Solved COM Surrogate issue

K

Kuthe93

New Member
Thread author
Verified
Nov 20, 2014
16
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.07.07

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17416
Kuthe :: JEREMY [administrator]

8/12/2014 12:23:39 AM
mbar-log-2014-12-08 (00-23-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 314230
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)







---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17416

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.500000 GHz
Memory total: 8539471872, free: 6315925504

Downloaded database version: v2014.12.07.07
Downloaded database version: v2014.12.03.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
12/08/2014 00:23:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\anodlwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\ISCTD.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\CorsairVBusDriver.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\point64.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\nvvadarm.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\mslldp.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys
\??\C:\Windows\System32\Drivers\INETMON.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\System32\drivers\CorsairVHidDriver.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffe0010bed3060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000038\
Lower Device Object: 0xffffe0010bd00060
Lower Device Driver Name: \Driver\storahci\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe0010bed2060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000037\
Lower Device Object: 0xffffe0010bd027f0
Lower Device Driver Name: \Driver\storahci\
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe0010bed3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0010bed3b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0010bed3060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0010b3d95a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0010bd00060, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe0010bed2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe0010bed2b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe0010bed2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0010bd019f0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0010b3d8ba0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0010bd027f0, DeviceName: \Device\00000037\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2396595545
GPT Header CurrentLba = 1 BackupLba 3907029167
GPT Header FirstUsableLba 34 LastUsableLba 3907029134
GPT Header Guid 773ba1b4-16f-4642-9d83-7162c85999bc
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2396595545
Backup GPT header CurrentLba = 3907029167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
Backup GPT header Guid 773ba1b4-16f-4642-9d83-7162c85999bc
Backup GPT header Contains 128 partition entries starting at LBA 3907029135
Backup GPT header Partition entry size = 128

Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 50a7f67d-cd85-48a8-9d25-684bd4688d3
FirstLBA 34 Last LBA 262177
Attributes 0
Partition Name Microsoft reserved partition

Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c3ade03c-3b68-4605-b92d-68b46763451
FirstLBA 264192 Last LBA 3907028991
Attributes 0
Partition Name Basic data partition

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 222605710
GPT Header CurrentLba = 1 BackupLba 488397167
GPT Header FirstUsableLba 34 LastUsableLba 488397134
GPT Header Guid 9d3fd2b1-f350-44a3-9f9f-2e81f14cd661
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 222605710
Backup GPT header CurrentLba = 488397167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 488397134
Backup GPT header Guid 9d3fd2b1-f350-44a3-9f9f-2e81f14cd661
Backup GPT header Contains 128 partition entries starting at LBA 488397135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID da9ce48f-79f0-4645-a070-9c59de49531
FirstLBA 2048 Last LBA 616447
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID e197b2cf-a2f6-4fda-b83b-4ea279fdca12
FirstLBA 616448 Last LBA 819199
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 8393974e-7c4c-422e-b248-4c8a49e2e7fe
FirstLBA 819200 Last LBA 1081343
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID c04dbbb8-c67b-4a99-8b47-69588bb54a1f
FirstLBA 1081344 Last LBA 488396799
Attributes 0
Partition Name Basic data partition

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 

Attachments

  • Fixlog.txt
    1.4 KB · Views: 31
K

Kuthe93

New Member
Thread author
Verified
Nov 20, 2014
16
Oh that' so strange.
Like I said, and showed in that screenshot earlier, COM Surrogate is still there in my Task Manager only running at like 0.6 MB/s of my memory. And sometimes when I click over it, it disappears and won't reappear until I reopen Task Manager.

Do you think it should be there, or that you helped remove the virus, and some parts of it are left over?
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
Do you think it should be there, or that you helped remove the virus, and some parts of it are left over?
Click to expand...

I think it's, CPU would have been 100%.
 
K

Kuthe93

New Member
Thread author
Verified
Nov 20, 2014
16
So as far as you know, there's no way to permanently remove it then?
I just don't trust it then, especially with me receiving knowledge of a Chinese ip obtaining an email password in the last couple of weeks.
 
argus

argus

Former MalwareTips Staff
Verified
Apr 24, 2014
3,395
I do not see active malware, We'll run another test.


