998 0x3bc8  WinUsb - ok
21:59:11.0017 0x3bc8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:59:11.0033 0x3bc8  Wlansvc - ok
21:59:11.0038 0x3bc8  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:59:11.0040 0x3bc8  wlcrasvc - ok
21:59:11.0082 0x3bc8  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:59:11.0117 0x3bc8  wlidsvc - ok
21:59:11.0122 0x3bc8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:59:11.0123 0x3bc8  WmiAcpi - ok
21:59:11.0131 0x3bc8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:59:11.0134 0x3bc8  wmiApSrv - ok
21:59:11.0137 0x3bc8  WMPNetworkSvc - ok
21:59:11.0141 0x3bc8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:59:11.0143 0x3bc8  WPCSvc - ok
21:59:11.0147 0x3bc8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:59:11.0150 0x3bc8  WPDBusEnum - ok
21:59:11.0154 0x3bc8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:59:11.0156 0x3bc8  ws2ifsl - ok
21:59:11.0161 0x3bc8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
21:59:11.0164 0x3bc8  wscsvc - ok
21:59:11.0166 0x3bc8  WSearch - ok
21:59:11.0173 0x3bc8  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
21:59:11.0175 0x3bc8  wsvd - ok
21:59:11.0178 0x3bc8  wuauserv - ok
21:59:11.0180 0x3bc8  WudfPf - ok
21:59:11.0183 0x3bc8  WUDFRd - ok
21:59:11.0186 0x3bc8  wudfsvc - ok
21:59:11.0193 0x3bc8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:59:11.0198 0x3bc8  WwanSvc - ok
21:59:11.0203 0x3bc8  xnacc - ok
21:59:11.0207 0x3bc8  ZeroConfigService - ok
21:59:11.0214 0x3bc8  ================ Scan global ===============================
21:59:11.0217 0x3bc8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:59:11.0224 0x3bc8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:59:11.0233 0x3bc8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:59:11.0239 0x3bc8  [ Global ] - ok
21:59:11.0240 0x3bc8  ================ Scan MBR ==================================
21:59:11.0241 0x3bc8  [ 8908446493B2912CB0D8C5B8BCDC2EF2 ] \Device\Harddisk0\DR0
21:59:11.0365 0x3bc8  \Device\Harddisk0\DR0 - ok
21:59:11.0413 0x3bc8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:59:11.0414 0x3bc8  Suspicious mbr (NoAccess): \Device\Harddisk1\DR1
21:59:11.0459 0x3bc8  \Device\Harddisk1\DR1 - ok
21:59:11.0459 0x3bc8  ================ Scan VBR ==================================
21:59:11.0462 0x3bc8  [ 88313018C15E2F328D30B0385243AEE3 ] \Device\Harddisk0\DR0\Partition1
21:59:11.0463 0x3bc8  \Device\Harddisk0\DR0\Partition1 - ok
21:59:11.0465 0x3bc8  [ 69FA98E1ED08F9C8C689121ED6A4ECAF ] \Device\Harddisk0\DR0\Partition2
21:59:11.0466 0x3bc8  \Device\Harddisk0\DR0\Partition2 - ok
21:59:11.0470 0x3bc8  [ 28676A54D2270E5F98E8D153C4DAB109 ] \Device\Harddisk1\DR1\Partition1
21:59:11.0471 0x3bc8  \Device\Harddisk1\DR1\Partition1 - ok
21:59:11.0471 0x3bc8  ================ Scan generic autorun ======================
21:59:11.0471 0x3bc8  SynTPEnh - ok
21:59:11.0472 0x3bc8  SynLenovoGestureMgr - ok
21:59:11.0674 0x3bc8  [ 6522AA1BCFC503A2417B7358E31F4EB9, 7E0AC65A1A99877DAFC139C7F712C19A92FED4D1E80BD8DC6FD857EA2D40E1CA ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:59:11.0863 0x3bc8  RtHDVCpl - ok
21:59:11.0895 0x3bc8  [ 350AE710634AF327DDC90B897BBBA23A, E4F0C0D50894A9CA63311AC48EA22F7B9BCA35AE3AC71AD6259C0FAC6FA134B9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:59:11.0914 0x3bc8  RtHDVBg_Dolby - ok
21:59:11.0931 0x3bc8  [ 667A123E3E5A95FFDEE3D16B4DC974AA, 1816EAE12EEE46E00E7509858C11A18C7A2BA86FE0A3DD1328DC87E21F609807 ] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
21:59:11.0959 0x3bc8  OnekeyStudio - ok
21:59:11.0967 0x3bc8  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
21:59:11.0971 0x3bc8  UpdatePRCShortCut - ok
21:59:12.0102 0x3bc8  [ FC1CEFA4039AEA767C1B7B07ED7C99D7, 326828F901A8F49BAB95222219653769AD7528EAE154811D2778F299FF9932F3 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
21:59:12.0264 0x3bc8  Energy Management - ok
21:59:12.0372 0x3bc8  [ E55169229CD9E0BA6AD5D6DC7C7CDF22, B63053D9E2FEC11024EA65D7678605F61830C50B88B20D03A7BE40FAD835E74D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
21:59:12.0466 0x3bc8  EnergyUtility - ok
21:59:12.0512 0x3bc8  [ E14A09758B8709CB4BE4B9BF6D10B6F6, 9F2989005B3654DEEBEDD0006CCEA8C9E77151DBDFD51122F9387F319872F3AD ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
21:59:12.0546 0x3bc8  NvBackend - ok
21:59:12.0550 0x3bc8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
21:59:12.0552 0x3bc8  ShadowPlay - ok
21:59:12.0553 0x3bc8  IgfxTray - ok
21:59:12.0554 0x3bc8  HotKeysCmds - ok
21:59:12.0555 0x3bc8  Persistence - ok
21:59:12.0558 0x3bc8  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
21:59:12.0559 0x3bc8  Logitech Download Assistant - ok
21:59:12.0560 0x3bc8  AdobeAAMUpdater-1.0 - ok
21:59:12.0567 0x3bc8  [ 9166C1276B296BC78FA816CD8448CD32, 1D2BF20F9EA7665281E5F9FFE50A8127E4618CB76C6A47A27E7ACA196327C395 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:59:12.0572 0x3bc8  USB3MON - ok
21:59:12.0580 0x3bc8  [ 7D6C13D5D2A120BFD0776CB3AB2C6B8F, 2787EB6EA4DDD627DCCE967A5CEBF37E112ED86B3C62F1A8F2DC214FF7A97DD1 ] C:\Program Files (x86)\LockKey\LockKey.exe
21:59:12.0586 0x3bc8  LockKey - ok
21:59:12.0593 0x3bc8  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
21:59:12.0598 0x3bc8  IAStorIcon - ok
21:59:12.0603 0x3bc8  [ D5AA702664BA73DF84AC5C7FCA0C1C18, 246AFF395F08C202498224E7F20DC9E769E61B7E234EBFE207758AD805AA7B9E ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
21:59:12.0606 0x3bc8  Intel AppUp(SM) center - ok
21:59:12.0663 0x3bc8  [ F73583DCDFB7FF131449EF93D0509603, BA97E2EF827B0A9A568A9C8A2288DAF7EDB1E9232B2C7965BEAE3D8893BE5762 ] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
21:59:12.0781 0x3bc8  Suspicious file ( Forged ): C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe. Real md5: F73583DCDFB7FF131449EF93D0509603, sha256: BA97E2EF827B0A9A568A9C8A2288DAF7EDB1E9232B2C7965BEAE3D8893BE5762, fake md5: 4E1CA3ADD7338B84DA96E5A5CF99673F, fake sha256: C2D9816868A067DA93A83979C05BE5818A4AFAD8A449D7AF3330242C2CE6F674
21:59:12.0784 0x3bc8  Lenovo Registration - detected ForgedFile.Multi.Generic ( 1 )
21:59:15.0329 0x3bc8  Lenovo Registration ( ForgedFile.Multi.Generic ) - warning
21:59:15.0329 0x3bc8  Force sending object to P2P due to detect: C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe
21:59:18.0059 0x3bc8  Object send P2P result: true
21:59:20.0568 0x3bc8  [ 487620AB26D4286EB076ADCACB500E7C, 024D7D240D2AE9BBB6FEA81E2C58D431C9A41A8E2C55263CCF30182506C197E3 ] C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
21:59:20.0572 0x3bc8  Intelligent Touchpad - ok
21:59:20.0577 0x3bc8  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
21:59:20.0580 0x3bc8  YouCam Mirage - ok
21:59:20.0586 0x3bc8  [ 7CD9BF0A5F47F9584E59BDF674FD1C5D, 821F2A5380B1E64B0629D67259BA92A923D5D405526CB6C44BC422294C031C1F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
21:59:20.0589 0x3bc8  YouCam Tray - ok
21:59:20.0597 0x3bc8  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
21:59:20.0601 0x3bc8  UpdateP2GShortCut - ok
21:59:20.0610 0x3bc8  [ 7A0380A50F4D11D996BDA159437D2968, E7A52ADBEFB8BCA0F7503677A0986FA0FD5FC0F6EA9E556F342D5A7C858B72F2 ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
21:59:20.0615 0x3bc8  VeriFaceManager - ok
21:59:20.0619 0x3bc8  [ 22EC0852DBF032A93D8DA697065FA189, 83A613C3C615EBCDAD32DF5CFFAD11642198D209AA5E22233DDDB517697070DA ] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
21:59:20.0621 0x3bc8  RemoteControl10 - ok
21:59:20.0624 0x3bc8  [ 90B142C67907BCC2A5D2CDFDC008BE8E, A18AFBC8FB076C7AD6E7C8D445984A2F77805BB0012DBCAE1CD935BE8CC2D43D ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
21:59:20.0625 0x3bc8  BDRegion - ok
21:59:20.0631 0x3bc8  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
21:59:20.0634 0x3bc8  UpdatePRCShortCut - ok
21:59:20.0635 0x3bc8  HP Software Update - ok
21:59:20.0658 0x3bc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:59:20.0677 0x3bc8  Sidebar - ok
21:59:20.0681 0x3bc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:59:20.0683 0x3bc8  mctadmin - ok
21:59:20.0704 0x3bc8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
21:59:20.0718 0x3bc8  Sidebar - ok
21:59:20.0723 0x3bc8  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
21:59:20.0725 0x3bc8  mctadmin - ok
21:59:20.0726 0x3bc8  SandboxieControl - ok
21:59:20.0727 0x3bc8  Waiting for KSN requests completion. In queue: 11
21:59:21.0727 0x3bc8  Waiting for KSN requests completion. In queue: 11
21:59:22.0727 0x3bc8  Waiting for KSN requests completion. In queue: 11
21:59:23.0738 0x3bc8  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51000 ( enabled : updated )
21:59:23.0739 0x3bc8  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe ( 21.5.0.0 ), 0x51010 ( enabled )
21:59:26.0273 0x3bc8  ============================================================
21:59:26.0273 0x3bc8  Scan finished
21:59:26.0273 0x3bc8  ============================================================
21:59:26.0279 0x3a88  Detected object count: 1
21:59:26.0279 0x3a88  Actual detected object count: 1
21:59:32.0314 0x3a88  Lenovo Registration ( ForgedFile.Multi.Generic ) - skipped by user
21:59:32.0314 0x3a88  Lenovo Registration ( ForgedFile.Multi.Generic ) - User select action: Skip 
 