51a612a8b27e2-Zoek.png
Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on
    51a612a8b27e2-Zoek.png
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    Code: 
    autoclean;
createsrpoint;
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
K

Kuthe93

New Member
Thread author
Verified
Nov 20, 2014
16
Coolcool thanks for the next step.





Zoek.exe v5.0.0.0 Updated 06-December-2014
Tool run by Kuthe on Mon 08/12/2014 at 23:56:16.29.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kuthe\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/12/2014 11:56:37 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\GUM38C9.tmp deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Kuthe\AppData\Local\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Documents deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-12-04 02:32:31 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2014-11-18 00:48:01 ACDBE1ED38167C8B01B8F63161BB2CEA 2374784 ----a-w- C:\Windows\explorer.exe
2014-11-14 03:27:32 FFC77870402F6DDD5BB8172C6A55DFB3 2080472 ------r- C:\Windows\RtlExUpd.dll
====== C:\Users\Kuthe\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-12-01 11:59:07 A1965DFC0CD91E7CFC42925F8F597274 34808 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-19 02:40:08 6416E79A58A8FCC33A447A4DDDD3BF04 412160 ----a-w- C:\Windows\Sysnative\drivers\srv.sys
2014-11-19 02:40:08 038C77D577900EE39410662478BB0D50 2009920 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2014-11-19 02:40:07 5BED3AB69797C8786EF70AEA8C33748B 674816 ----a-w- C:\Windows\Sysnative\drivers\srv2.sys
2014-11-19 02:40:06 FF78D053A05E5A394F4E3C1816CC65A8 143680 -c--a-w- C:\Windows\Sysnative\drivers\usbccgp.sys
2014-11-19 02:40:05 240C5C3793206725AA05665851E8C214 412992 -c--a-w- C:\Windows\Sysnative\drivers\spaceport.sys
2014-11-19 02:40:04 64CA2B4A49A8EAF495E435623ECCE7DB 310080 -c--a-w- C:\Windows\Sysnative\drivers\volsnap.sys
2014-11-19 02:40:03 D047CD668E6277FD80F0C613946F034C 246272 ----a-w- C:\Windows\Sysnative\drivers\srvnet.sys
2014-11-19 02:40:02 FEF0BC107812B36849741C3211BA6B60 419648 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys
2014-11-19 02:40:02 26ACA481FAFEC59FE311D719E3027BBA 446976 ----a-w- C:\Windows\Sysnative\drivers\nwifi.sys
2014-11-19 02:40:02 1DD05F4857C2188744B9E864658949DD 295424 ----a-w- C:\Windows\Sysnative\drivers\ks.sys
2014-11-19 02:40:00 E4B4BE2D7750849C07589DA0B0AABA01 1118040 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys
2014-11-19 02:40:00 D4B7ED39C7900384D9E5C1283F1E7926 76800 -c--a-w- C:\Windows\Sysnative\drivers\hdaudbus.sys
2014-11-19 02:40:00 C910E5D18958914A66F0E45689D0B40A 206848 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-11-19 02:40:00 B1AA3B19A2E596A59224F893E01A5A75 126464 ----a-w- C:\Windows\Sysnative\drivers\NdisImPlatform.sys
2014-11-19 02:39:57 91ED124E261EA8FAA1C0FFDF2A71B0C4 280384 -c--a-w- C:\Windows\Sysnative\drivers\pci.sys
2014-11-19 02:39:56 9C096BF5E10CA8BFA56F32522A89FAF1 79872 ----a-w- C:\Windows\Sysnative\drivers\IPMIDrv.sys
2014-11-18 09:49:59 435DCC78057A57965DA660A85A0922DE 135384 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-18 09:49:44 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-11-18 01:13:31 947EA0AFF75E3E70D5BE9F88F6325F30 2641 ----a-w- C:\Windows\Sysnative\drivers\mfencrk.inf