 

Attached Files

  • Attached File  MBR.zip   581bytes   0 downloads


#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 08 September 2014 - 07:36 AM

Hello,

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 08 September 2014 - 01:51 PM


ComboFix 14-09-05.01 - Revan 09/08/2014  14:13:18.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8094.5762 [GMT -4:00]
Running from: c:\users\Revan\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-08 to 2014-09-08  )))))))))))))))))))))))))))))))
.
.
2014-09-08 18:17 . 2014-09-08 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-02 19:49 . 2014-09-02 19:49 -------- d-----w- c:\users\Revan\AppData\Roaming\OpenOffice
2014-09-02 19:48 . 2014-09-02 19:49 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-08-30 16:36 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-30 16:36 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-30 16:36 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 02:30 . 2014-08-29 02:30 -------- d-----w- c:\program files\Enigma Software Group
2014-08-29 02:29 . 2014-08-30 16:31 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-29 02:29 . 2014-08-29 02:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-28 23:39 . 2014-08-28 23:39 -------- d-----w- c:\program files (x86)\Runtime Software
2014-08-28 23:32 . 2014-08-28 23:36 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2014-08-28 23:20 . 2014-08-28 23:20 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-08-28 23:20 . 2014-08-28 23:20 -------- d-----w- c:\programdata\RogueKiller
2014-08-28 22:57 . 2014-08-28 22:57 -------- d-----w- C:\NPE
2014-08-28 22:55 . 2014-08-28 23:02 -------- d-----w- c:\users\Revan\AppData\Local\NPE
2014-08-28 22:34 . 2014-08-28 22:34 -------- d-----w- c:\users\Revan\AppData\Roaming\Groovorio
2014-08-28 21:27 . 2014-08-28 21:27 -------- d-----w- c:\windows\SysWow64\NV
2014-08-28 21:27 . 2014-08-28 21:27 -------- d-----w- c:\windows\system32\NV
2014-08-28 21:13 . 2014-08-09 00:28 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-08-28 21:13 . 2014-08-09 00:28 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-08-28 16:28 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-28 16:28 . 2014-08-30 16:02 -------- d-----w- C:\AdwCleaner
2014-08-25 20:24 . 2014-08-25 20:24 -------- d-----w- c:\users\Revan\AppData\Roaming\SplitPlayPC
2014-08-24 21:10 . 2014-08-24 21:10 -------- d-----w- c:\program files\MiniFrame
2014-08-24 21:10 . 2014-08-26 01:43 73624 ----a-w- c:\windows\system32\drivers\mfcore.sys
2014-08-24 21:10 . 2014-08-26 01:43 67472 ----a-w- c:\windows\SysWow64\mfcoresfp.x86
2014-08-24 21:10 . 2014-08-26 01:43 531352 ----a-w- c:\windows\SysWow64\mfcoresfp.dll
2014-08-24 21:10 . 2014-08-26 01:43 420744 ----a-w- c:\windows\system32\mfcoredll.dll
2014-08-24 21:10 . 2014-08-26 01:43 382856 ----a-w- c:\windows\SysWow64\mfcoredll.dll
2014-08-24 21:10 . 2014-08-26 01:43 316760 ----a-w- c:\windows\SysWow64\mfcoresfp.exe
2014-08-24 21:10 . 2014-08-26 01:43 16792 ----a-w- c:\windows\system32\mfcoresvc.exe
2014-08-24 21:10 . 2014-08-26 01:43 147344 ----a-w- c:\windows\system32\mfcoresfp.x64
2014-08-24 21:10 . 2014-08-26 01:43 1283480 ----a-w- c:\windows\system32\mfcoresfp.dll
2014-08-24 21:10 . 2014-08-26 01:43 1241440 ----a-w- c:\windows\system32\mfcoresfp.exe
2014-08-24 21:10 . 2014-08-24 21:10 -------- d-----w- c:\users\Revan\AppData\Local\Downloaded Installations
2014-08-24 20:30 . 2013-05-05 21:32 39168 ----a-w- c:\windows\system32\drivers\ScpVBus.sys
2014-08-24 20:19 . 2014-08-24 20:19 -------- d-----r- C:\Sandbox
2014-08-24 20:05 . 2014-08-24 20:05 -------- d-----w- c:\program files\Sandboxie
2014-08-15 07:00 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-15 07:00 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-15 07:00 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-15 07:00 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-15 07:00 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-15 07:00 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-15 07:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 07:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 21:24 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-08-12 22:32 . 2014-08-27 20:11 -------- d-----w- c:\windows\system32\drivers\N360x64\1505000.013
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-30 16:33 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-15 07:02 . 2014-05-03 14:38 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-09 00:28 . 2014-05-02 21:56 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-08-09 00:28 . 2014-05-02 21:56 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-08-06 18:13 . 2014-08-06 18:13 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-31 07:34 . 2014-07-31 07:34 57344 ----a-r- c:\users\Revan\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
2014-07-31 07:34 . 2014-07-31 07:34 53248 ----a-r- c:\users\Revan\AppData\Roaming\Microsoft\Installer\{A3070098-A41D-42D9-B6D3-2EF15285E719}\ARPPRODUCTICON.exe
2014-07-31 07:28 . 2014-07-31 07:28 57344 ----a-r- c:\users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
2014-07-31 07:28 . 2014-07-31 07:28 57344 ----a-r- c:\users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
2014-07-31 07:28 . 2014-07-31 07:28 53248 ----a-r- c:\users\Revan\AppData\Roaming\Microsoft\Installer\{B5300E76-AA13-4542-8E0E-776A280FE47E}\ARPPRODUCTICON.exe
2014-07-24 23:59 . 2014-07-24 23:55 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-24 23:59 . 2014-07-24 23:55 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 04:22 . 2014-07-09 04:22 547531 ----a-w- c:\users\Revan\dragon age awakening- velanna.exe
2014-07-08 08:53 . 2014-07-08 08:53 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-08 08:53 . 2014-07-08 08:53 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-08 08:53 . 2014-07-08 08:53 189352 ----a-w- c:\windows\system32\javaw.exe
2014-07-08 08:53 . 2014-07-08 08:53 189352 ----a-w- c:\windows\system32\java.exe
2014-07-02 20:48 . 2014-05-02 21:54 846832 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-05-02 21:54 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-05-02 21:54 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2012-08-29 01:58 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2012-08-29 01:58 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2012-08-29 01:58 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2012-08-29 01:58 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-07-02 18:55 . 2012-08-29 01:58 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2012-08-29 01:58 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2012-08-29 01:58 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2012-08-29 01:58 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll
2014-07-02 18:55 . 2012-08-29 01:58 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2012-08-29 01:58 618440 ----a-w- c:\windows\SysWow64\oemdspif.dll
2014-07-02 18:55 . 2012-08-29 01:58 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2012-08-29 01:58 2559960 ----a-w- c:\windows\system32\nvsvcr.dll
2014-07-02 18:55 . 2012-08-29 01:58 1084704 ----a-w- c:\windows\system32\nv3dappshext.dll
2014-07-02 10:14 . 2012-08-29 01:58 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-10 02:16 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 02:16 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-16 06:01 . 2014-07-31 07:26 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-06-16 06:01 . 2014-07-31 07:26 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-06-16 06:01 . 2014-07-31 07:26 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-06-16 06:01 . 2014-07-31 07:26 110336 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-29 784392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-09-17 292088]
"LockKey"="c:\program files (x86)\LockKey\LockKey.exe" [2011-08-26 337776]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-06-25 152896]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2012-01-26 4351712]
"Intelligent Touchpad"="c:\program files\Lenovo\Intelligent Touchpad\TouchZone.exe" [2011-12-08 291272]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-29 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-29 228448]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-08-29 329056]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-2-1 1380128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
R2 CLKMSVC10_3A60B698;CyberLink Product - 2012/08/28 19:25;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 NSDSvc;Fast boot service of lenovo;c:\windows\System32\NSDSvc.exe;c:\windows\SYSNATIVE\NSDSvc.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 HybridDisk;HybridDisk;c:\windows\System32\DRIVERS\HybridDiskX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridDiskX64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 NSD;NSD;c:\windows\system32\drivers\nsd.sys;c:\windows\SYSNATIVE\drivers\nsd.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\ccSetx64.sys [x]
S1 hybridcfile;hybridcfile;c:\windows\system32\DRIVERS\HybridCFileX64.sys;c:\windows\SYSNATIVE\DRIVERS\HybridCFileX64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140905.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140905.001\IDSvia64.sys [x]
S1 Nsdfltr;Nsdfltr;c:\windows\system32\drivers\Nsdfltr.sys;c:\windows\SYSNATIVE\drivers\Nsdfltr.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1505000.013\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1505000.013\SYMNETS.SYS [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 hswpan;WPAN Driver;c:\windows\system32\DRIVERS\hswpan.sys;c:\windows\SYSNATIVE\DRIVERS\hswpan.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 18597289
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWVMM
*Deregistered* - 18597289
*Deregistered* - aswMBR
*Deregistered* - aswVmm
*Deregistered* - CLKMDRV10_3A60B698
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-04 03:11 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-24 23:59]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 02:25]
.
2014-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29 02:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-14 22:52 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-08-29 02:24 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-08-29 789856]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-08-29 8079408]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-08-29 6202416]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-08-09 2404296]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-08-09 1283136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynLenovoGestureMgr - c:\program files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.5.0.19;c:\program files (x86)\Norton Security Suite\Engine64\21.5.0.19"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-08  14:19:02
ComboFix-quarantined-files.txt  2014-09-08 18:19
.
Pre-Run: 737,774,948,352 bytes free
Post-Run: 737,383,743,488 bytes free
.
- - End Of File - - 6DEFE4CA71CC28A13D61DBD45B0D1CFF
 


#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 09 September 2014 - 08:06 AM

I know that those programs and folders are named the same as legitimate files, but my layman's understanding of it was that I should still be able to stop the programs or delete the folders. When I try to stop the programs, it says I don't have permission and when I try to delete sysWOW64,

 

No, you should not stop them, and there's a reason for the OS to stop you from doing so. They are essentially critical files for the system to run as a whole and it goes the same for syswow64. Your system won't be able to function properly if you delete or stop them and probably crash.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 10 September 2014 - 10:03 AM

# AdwCleaner v3.308 - Report created 30/08/2014 at 12:02:13
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Revan - REVAN-PC
# Running from : C:\Users\Revan\Desktop\adwcleaner_3.308.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Revan\AppData\Roaming\Groovorio
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0DtCtDyC0A0C0ByB0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyB0F0E0BtBzztBtDtGtC0A0A0AtG0AyC0E0FtGtDyB0CzytGyB0A0CyB0D0EtCyCyEtByE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0EtAzyyEtC0AtG0C0EzztAtGyEtD0C0DtG0AtAyDyBtGtDtCzzyByDtCzyyDtCtC0F0A2Q&cr=153001015&ir=
Found [Startup_urls] : hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0DtCtDyC0A0C0ByB0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyB0F0E0BtBzztBtDtGtC0A0A0AtG0AyC0E0FtGtDyB0CzytGyB0A0CyB0D0EtCyCyEtByE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0EtAzyyEtC0AtG0C0EzztAtGyEtD0C0DtG0AtAyDyBtGtDtCzzyByDtCzyyDtCtC0F0A2Q&cr=153001015&ir=
Found [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
 
*************************
 
AdwCleaner[R0].txt - [6022 octets] - [28/08/2014 12:28:10]
AdwCleaner[R1].txt - [1938 octets] - [30/08/2014 12:02:13]
AdwCleaner[S0].txt - [6328 octets] - [28/08/2014 12:29:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2058 octets] ##########
# AdwCleaner v3.309 - Report created 10/09/2014 at 11:01:24
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Revan - REVAN-PC
# Running from : C:\Users\Revan\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\Revan\AppData\Roaming\Groovorio
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Startup_urls] : hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0DtCtDyC0A0C0ByB0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyB0F0E0BtBzztBtDtGtC0A0A0AtG0AyC0E0FtGtDyB0CzytGyB0A0CyB0D0EtCyCyEtByE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0EtAzyyEtC0AtG0C0EzztAtGyEtD0C0DtG0AtAyDyBtGtDtCzzyByDtCzyyDtCtC0F0A2Q&cr=153001015&ir=
Found [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [6022 octets] - [28/08/2014 12:28:10]
AdwCleaner[R1].txt - [4329 octets] - [30/08/2014 12:02:13]
AdwCleaner[S0].txt - [6328 octets] - [28/08/2014 12:29:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4449 octets] ##########


#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 11 September 2014 - 07:37 AM

Hello,

Sorry for the late reply. I am busy with work during the day.

Double click on AdwCleaner.exe to run the tool again.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
===================================================

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • ===================================================

    On your next reply please post :
    adwCleaner log
    JRT log



    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 11 September 2014 - 11:22 AM

adw log:

 

# AdwCleaner v3.309 - Report created 11/09/2014 at 12:01:08
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Revan - REVAN-PC
# Running from : C:\Users\Revan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Revan\AppData\Roaming\Groovorio
Folder Deleted : C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\blmchfpimpbbdmgpcieclabeafkljbhm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v37.0.2062.103
 
[ File : C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0DtCtDyC0A0C0ByB0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyB0F0E0BtBzztBtDtGtC0A0A0AtG0AyC0E0FtGtDyB0CzytGyB0A0CyB0D0EtCyCyEtByE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0EtAzyyEtC0AtG0C0EzztAtGyEtD0C0DtG0AtAyDyBtGtDtCzzyByDtCzyyDtCtC0F0A2Q&cr=153001015&ir=
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=S1122&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
Deleted [Startup_urls] : hxxp://groovorio.com/?f=7&a=grv_keyd4_14_24&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0DtCtDyC0A0C0ByB0DtN0D0Tzu0SzyyBtCtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1J1P2U1QyE1VtCyE1VtByEtN1L1G1B1V1N2Y1L1Qzu2SyB0F0E0BtBzztBtDtGtC0A0A0AtG0AyC0E0FtGtDyB0CzytGyB0A0CyB0D0EtCyCyEtByE0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0EtAzyyEtC0AtG0C0EzztAtGyEtD0C0DtG0AtAyDyBtGtDtCzzyByDtCzyyDtCtC0F0A2Q&cr=153001015&ir=
Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
 