2014-11-18 01:13:31 628DC155C32875B286B2742D10D196C2 5442 ----a-w- C:\Windows\Sysnative\drivers\mfencbdc.inf
2014-11-18 01:13:21 29F981739E50305128022CBE10B3659C 197704 ----a-w- C:\Windows\Sysnative\drivers\HipShieldK.sys
2014-11-18 00:48:04 8DF1254093B5C354CE725EB6B9B0DE19 146752 ----a-w- C:\Windows\Sysnative\drivers\msgpioclx.sys
2014-11-18 00:42:20 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-18 00:42:20 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2014-11-18 00:42:19 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-11-18 00:41:33 313DCE665B57000B18CB26C6B6A10DFE 1557848 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-11-18 00:40:16 374E27295F0A9DCAA8FC96370F9BEEA5 563200 ----a-w- C:\Windows\Sysnative\drivers\afd.sys
2014-11-18 00:36:28 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-11-18 00:36:27 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
2014-11-18 00:36:26 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-11-18 00:34:19 7A1A3F213CDB3363D179D5014272025D 402432 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-11-18 00:34:15 674A4702E4E144E8710ED1A2EC6DD049 96768 ----a-w- C:\Windows\Sysnative\drivers\agilevpn.sys
2014-11-18 00:34:14 65ED7B9CFEA893DF7748D5FF692690DE 38912 ----a-w- C:\Windows\Sysnative\drivers\vwifimp.sys
2014-11-18 00:34:11 35BF5C5F5E3C9902C98978C7640574DA 71680 ----a-w- C:\Windows\Sysnative\drivers\vwififlt.sys
2014-11-18 00:32:02 E0927EFA25D473367C3341B9F5969779 115712 ----a-w- C:\Windows\Sysnative\drivers\bridge.sys
2014-11-18 00:32:02 65392F3F3F65E4C6CC82A0F4F8A0B051 468288 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS
2014-11-18 00:31:56 E3FCE2A6B3533D99A3B498504DF9CC47 474432 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-11-18 00:31:56 CCB3A2BB60FE5073F2DEA63FE83CF8FE 2497344 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-11-18 00:31:55 7F23E38C5B6448F91439E4066645191E 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-11-18 00:31:55 66732C13628BDB1AB0D6FD46027327C2 148800 -c--a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
2014-11-18 00:31:42 FE0ADF5028EB8C1339B66B3AEDE3FEF9 440664 -c--a-w- C:\Windows\Sysnative\drivers\usbport.sys
2014-11-18 00:31:42 D79920BE4E6683D3AB50F71457A4F6C6 27480 -c--a-w- C:\Windows\Sysnative\drivers\usbd.sys
2014-11-18 00:31:42 D537815E450A149752C15868392AD1F3 110592 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys
2014-11-18 00:31:42 7CCBBCEE408A5DBE3FE47297DB5A6CFC 227840 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys
2014-11-18 00:31:42 48BA326A3DBA5B5BEB5F2777F4618696 89944 -c--a-w- C:\Windows\Sysnative\drivers\usbehci.sys
2014-11-18 00:31:42 064260B3A5868AC894A4943543BC7AB7 37376 -c--a-w- C:\Windows\Sysnative\drivers\usbuhci.sys
2014-11-18 00:31:35 F152D55E497E12256290C43B31C7D0CE 589656 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
2014-11-18 00:31:35 CADCE0D6C30427F70A4BFA426256F68C 337240 ----a-w- C:\Windows\Sysnative\drivers\Classpnp.sys
2014-11-18 00:31:34 D90AB68D0FAC9F357F663670FDBB511E 275800 -c--a-w- C:\Windows\Sysnative\drivers\msiscsi.sys
2014-11-18 00:31:34 6592D192E2823C043EDBC010E7774053 360792 ----a-w- C:\Windows\Sysnative\drivers\fltMgr.sys