*************************
 
AdwCleaner[R0].txt - [6022 octets] - [28/08/2014 12:28:10]
AdwCleaner[R1].txt - [4541 octets] - [30/08/2014 12:02:13]
AdwCleaner[R2].txt - [3197 octets] - [11/09/2014 11:59:54]
AdwCleaner[S0].txt - [6328 octets] - [28/08/2014 12:29:11]
AdwCleaner[S1].txt - [3029 octets] - [11/09/2014 12:01:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3089 octets] ##########
 
 
jrt log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Revan on Thu 09/11/2014 at 12:05:54.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/11/2014 at 12:13:09.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 12 September 2014 - 08:02 AM

Hi,

We will use another tool to look at things at slightly different angle.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 September 2014 - 11:53 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Revan (administrator) on REVAN-PC on 12-09-2014 12:49:59
Running from C:\Users\Revan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
( ) C:\Program Files (x86)\LockKey\LockKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\n360.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-15] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2011-12-15] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-08-28] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-08-28] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-08-28] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [LockKey] => C:\Program Files (x86)\LockKey\LockKey.exe [337776 2011-08-25] ( )
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-28] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-27] (cyberlink)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1587387643-2627450190-1743322074-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-07-31]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=KMOH&bmod=KMOH"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-01]
CHR Extension: (Adblock Plus) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-01]
CHR Extension: (Google Search) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-01]
CHR Extension: (Norton Identity Safe) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-01]
CHR Extension: (Gmail) - C:\Users\Revan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [945440 2012-02-01] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-05-15] (BioWare)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\N360.exe [265040 2014-08-01] (Symantec Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1721800 2014-08-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-08] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-15] (Symantec Corporation)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R1 hybridcfile; C:\Windows\System32\DRIVERS\HybridCFileX64.sys [13920 2010-03-02] (Lenovo.)
R0 HybridDisk; C:\Windows\System32\DRIVERS\HybridDiskX64.sys [38496 2010-03-02] (Lenovo.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140911.001\IDSvia64.sys [633560 2014-08-30] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140911.035\ENG64.SYS [129752 2014-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140911.035\EX64.SYS [2137304 2014-08-29] (Symantec Corporation)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-22] (Lenovo Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8208488 2011-09-06] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
U2 AdobeARMservice; No ImagePath
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U0 mfcorefs; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 12:49 - 2014-09-12 12:50 - 00030706 _____ () C:\Users\Revan\Desktop\FRST.txt
2014-09-12 12:49 - 2014-09-12 12:50 - 00000000 ____D () C:\FRST
2014-09-12 12:49 - 2014-09-12 12:49 - 02105856 _____ (Farbar) C:\Users\Revan\Desktop\FRST64.exe
2014-09-11 22:41 - 2014-09-11 22:41 - 00000094 ____H () C:\Users\Revan\Desktop\.~lock.Web Research 2.rtf#
2014-09-11 22:40 - 2014-09-11 22:40 - 00000094 ____H () C:\Users\Revan\Downloads\.~lock.BUS_100_1141_SYLLABUS_FALL_2014_MWF_1115AM_1210PM (2).DOC#
2014-09-11 21:56 - 2014-09-11 21:56 - 00000665 _____ () C:\Users\Revan\Documents\Revan - Shortcut.lnk
2014-09-11 21:11 - 2014-09-11 21:11 - 04270612 _____ () C:\Users\Revan\Downloads\GuffeyCh04PPT.pptx
2014-09-11 12:13 - 2014-09-11 12:13 - 00000633 _____ () C:\Users\Revan\Desktop\JRT.txt
2014-09-11 12:05 - 2014-09-11 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 12:03 - 2014-09-11 12:03 - 01016261 _____ (Thisisu) C:\Users\Revan\Desktop\JRT.exe
2014-09-10 19:22 - 2014-09-10 19:24 - 00002707 _____ () C:\Users\Revan\Desktop\mcedit.ini
2014-09-10 19:22 - 2014-09-10 19:22 - 00000000 ____D () C:\Users\Revan\Desktop\ServerJarStorage
2014-09-10 19:22 - 2014-09-05 12:46 - 00000000 ____D () C:\Users\Revan\Desktop\MCEdit-schematics
2014-09-10 19:18 - 2014-09-10 19:21 - 45179679 _____ () C:\Users\Revan\Downloads\MCEdit.Fork.1.0.7.2.64bit.zip
2014-09-10 12:52 - 2014-09-10 12:54 - 50931671 _____ () C:\Users\Revan\Downloads\DIVERSITY 2 PACKAGE.zip
2014-09-10 10:58 - 2014-09-10 10:58 - 01370467 _____ () C:\Users\Revan\Downloads\AdwCleaner (1).exe
2014-09-10 10:43 - 2014-09-10 10:43 - 01370467 _____ () C:\Users\Revan\Desktop\AdwCleaner.exe
2014-09-10 10:38 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 10:38 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 10:38 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 10:38 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 10:38 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 10:38 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 10:38 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 10:38 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 10:38 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 10:38 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 10:38 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 10:38 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 10:38 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 10:38 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 10:38 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 10:38 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 10:38 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 10:38 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 10:38 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 10:38 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 10:38 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 10:38 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 10:38 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 10:38 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 10:38 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 10:38 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 10:38 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 10:38 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 10:38 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 10:38 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 10:38 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 10:38 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 10:38 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 10:38 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 10:38 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 10:38 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 10:38 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 10:38 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 10:38 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 10:38 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 10:38 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 10:38 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 10:38 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 10:38 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 10:38 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 10:38 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 10:38 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 10:38 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 10:38 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 10:38 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 10:38 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 10:38 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 10:38 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 10:38 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 10:38 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 10:38 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 10:34 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 10:34 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 17:31 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 17:31 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 17:31 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 17:31 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 17:31 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 17:31 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 17:31 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-09 17:31 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 17:31 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 14:19 - 2014-09-08 14:19 - 00029761 _____ () C:\ComboFix.txt
2014-09-08 14:11 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-08 14:11 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-08 14:11 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-08 14:11 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-08 14:11 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-08 14:11 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-08 14:11 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-08 14:11 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-08 14:10 - 2014-09-08 14:19 - 00000000 ____D () C:\Qoobox
2014-09-08 14:10 - 2014-09-08 14:18 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 14:08 - 2014-09-08 14:08 - 05576440 ____R (Swearware) C:\Users\Revan\Desktop\ComboFix.exe
2014-09-07 23:05 - 2014-09-07 23:05 - 04232099 _____ () C:\Users\Revan\Downloads\GuffeyCh03PPT.pptx
2014-09-07 22:34 - 2014-09-07 22:34 - 03996893 _____ () C:\Users\Revan\Downloads\GuffeyCh02PPT.pptx
2014-09-07 21:58 - 2014-09-07 21:58 - 00000581 _____ () C:\Users\Revan\Desktop\MBR.zip
2014-09-07 21:57 - 2014-09-07 21:57 - 00003230 _____ () C:\Users\Revan\Desktop\aswMBR.txt
2014-09-07 21:57 - 2014-09-07 21:57 - 00000512 _____ () C:\Users\Revan\Desktop\MBR.dat
2014-09-07 21:46 - 2014-09-07 21:46 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Revan\Desktop\tdsskiller.exe
2014-09-07 21:45 - 2014-09-07 21:45 - 05185536 _____ (AVAST Software) C:\Users\Revan\Desktop\aswMBR.exe
2014-09-05 16:44 - 2014-09-05 16:44 - 00021744 _____ () C:\Users\Revan\Desktop\Web Research - Geoffrey Heller.odt
2014-09-05 12:46 - 2014-09-10 19:22 - 00000000 ____D () C:\Users\Revan\Desktop\mcedit
2014-09-03 18:31 - 2014-09-03 18:31 - 00033143 _____ () C:\Users\Revan\Desktop\dds.txt
2014-09-03 18:31 - 2014-09-03 18:31 - 00011548 _____ () C:\Users\Revan\Desktop\attach.txt
2014-09-03 18:30 - 2014-09-03 18:30 - 00688992 ____R (Swearware) C:\Users\Revan\Downloads\dds.com
2014-09-02 15:49 - 2014-09-02 15:49 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-02 15:49 - 2014-09-02 15:49 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-02 15:49 - 2014-09-02 15:49 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\OpenOffice
2014-09-02 15:48 - 2014-09-02 15:49 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Revan\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-02 15:44 - 2014-09-02 15:46 - 140852175 _____ () C:\Users\Revan\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-02 15:42 - 2014-09-02 15:42 - 00455680 _____ () C:\Users\Revan\Downloads\ch01.ppt
2014-08-30 12:36 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 12:36 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-30 12:36 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 14:09 - 2014-08-29 14:09 - 00003534 _____ () C:\Users\Revan\Desktop\attach.zip
2014-08-29 08:24 - 2014-08-29 08:24 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:30 - 2014-08-28 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:29 - 2014-08-30 12:31 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-28 22:28 - 2014-08-28 22:28 - 00003146 _____ () C:\Windows\System32\Tasks\{91EE52FB-18C5-4D0A-876C-2CB021071E16}
2014-08-28 22:27 - 2014-08-28 22:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Revan\Downloads\SpyHunter-Installer.exe
2014-08-28 19:39 - 2014-08-30 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-08-28 19:39 - 2014-08-28 19:39 - 02026456 _____ () C:\Users\Revan\Downloads\dixmlsetup.exe
2014-08-28 19:39 - 2014-08-28 19:39 - 00001111 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-08-28 19:39 - 2014-08-28 19:39 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-08-28 19:32 - 2014-08-28 19:36 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-28 19:32 - 2014-08-28 19:32 - 00000888 _____ () C:\Users\Revan\Downloads\cbSetup.txt
2014-08-28 19:29 - 2014-08-28 19:29 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Revan\Downloads\cbSetup.exe
2014-08-28 19:20 - 2014-08-28 19:20 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 19:20 - 2014-08-28 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 19:19 - 2014-08-28 19:20 - 05421656 _____ () C:\Users\Revan\Downloads\RogueKillerX64 (1).exe
2014-08-28 19:18 - 2014-08-28 19:18 - 03778560 _____ () C:\Users\Revan\Downloads\RogueKillerX64.exe
2014-08-28 18:57 - 2014-08-28 18:57 - 00000000 ____D () C:\NPE
2014-08-28 18:55 - 2014-08-28 19:02 - 00000000 ____D () C:\Users\Revan\AppData\Local\NPE
2014-08-28 18:51 - 2014-08-28 18:53 - 00000000 ____D () C:\Users\Revan\Desktop\Katie Books
2014-08-28 18:48 - 2014-08-28 18:51 - 00000000 ____D () C:\Users\Revan\Desktop\books
2014-08-28 18:34 - 2014-08-28 18:34 - 00362664 _____ () C:\Users\Revan\Downloads\MediaPlayerClassic_RocketFuelInstaller (1).exe
2014-08-28 18:30 - 2014-08-28 18:30 - 00362664 _____ () C:\Users\Revan\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Windows\system32\NV
2014-08-28 17:25 - 2014-07-02 16:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-28 17:25 - 2014-07-02 16:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-28 17:25 - 2014-07-02 16:48 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-08-28 17:13 - 2014-08-08 20:28 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-08-28 17:13 - 2014-08-08 20:28 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-08-28 17:10 - 2014-08-28 17:11 - 29849176 _____ (NVIDIA Corporation) C:\Users\Revan\Downloads\GeForce_Experience_v2.1.1.1.exe
2014-08-28 12:28 - 2014-09-11 12:01 - 00000000 ____D () C:\AdwCleaner
2014-08-28 12:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-28 12:27 - 2014-08-28 12:27 - 01364531 _____ () C:\Users\Revan\Downloads\adwcleaner_3.308.exe
2014-08-28 11:39 - 2014-08-28 11:39 - 00000276 _____ () C:\Users\Revan\Desktop\books.txt
2014-08-27 19:22 - 2014-08-27 19:22 - 00101886 _____ () C:\Users\Revan\Downloads\r_760000.torrent
2014-08-27 12:48 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 12:48 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 12:48 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 12:48 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-27 12:48 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-27 12:48 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-27 12:48 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-27 12:48 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 12:48 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 12:48 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 12:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-27 12:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 12:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-27 12:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-25 16:24 - 2014-08-25 16:24 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\SplitPlayPC
2014-08-25 16:23 - 2014-08-25 16:24 - 00000000 ____D () C:\Users\Revan\Desktop\SplitTool
2014-08-25 16:23 - 2014-08-25 16:23 - 01392216 _____ () C:\Users\Revan\Downloads\BETA 1.3 (1).zip
2014-08-25 16:22 - 2014-08-25 16:22 - 01392216 _____ () C:\Users\Revan\Downloads\BETA 1.3.zip
2014-08-24 17:41 - 2014-08-24 17:41 - 00889416 _____ (Microsoft Corporation) C:\Users\Revan\Downloads\dotNetFx40_Full_setup.exe
2014-08-24 17:17 - 2014-08-24 17:17 - 00063928 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-24 17:10 - 2014-08-25 21:43 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll
2014-08-24 17:10 - 2014-08-25 21:43 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe
2014-08-24 17:10 - 2014-08-25 21:43 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll
2014-08-24 17:10 - 2014-08-25 21:43 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll
2014-08-24 17:10 - 2014-08-25 21:43 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll
2014-08-24 17:10 - 2014-08-25 21:43 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe
2014-08-24 17:10 - 2014-08-25 21:43 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64
2014-08-24 17:10 - 2014-08-25 21:43 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys
2014-08-24 17:10 - 2014-08-25 21:43 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86
2014-08-24 17:10 - 2014-08-25 21:43 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Users\Revan\AppData\Local\Downloaded Installations
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Program Files\MiniFrame
2014-08-24 17:08 - 2014-08-24 17:09 - 51155176 _____ (Miniframe) C:\Users\Revan\Downloads\SoftXpandDuo.exe
2014-08-24 16:30 - 2014-08-24 16:32 - 00000000 ____D () C:\Users\Revan\Desktop\DS4Tool
2014-08-24 16:30 - 2014-08-24 16:30 - 01824443 _____ () C:\Users\Revan\Downloads\DS4Tool 1.2.2.zip
2014-08-24 16:30 - 2013-05-05 17:32 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2014-08-24 16:19 - 2014-08-24 16:19 - 00000000 ___RD () C:\Sandbox
2014-08-24 16:14 - 2014-08-24 16:14 - 00000246 _____ () C:\Users\Revan\Desktop\BL2 - Player 2.bat
2014-08-24 16:13 - 2014-08-24 16:13 - 00000236 _____ () C:\Users\Revan\Desktop\BL2 - Player 1.bat
2014-08-24 16:05 - 2014-09-10 10:58 - 00002540 _____ () C:\Windows\Sandboxie.ini
2014-08-24 16:05 - 2014-08-24 16:05 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Revan\Downloads\SandboxieInstall.exe
2014-08-24 16:05 - 2014-08-24 16:05 - 00000896 _____ () C:\Users\Revan\Desktop\Sandboxed Web Browser.lnk
2014-08-24 16:05 - 2014-08-24 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-24 16:05 - 2014-08-24 16:05 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-24 11:43 - 2014-08-24 11:43 - 01231447 _____ () C:\Users\Revan\Downloads\saveedit_r237.zip
2014-08-24 11:43 - 2014-08-24 11:43 - 00000000 ____D () C:\Users\Revan\Desktop\BL2 Save Editor
2014-08-22 21:57 - 2014-08-22 21:57 - 00000000 ____D () C:\Users\Revan\Documents\Thief
2014-08-22 20:10 - 2014-08-22 20:10 - 00001110 _____ () C:\Users\Revan\Desktop\Picasa 3.lnk
2014-08-22 20:09 - 2014-08-22 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-22 20:08 - 2014-08-22 20:09 - 17385800 _____ (Google Inc.) C:\Users\Revan\Downloads\picasa39-setup.exe
2014-08-21 22:13 - 2014-08-21 22:45 - 00000000 ____D () C:\Users\Revan\Downloads\PICTURES!