2014-11-18 00:31:34 4C1E71E37B56C768900B1FCF81205027 372568 ----a-w- C:\Windows\Sysnative\drivers\storport.sys
2014-11-18 00:31:29 182561A14F2E93E81E66FE3700D17A5A 55328 ----a-w- C:\Windows\Sysnative\drivers\wpcfltr.sys
2014-11-17 06:20:15 7FC5667DF73D4B04AA457CC3A4180E09 157016 ----a-w- C:\Windows\Sysnative\drivers\wof.sys
2014-11-17 06:20:13 4030CB06B8D963A45CED9E60C9F2A11E 379224 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2014-11-17 06:20:13 179A41249055D5F039F1B6703F3B6D2B 376152 ----a-w- C:\Windows\Sysnative\drivers\clfs.sys
2014-11-17 06:20:08 A03F362C5557E238CBFA914689C77248 134144 ----a-w- C:\Windows\Sysnative\drivers\dfsc.sys
2014-11-17 06:20:07 BFBE1C5F57FE7A885673A1962D5532B7 136024 ----a-w- C:\Windows\Sysnative\drivers\wfplwfs.sys
2014-11-17 06:20:07 8DB8EAB9D0C6A5DF0BDCADEA239220B4 33280 -c--a-w- C:\Windows\Sysnative\drivers\hidusb.sys
2014-11-17 06:20:06 41CF802064F72E55F50CA0A221FD36D4 49152 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys
2014-11-17 06:20:05 ABB7341766902F5AAB45E15F34D19E15 111616 -c--a-w- C:\Windows\Sysnative\drivers\hidclass.sys
2014-11-17 06:20:04 1D55DADC22D21883A2F80297F5A5AE48 140288 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
2014-11-17 06:20:03 3E28B99198B514DFEB152EACF913025E 283648 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2014-11-17 06:17:18 9539F7917B4B6D92C90F0FAA6B86C605 539992 -c--a-w- C:\Windows\Sysnative\drivers\acpi.sys
2014-11-17 06:17:10 A26AEC49F318FEE141DDDB2C5F99B3E6 249688 ----a-w- C:\Windows\Sysnative\drivers\rdyboost.sys
2014-11-17 06:16:52 8685379B82AC81187813225905531D1E 272896 -c--a-w- C:\Windows\Sysnative\drivers\portcls.sys
2014-11-17 06:16:51 52E483A3701A5A61A75A06993720347D 551256 -c--a-w- C:\Windows\Sysnative\drivers\vhdmp.sys
2014-11-17 06:16:35 DDEE191AB32DFC22C6465002ECDF5EE4 124416 ----a-w- C:\Windows\Sysnative\drivers\luafv.sys
2014-11-17 06:16:35 0ECEE590F2E2EF969FB74A6FC583A1E6 663040 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys
2014-11-17 06:16:33 FDEC5799BA499D18AFA3A540538866E7 236888 -c--a-w- C:\Windows\Sysnative\drivers\sdbus.sys
2014-11-17 06:16:26 E515A287C8FAE901EB8FB42F168E14F2 924504 ----a-w- C:\Windows\Sysnative\drivers\refs.sys
2014-11-17 06:16:26 BCFD8B149B3ADF92D0DB1E909CAF0265 79192 ----a-w- C:\Windows\Sysnative\drivers\fileinfo.sys
2014-11-17 06:16:25 38A82F4EE8C416A6744B6D30381ED768 33280 -c--a-w- C:\Windows\Sysnative\drivers\BasicRender.sys
2014-11-17 06:16:25 02836172141D3AFA35B07679E253E503 151384 -c--a-w- C:\Windows\Sysnative\drivers\dumpsd.sys
2014-11-17 06:16:24 0B1E929D11A8E358106955603FAC65E8 79192 -c--a-w- C:\Windows\Sysnative\drivers\sdstor.sys
2014-11-17 06:16:18 61A1C2641321A6B89A2B41C5D481EF48 71888 ----a-w- C:\Windows\Sysnative\drivers\dumpfve.sys
2014-11-17 06:16:15 48430B0313FC1CFE3D2400553F1A93CD 325464 -c--a-w- C:\Windows\Sysnative\drivers\USBXHCI.SYS
2014-11-17 06:16:14 B034A41891A36457B994307DFA772293 189784 -c--a-w- C:\Windows\Sysnative\drivers\UCX01000.SYS
2014-11-17 06:16:11 9DDCA7F18983C5410DEFF79F819DF93C 994136 ----a-w- C:\Windows\Sysnative\drivers\http.sys
2014-11-17 06:16:01 9CC0003FB8ED3763B977B43F1012FF63 54272 ----a-w- C:\Windows\Sysnative\drivers\watchdog.sys
2014-11-16 09:36:08 6B06E2D11E604BE2B1A406C4CB3B90DE 57176 -c--a-w- C:\Windows\Sysnative\drivers\stornvme.sys