2014-08-15 03:00 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:00 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:00 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:00 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:00 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:00 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 17:25 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 17:25 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 17:25 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 17:25 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 17:25 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 17:25 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 17:25 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 17:25 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 17:25 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 17:25 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 17:25 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 17:25 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 17:25 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 17:25 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 17:25 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 17:25 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 17:25 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 17:25 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 17:25 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 17:25 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 17:25 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 17:25 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 17:24 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 17:24 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:24 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 17:24 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 20:46 - 2014-08-13 20:46 - 00000203 _____ () C:\Users\Revan\Desktop\songs.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 12:50 - 2014-09-12 12:49 - 00030706 _____ () C:\Users\Revan\Desktop\FRST.txt
2014-09-12 12:50 - 2014-09-12 12:49 - 00000000 ____D () C:\FRST
2014-09-12 12:49 - 2014-09-12 12:49 - 02105856 _____ (Farbar) C:\Users\Revan\Desktop\FRST64.exe
2014-09-12 12:10 - 2012-08-28 22:25 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 12:10 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 12:10 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 12:06 - 2012-08-28 21:56 - 02094122 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 12:04 - 2014-07-24 19:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 12:00 - 2012-08-28 22:25 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 11:55 - 2014-07-31 13:26 - 00000000 ____D () C:\Users\Revan\AppData\Local\Adobe
2014-09-12 11:55 - 2014-05-01 17:11 - 00408494 _____ () C:\FaceProv.log
2014-09-12 11:55 - 2012-08-28 22:24 - 00000000 ____D () C:\ProgramData\VeriFace
2014-09-11 22:41 - 2014-09-11 22:41 - 00000094 ____H () C:\Users\Revan\Desktop\.~lock.Web Research 2.rtf#
2014-09-11 22:40 - 2014-09-11 22:40 - 00000094 ____H () C:\Users\Revan\Downloads\.~lock.BUS_100_1141_SYLLABUS_FALL_2014_MWF_1115AM_1210PM (2).DOC#
2014-09-11 21:56 - 2014-09-11 21:56 - 00000665 _____ () C:\Users\Revan\Documents\Revan - Shortcut.lnk
2014-09-11 21:11 - 2014-09-11 21:11 - 04270612 _____ () C:\Users\Revan\Downloads\GuffeyCh04PPT.pptx
2014-09-11 12:13 - 2014-09-11 12:13 - 00000633 _____ () C:\Users\Revan\Desktop\JRT.txt
2014-09-11 12:09 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 12:05 - 2014-09-11 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-09-11 12:03 - 2014-09-11 12:03 - 01016261 _____ (Thisisu) C:\Users\Revan\Desktop\JRT.exe
2014-09-11 12:02 - 2010-11-20 23:47 - 00516340 _____ () C:\Windows\PFRO.log
2014-09-11 12:02 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 12:02 - 2009-07-14 00:51 - 00068181 _____ () C:\Windows\setupact.log
2014-09-11 12:01 - 2014-08-28 12:28 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-05-09 00:26 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\.minecraft
2014-09-10 19:24 - 2014-09-10 19:22 - 00002707 _____ () C:\Users\Revan\Desktop\mcedit.ini
2014-09-10 19:22 - 2014-09-10 19:22 - 00000000 ____D () C:\Users\Revan\Desktop\ServerJarStorage
2014-09-10 19:22 - 2014-09-05 12:46 - 00000000 ____D () C:\Users\Revan\Desktop\mcedit
2014-09-10 19:21 - 2014-09-10 19:18 - 45179679 _____ () C:\Users\Revan\Downloads\MCEdit.Fork.1.0.7.2.64bit.zip
2014-09-10 19:06 - 2014-05-07 02:29 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-09-10 13:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 12:54 - 2014-09-10 12:52 - 50931671 _____ () C:\Users\Revan\Downloads\DIVERSITY 2 PACKAGE.zip
2014-09-10 11:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-10 10:58 - 2014-09-10 10:58 - 01370467 _____ () C:\Users\Revan\Downloads\AdwCleaner (1).exe
2014-09-10 10:58 - 2014-08-24 16:05 - 00002540 _____ () C:\Windows\Sandboxie.ini
2014-09-10 10:43 - 2014-09-10 10:43 - 01370467 _____ () C:\Users\Revan\Desktop\AdwCleaner.exe
2014-09-10 10:38 - 2012-08-28 22:05 - 00775084 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 10:37 - 2014-05-03 10:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 10:35 - 2014-07-24 19:55 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 10:35 - 2014-07-24 19:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 10:35 - 2014-07-24 19:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 10:35 - 2014-05-03 10:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 14:19 - 2014-09-08 14:19 - 00029761 _____ () C:\ComboFix.txt
2014-09-08 14:19 - 2014-09-08 14:10 - 00000000 ____D () C:\Qoobox
2014-09-08 14:18 - 2014-09-08 14:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-08 14:17 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-08 14:08 - 2014-09-08 14:08 - 05576440 ____R (Swearware) C:\Users\Revan\Desktop\ComboFix.exe
2014-09-07 23:05 - 2014-09-07 23:05 - 04232099 _____ () C:\Users\Revan\Downloads\GuffeyCh03PPT.pptx
2014-09-07 22:34 - 2014-09-07 22:34 - 03996893 _____ () C:\Users\Revan\Downloads\GuffeyCh02PPT.pptx
2014-09-07 21:58 - 2014-09-07 21:58 - 00000581 _____ () C:\Users\Revan\Desktop\MBR.zip
2014-09-07 21:57 - 2014-09-07 21:57 - 00003230 _____ () C:\Users\Revan\Desktop\aswMBR.txt
2014-09-07 21:57 - 2014-09-07 21:57 - 00000512 _____ () C:\Users\Revan\Desktop\MBR.dat
2014-09-07 21:46 - 2014-09-07 21:46 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Revan\Desktop\tdsskiller.exe
2014-09-07 21:45 - 2014-09-07 21:45 - 05185536 _____ (AVAST Software) C:\Users\Revan\Desktop\aswMBR.exe
2014-09-05 16:44 - 2014-09-05 16:44 - 00021744 _____ () C:\Users\Revan\Desktop\Web Research - Geoffrey Heller.odt
2014-09-05 12:46 - 2014-09-10 19:22 - 00000000 ____D () C:\Users\Revan\Desktop\MCEdit-schematics
2014-09-03 18:31 - 2014-09-03 18:31 - 00033143 _____ () C:\Users\Revan\Desktop\dds.txt
2014-09-03 18:31 - 2014-09-03 18:31 - 00011548 _____ () C:\Users\Revan\Desktop\attach.txt
2014-09-03 18:30 - 2014-09-03 18:30 - 00688992 ____R (Swearware) C:\Users\Revan\Downloads\dds.com
2014-09-03 18:29 - 2014-05-01 17:12 - 00069936 _____ () C:\Users\Revan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 16:44 - 2009-07-14 00:45 - 04912656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 16:58 - 2014-05-09 00:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-02 15:49 - 2014-09-02 15:49 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-02 15:49 - 2014-09-02 15:49 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-02 15:49 - 2014-09-02 15:49 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\OpenOffice
2014-09-02 15:49 - 2014-09-02 15:48 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-02 15:48 - 2014-09-02 15:48 - 00000000 ____D () C:\Users\Revan\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-02 15:46 - 2014-09-02 15:44 - 140852175 _____ () C:\Users\Revan\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2014-09-02 15:42 - 2014-09-02 15:42 - 00455680 _____ () C:\Users\Revan\Downloads\ch01.ppt
2014-08-30 12:32 - 2014-05-01 17:11 - 00000000 ____D () C:\Users\Revan
2014-08-30 12:31 - 2014-08-28 22:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-30 12:30 - 2014-08-28 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-08-30 12:30 - 2014-05-08 20:33 - 00000000 ____D () C:\ProgramData\Norton
2014-08-30 12:30 - 2014-05-01 17:11 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-30 12:30 - 2011-10-10 04:19 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-30 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-30 12:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-29 14:09 - 2014-08-29 14:09 - 00003534 _____ () C:\Users\Revan\Desktop\attach.zip
2014-08-29 08:24 - 2014-08-29 08:24 - 00000000 _____ () C:\autoexec.bat
2014-08-28 22:30 - 2014-08-28 22:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-28 22:29 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2014-08-28 22:28 - 2014-08-28 22:28 - 00003146 _____ () C:\Windows\System32\Tasks\{91EE52FB-18C5-4D0A-876C-2CB021071E16}
2014-08-28 22:27 - 2014-08-28 22:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Revan\Downloads\SpyHunter-Installer.exe
2014-08-28 19:39 - 2014-08-28 19:39 - 02026456 _____ () C:\Users\Revan\Downloads\dixmlsetup.exe
2014-08-28 19:39 - 2014-08-28 19:39 - 00001111 _____ () C:\Users\Public\Desktop\DriveImage XML.lnk
2014-08-28 19:39 - 2014-08-28 19:39 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-08-28 19:36 - 2014-08-28 19:32 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-28 19:32 - 2014-08-28 19:32 - 00000888 _____ () C:\Users\Revan\Downloads\cbSetup.txt
2014-08-28 19:29 - 2014-08-28 19:29 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Revan\Downloads\cbSetup.exe
2014-08-28 19:20 - 2014-08-28 19:20 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-28 19:20 - 2014-08-28 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-28 19:20 - 2014-08-28 19:19 - 05421656 _____ () C:\Users\Revan\Downloads\RogueKillerX64 (1).exe
2014-08-28 19:18 - 2014-08-28 19:18 - 03778560 _____ () C:\Users\Revan\Downloads\RogueKillerX64.exe
2014-08-28 19:02 - 2014-08-28 18:55 - 00000000 ____D () C:\Users\Revan\AppData\Local\NPE
2014-08-28 18:57 - 2014-08-28 18:57 - 00000000 ____D () C:\NPE
2014-08-28 18:55 - 2014-05-31 00:47 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\uTorrent
2014-08-28 18:53 - 2014-08-28 18:51 - 00000000 ____D () C:\Users\Revan\Desktop\Katie Books
2014-08-28 18:51 - 2014-08-28 18:48 - 00000000 ____D () C:\Users\Revan\Desktop\books
2014-08-28 18:41 - 2014-07-28 11:49 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-08-28 18:34 - 2014-08-28 18:34 - 00362664 _____ () C:\Users\Revan\Downloads\MediaPlayerClassic_RocketFuelInstaller (1).exe
2014-08-28 18:34 - 2012-08-28 22:26 - 00002171 _____ () C:\Users\Revan\Desktop\Google Chrome.lnk
2014-08-28 18:30 - 2014-08-28 18:30 - 00362664 _____ () C:\Users\Revan\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-08-28 17:27 - 2014-08-28 17:27 - 00000000 ____D () C:\Windows\system32\NV
2014-08-28 17:27 - 2012-08-28 21:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-28 17:25 - 2012-08-28 21:58 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-28 17:13 - 2014-05-02 17:58 - 00000000 ____D () C:\Users\Revan\AppData\Local\NVIDIA Corporation
2014-08-28 17:11 - 2014-08-28 17:10 - 29849176 _____ (NVIDIA Corporation) C:\Users\Revan\Downloads\GeForce_Experience_v2.1.1.1.exe
2014-08-28 12:27 - 2014-08-28 12:27 - 01364531 _____ () C:\Users\Revan\Downloads\adwcleaner_3.308.exe
2014-08-28 11:39 - 2014-08-28 11:39 - 00000276 _____ () C:\Users\Revan\Desktop\books.txt
2014-08-27 20:15 - 2014-07-31 13:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-27 19:22 - 2014-08-27 19:22 - 00101886 _____ () C:\Users\Revan\Downloads\r_760000.torrent
2014-08-25 23:02 - 2014-05-14 13:53 - 00000000 ____D () C:\Users\Revan\AppData\Local\CrashDumps
2014-08-25 21:43 - 2014-08-24 17:10 - 01283480 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.dll
2014-08-25 21:43 - 2014-08-24 17:10 - 01241440 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.exe
2014-08-25 21:43 - 2014-08-24 17:10 - 00531352 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.dll
2014-08-25 21:43 - 2014-08-24 17:10 - 00420744 _____ () C:\Windows\system32\mfcoredll.dll
2014-08-25 21:43 - 2014-08-24 17:10 - 00382856 _____ () C:\Windows\SysWOW64\mfcoredll.dll
2014-08-25 21:43 - 2014-08-24 17:10 - 00316760 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.exe
2014-08-25 21:43 - 2014-08-24 17:10 - 00147344 _____ (MiniFrame) C:\Windows\system32\mfcoresfp.x64
2014-08-25 21:43 - 2014-08-24 17:10 - 00073624 _____ () C:\Windows\system32\Drivers\mfcore.sys
2014-08-25 21:43 - 2014-08-24 17:10 - 00067472 _____ (MiniFrame) C:\Windows\SysWOW64\mfcoresfp.x86
2014-08-25 21:43 - 2014-08-24 17:10 - 00016792 _____ () C:\Windows\system32\mfcoresvc.exe
2014-08-25 16:24 - 2014-08-25 16:24 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\SplitPlayPC
2014-08-25 16:24 - 2014-08-25 16:23 - 00000000 ____D () C:\Users\Revan\Desktop\SplitTool
2014-08-25 16:23 - 2014-08-25 16:23 - 01392216 _____ () C:\Users\Revan\Downloads\BETA 1.3 (1).zip
2014-08-25 16:22 - 2014-08-25 16:22 - 01392216 _____ () C:\Users\Revan\Downloads\BETA 1.3.zip
2014-08-24 17:41 - 2014-08-24 17:41 - 00889416 _____ (Microsoft Corporation) C:\Users\Revan\Downloads\dotNetFx40_Full_setup.exe
2014-08-24 17:17 - 2014-08-24 17:17 - 00063928 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Users\Revan\AppData\Local\Downloaded Installations
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Program Files\MiniFrame
2014-08-24 17:09 - 2014-08-24 17:08 - 51155176 _____ (Miniframe) C:\Users\Revan\Downloads\SoftXpandDuo.exe
2014-08-24 16:32 - 2014-08-24 16:30 - 00000000 ____D () C:\Users\Revan\Desktop\DS4Tool
2014-08-24 16:30 - 2014-08-24 16:30 - 01824443 _____ () C:\Users\Revan\Downloads\DS4Tool 1.2.2.zip
2014-08-24 16:19 - 2014-08-24 16:19 - 00000000 ___RD () C:\Sandbox
2014-08-24 16:14 - 2014-08-24 16:14 - 00000246 _____ () C:\Users\Revan\Desktop\BL2 - Player 2.bat
2014-08-24 16:13 - 2014-08-24 16:13 - 00000236 _____ () C:\Users\Revan\Desktop\BL2 - Player 1.bat
2014-08-24 16:05 - 2014-08-24 16:05 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Revan\Downloads\SandboxieInstall.exe
2014-08-24 16:05 - 2014-08-24 16:05 - 00000896 _____ () C:\Users\Revan\Desktop\Sandboxed Web Browser.lnk
2014-08-24 16:05 - 2014-08-24 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-08-24 16:05 - 2014-08-24 16:05 - 00000000 ____D () C:\Program Files\Sandboxie
2014-08-24 11:47 - 2014-05-31 00:32 - 00000000 ____D () C:\Users\Revan\Documents\my games
2014-08-24 11:43 - 2014-08-24 11:43 - 01231447 _____ () C:\Users\Revan\Downloads\saveedit_r237.zip
2014-08-24 11:43 - 2014-08-24 11:43 - 00000000 ____D () C:\Users\Revan\Desktop\BL2 Save Editor
2014-08-24 04:19 - 2014-05-09 00:27 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-08-24 02:38 - 2014-08-02 14:32 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\Rogue Legacy
2014-08-22 22:07 - 2014-08-30 12:36 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:57 - 2014-08-22 21:57 - 00000000 ____D () C:\Users\Revan\Documents\Thief
2014-08-22 21:45 - 2014-08-30 12:36 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-30 12:36 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 20:12 - 2014-05-13 21:24 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\Nitro PDF
2014-08-22 20:10 - 2014-08-22 20:10 - 00001110 _____ () C:\Users\Revan\Desktop\Picasa 3.lnk
2014-08-22 20:10 - 2014-08-22 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-22 20:10 - 2014-05-01 17:16 - 00000000 ____D () C:\Users\Revan\AppData\Local\Google
2014-08-22 20:09 - 2014-08-22 20:08 - 17385800 _____ (Google Inc.) C:\Users\Revan\Downloads\picasa39-setup.exe
2014-08-22 20:09 - 2012-08-28 22:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-22 20:02 - 2014-05-01 17:16 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\Adobe
2014-08-21 22:45 - 2014-08-21 22:13 - 00000000 ____D () C:\Users\Revan\Downloads\PICTURES!
2014-08-19 14:05 - 2014-09-10 10:38 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 13:39 - 2014-09-10 10:38 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 19:01 - 2014-09-10 10:38 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:29 - 2014-09-10 10:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:29 - 2014-09-10 10:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:26 - 2014-09-10 10:38 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:20 - 2014-09-10 10:38 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:19 - 2014-09-10 10:38 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:15 - 2014-09-10 10:38 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:15 - 2014-09-10 10:38 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:14 - 2014-09-10 10:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:14 - 2014-09-10 10:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:08 - 2014-09-10 10:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:08 - 2014-09-10 10:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:08 - 2014-09-10 10:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:05 - 2014-09-10 10:38 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 18:03 - 2014-09-10 10:38 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:03 - 2014-09-10 10:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:03 - 2014-09-10 10:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 17:57 - 2014-09-10 10:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 17:56 - 2014-09-10 10:38 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 17:51 - 2014-09-10 10:38 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 17:46 - 2014-09-10 10:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 17:45 - 2014-09-10 10:38 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 17:45 - 2014-09-10 10:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 17:44 - 2014-09-10 10:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 17:44 - 2014-09-10 10:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 17:42 - 2014-09-10 10:38 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 17:40 - 2014-09-10 10:38 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 17:39 - 2014-09-10 10:38 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 17:39 - 2014-09-10 10:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 17:39 - 2014-09-10 10:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 17:38 - 2014-09-10 10:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 17:37 - 2014-09-10 10:38 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 17:36 - 2014-09-10 10:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 17:35 - 2014-09-10 10:38 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 17:27 - 2014-09-10 10:38 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 17:25 - 2014-09-10 10:38 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 17:25 - 2014-09-10 10:38 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 17:23 - 2014-09-10 10:38 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 17:23 - 2014-09-10 10:38 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 17:22 - 2014-09-10 10:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 17:19 - 2014-09-10 10:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 17:17 - 2014-09-10 10:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 17:17 - 2014-09-10 10:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 17:16 - 2014-09-10 10:38 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 17:15 - 2014-09-10 10:38 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 17:15 - 2014-09-10 10:38 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 17:09 - 2014-09-10 10:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 17:08 - 2014-09-10 10:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 17:07 - 2014-09-10 10:38 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 16:55 - 2014-09-10 10:38 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 16:46 - 2014-09-10 10:38 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 16:38 - 2014-09-10 10:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 16:38 - 2014-09-10 10:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:36 - 2014-09-10 10:38 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 14:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 20:46 - 2014-08-13 20:46 - 00000203 _____ () C:\Users\Revan\Desktop\songs.txt
2014-08-13 11:31 - 2014-05-19 15:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-13 11:00 - 2014-05-19 14:54 - 00000000 ____D () C:\Users\Revan\AppData\Roaming\MediaMonkey
 