2014-11-16 09:34:16 B7342B3C58E91107F6E946A93D9D4EFD 142848 ----a-w- C:\Windows\Sysnative\drivers\ipnat.sys
2014-11-16 09:34:16 1C89EF529DB7DCA98E801EFDCC8437DE 19456 -c--a-w- C:\Windows\Sysnative\drivers\BtaMPM.sys
2014-11-16 09:31:34 A1A5E79C0D1352AFDC08328A623DA051 408576 ----a-w- C:\Windows\Sysnative\drivers\rdbss.sys
2014-11-16 09:30:24 ADDECBCC777665BD113BED437E602AB0 101208 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2014-11-16 09:30:16 A026EDEAA5EECAE0B08E2748B616D4BD 175960 ----a-w- C:\Windows\Sysnative\drivers\VerifierExt.sys
2014-11-16 09:30:10 04951A9A937CBE28A2D3FEEA360B6D1F 83456 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
2014-11-16 09:26:10 139CFCDCD36B1B1782FD8C0014AC9B0E 39768 -c--a-w- C:\Windows\Sysnative\drivers\intelpep.sys
2014-11-16 09:26:10 0044B31F93946D5D41982314381FE431 146776 ----a-w- C:\Windows\Sysnative\drivers\SerCx2.sys
2014-11-16 09:26:09 B9D968D8E2B0F9C6301CEB39CFC9B9E4 86872 ----a-w- C:\Windows\Sysnative\drivers\pdc.sys
2014-11-14 10:34:04 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-11-14 10:23:37 FDB03499693DEFD0B6754264C187F967 13207184 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
2014-11-14 10:23:37 C4E0CB81D36A14807628DD70105D6696 39056 ----a-w- C:\Windows\Sysnative\drivers\nvvadarm.sys
2014-11-14 04:29:37 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3 38216 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
2014-11-14 03:32:42 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_INETMON_01011.Wdf
2014-11-14 03:32:42 0BBE196EED750C18E5D4B3CB55EB097C 25800 ----a-w- C:\Windows\Sysnative\drivers\INETMON.sys
2014-11-14 03:30:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-11-14 03:28:24 886CE666A9507E17475C7156B157D181 5804772 ----a-w- C:\Windows\Sysnative\drivers\rtvienna.dat
2014-11-14 03:28:07 70DD225646BF84233E18890583E57EFB 3882456 ----a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys
2014-11-14 03:28:06 CAC02E951108A92C26669262129BF3B5 837014 ----a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2014-11-14 03:26:49 D9C5260772FDA64AB729C0B4822F11E3 838872 ----a-w- C:\Windows\Sysnative\drivers\Rt630x64.sys
2014-11-14 03:22:09 C87B11EB78428853F9E8495C47E53C10 197408 ----a-w- C:\Windows\Sysnative\drivers\nvhda64v.sys
2014-11-14 02:31:51 4CCF421E6C4B2A4CBCE000715911F7CC 15872 ----a-w- C:\Windows\Sysnative\drivers\anodlwfx.sys
2014-11-14 02:20:45 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
====== C:\Windows\Tasks ======
2014-11-16 10:23:09 9B5BBE65BF46FC888695004FEC569B05 830 ----a-w- C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 10:23:09 044B73E94A392CED3C48024518BE939E 3718 ----a-w- C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-11-14 23:03:42 463B07980121D5557C7CA1D7E8EE76E4 3918 ----a-w- C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{B1471B66-7717-4090-A6A8-2DA7BD8D0A7F}
2014-11-14 10:37:31 65F36D4B537280C48507A38BF6072108 3234 ----a-w- C:\Windows\Sysnative\Tasks\SamsungMagician