Files to move or delete:
====================
C:\Users\Revan\dragon age awakening- velanna.exe
 
 
Some content of TEMP:
====================
C:\Users\Revan\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-07 02:13
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Revan at 2014-09-12 12:50:30
Running from C:\Users\Revan\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.14.15 - Atheros Communications Inc.)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cube World version 0.0.1 (HKLM-x32\...\{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1) (Version: 0.0.1 - Picroma)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Dragon Age Awakening Redesigned (HKCU\...\Dragon Age Awakening Redesigned) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKCU\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned© (HKCU\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
DYNASTY WARRIORS 8: Xtreme Legends Complete Edition (HKLM-x32\...\Steam App 278080) (Version:  - TECMO KOEI GAMES CO., LTD.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.4.1 - Lenovo)
Energy Management (x32 Version: 7.0.4.1 - Lenovo) Hidden
Franchise Hockey Manager 2014 (HKLM-x32\...\Steam App 299890) (Version:  - Out of the Park Developments)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{A772BF60-20A5-4279-A18B-B9D8DBC9B30A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.11.0000.1384 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.10.0.0136 - Intel Corporation) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.64.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.117 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1509 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1509 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3712.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.3712.52 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
LockKey (HKLM-x32\...\InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}) (Version: 1.38.1.2 - Lenovo)
LockKey (x32 Version: 1.38.1.2 - Lenovo) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NBTExplorer (HKLM-x32\...\{06107EDA-5B85-4CEC-AB1E-8350DEC15231}) (Version: 2.7.4.0 - Justin Aquadro)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Nitro Pro 7 (HKLM\...\{0B2DA308-B255-4EFC-82C4-D13977A48A5C}) (Version: 7.4.1.12 - Nitro PDF Software)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.7 - Lenovo)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.36 (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.36 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Planet Explorers (HKLM-x32\...\Steam App 237870) (Version:  - Pathea Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
Super Motherload (HKLM-x32\...\Steam App 269110) (Version:  - XGen Studios)
Sword of the Stars: The Pit (HKLM-x32\...\Steam App 233700) (Version:  - Kerberos Productions Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{A3070098-A41D-42D9-B6D3-2EF15285E719}) (Version: 2.14.0605 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{B5300E76-AA13-4542-8E0E-776A280FE47E}) (Version: 2.14.0503 - Samsung Electronics Co., Ltd.)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version:  - inXile Entertainment)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
31-08-2014 07:00:10 Windows Update
02-09-2014 19:48:49 Installed OpenOffice 4.1.1
08-09-2014 18:11:54 ComboFix created restore point
10-09-2014 14:34:42 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-08 14:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D691BE4-29BA-49DF-8C25-4CFABC749825} - System32\Tasks\Lenovo\Lenovo Product Registration (Revan) => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26] (Lenovo, Inc.)
Task: {10A70CF2-A207-494D-BE56-E0FF643F28DA} - System32\Tasks\{3A295DCF-E9F6-4FAB-9CC4-B92FE08E1FDC} => E:\Setup.exe
Task: {11CB5DE0-63D5-4153-9B1E-9E697D659724} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3223D822-D721-404A-8415-DEECC4D1710C} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3313018A-FA15-42C3-8264-4C1C5B0DF4B7} - System32\Tasks\{AF8AF15B-DD2A-45FE-A88C-E0794B88E823} => E:\Setup.exe
Task: {3A867791-4169-4E6C-B03B-4C393A7605BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {62DDC51E-F56B-4F34-BD75-A3965D785989} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: {81A7102F-9DFD-4998-BC03-D4816102ADE8} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8C6D8EC2-D8ED-4722-B521-E996A7504B3F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {92C1E79D-EC76-4309-9E3A-8FED437151BB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {EDEF0106-B825-42D7-9E63-670A2A41F5F9} - System32\Tasks\AdobeAAMUpdater-1.0-Revan-PC-Revan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {F791E7E6-C40A-4048-9DB9-CB0C0396F1ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-28 21:58 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-02 16:58 - 2011-06-02 16:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 16:59 - 2011-06-02 16:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2008-12-20 06:20 - 2012-08-28 22:26 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-19 19:22 - 2012-08-28 22:26 - 01516592 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-08-28 22:22 - 2012-08-28 22:22 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2012-08-28 22:22 - 2011-12-08 14:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2012-08-28 22:08 - 2010-10-26 01:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2012-07-08 20:56 - 2012-06-06 21:51 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-08-28 22:24 - 2012-08-28 22:24 - 01508192 _____ () C:\Windows\system32\IcnOvrly.dll
2008-12-20 06:20 - 2012-08-28 22:26 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-06-02 16:57 - 2011-06-02 16:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 16:58 - 2011-06-02 16:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2014-05-02 17:54 - 2014-07-02 16:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-28 22:24 - 2012-08-28 22:24 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-09-10 13:02 - 2014-09-10 13:02 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4361e26af57c86003751ac77cce1c827\IsdiInterop.ni.dll
2012-08-28 22:03 - 2011-11-29 23:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-28 22:03 - 2012-02-21 00:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-03 23:12 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 23:12 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 23:12 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 23:12 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 23:12 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2014 00:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.2.183.21, time stamp: 0x4b95e661
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0xb1c
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/11/2014 00:37:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (09/12/2014 00:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.2.183.214b95e661ntdll.dll6.1.7601.18247521ea8e7c0000005000223e0b1c01cfcea1fcc83fb1C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dllfb8fe683-3a95-11e4-8f06-e006e6bd106a
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (09/12/2014 00:32:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-08 14:17:25.233
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-08 14:17:25.202
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-26 01:35:29.922
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:29.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:26.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:26.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:23.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:23.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:19.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-26 01:35:19.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8094.36 MB
Available physical RAM: 4341.47 MB
Total Pagefile: 16686.89 MB
Available Pagefile: 12575.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:917.19 GB) (Free:685.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:24.41 GB) (Free:12.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 961.3 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=917.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
 
==================== End Of Log ============================


#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 AM

Posted 12 September 2014 - 09:53 PM

Hi,

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.
===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Edited by Conspire, 12 September 2014 - 09:53 PM.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 gheller22

gheller22
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 15 September 2014 - 12:23 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\DynLib.dll.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MezaaControl.exe.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MezaaSvc.exe.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MezaaTray.exe.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MezaaUp.exe.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MLSP.exe.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MLSP64.exe.vir Win64/Adware.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MZA.dll.vir Win32/AdWare.Sendori.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\MZA64.dll.vir Win64/Adware.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mezaa\Interop.PCProxyLib.dll.vir MSIL/Adware.Sendori.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
C:\Users\Revan\Downloads\CheatEngine64.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted - quarantined
 
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/09/14 22:36:30 -0400</date>
<logfile>mbam-log-2014-09-14 (22-36-29).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.15.01</malware-database>
<rootkit-database>v2014.09.13.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Revan</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>hyper</type>
<result>completed</result>
<objects>267621</objects>
<time>20241</time>
<processes>0</processes>
<modules>0</modules>
<keys>2</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>disabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\SAFEBOOT\NETWORK\MZA</path><vendor>PUP.Optional.Mezza</vendor><action>success</action><hash>b73608e515663105ea5107fdf211936d</hash></key>
<key><path>HKU\S-1-5-21-1587387643-2627450190-1743322074-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}</path><vendor>PUP.Optional.Groovorio</vendor><action>success</action><hash>24c98667ccaf52e49945195071939d63</hash></key>
</items>
</mbam-log>





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users