2014-11-14 07:28:48 EAFF5A20637B608B92C1FCCFC411F5E0 3118 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-11-14 07:28:48 38C7CCB21D1B852DF6E087AD10C63307 3090 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-11-14 07:28:48 06710202549E47FE1A712A857C95D87B 3092 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-11-14 03:29:15 AD7985A8445DD29094ADC1074E975EF9 920 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 03:29:15 199E686576C403C6259991698705B2A1 3892 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 03:29:14 93ACAD69BCF12D1B16A8AD3F8252E46C 916 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 03:29:14 482C3564532F739970145BEDAF76B3F0 3656 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 02:31:10 D96BEA37E85FEB5C328C596041B9E1B9 3600 ----a-w- C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4070813323-3721601472-3593959141-1001
2014-11-14 02:28:32 DE93297DDB7BEDD78AA338E54C6008C7 2992 ----a-w- C:\Windows\Sysnative\Tasks\EXPERTool
2014-11-14 02:24:33 -------- d-----w- C:\Windows\Sysnative\Tasks\WPD
2014-11-14 02:22:22 CBAB4F322A53D89A2886AB651CEDF7C5 3706 ----a-w- C:\Windows\Sysnative\Tasks\AutoPico Daily Restart
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-12-04 02:32:31 -------- d-----w- C:\Program Files\Ventrilo
2014-11-14 23:33:15 -------- d-----w- C:\Program Files\Reference Assemblies
2014-11-14 23:33:15 -------- d-----w- C:\Program Files\MSBuild
2014-11-14 07:28:43 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-11-14 03:28:45 -------- d-----w- C:\Program Files\Realtek
2014-11-14 03:26:36 -------- d-----w- C:\Program Files\Intel
2014-11-14 02:30:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-11-14 02:22:22 -------- d-----w- C:\Program Files\KMSpico
======= C:\PROGRA~2 =====
2014-12-04 02:31:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-11-18 02:02:08 -------- d-----w- C:\PROGRA~2\Corsair
2014-11-17 13:46:56 -------- d--h--w- C:\PROGRA~2\COMMON~1\EAInstaller
2014-11-16 22:56:28 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype
2014-11-16 22:56:27 -------- d-----r- C:\PROGRA~2\Skype
2014-11-16 10:23:50 -------- d-----w- C:\PROGRA~2\COMMON~1\Blizzard Entertainment
2014-11-16 09:41:56 -------- d-----w- C:\PROGRA~2\HD Tune Pro
2014-11-14 23:33:16 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2014-11-14 23:33:16 -------- d-----w- C:\PROGRA~2\MSBuild
2014-11-14 11:02:37 -------- d-----w- C:\PROGRA~2\SystemRequirementsLab
2014-11-14 10:37:22 -------- d-----w- C:\PROGRA~2\Samsung Magician
2014-11-14 04:32:04 -------- d-----w- C:\PROGRA~2\League of Legends
2014-11-14 04:25:43 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2014-11-14 04:25:36 -------- d-----w- C:\PROGRA~2\Java
2014-11-14 04:22:26 -------- d-----w- C:\PROGRA~2\COMMON~1\Steam
2014-11-14 03:30:17 -------- d-----w- C:\PROGRA~2\COMMON~1\PostureAgent
2014-11-14 03:30:11 -------- d-----w- C:\PROGRA~2\Intel
2014-11-14 03:29:14 -------- d-----w- C:\PROGRA~2\Google
2014-11-14 03:27:34 -------- d--h--w- C:\PROGRA~2\Temp
2014-11-14 03:27:29 -------- d-----w- C:\PROGRA~2\COMMON~1\InstallShield
2014-11-14 03:26:43 -------- d-----w- C:\PROGRA~2\Realtek
2014-11-14 03:26:25 -------- d-----w- C:\PROGRA~2\MSI
2014-11-14 03:21:55 -------- d-----w- C:\PROGRA~2\NVIDIA Corporation
2014-11-14 03:15:58 -------- d-----w- C:\PROGRA~2\Samsung
2014-11-14 03:08:16 -------- d-----w- C:\PROGRA~2\COMMON~1\Nikon
2014-11-14 02:31:50 -------- d--h--w- C:\PROGRA~2\InstallShield Installation Information
2014-11-14 02:28:31 -------- d-----w- C:\PROGRA~2\EXPERTool
======= C: =====
====== C:\Users\Kuthe\AppData\Roaming ======
2014-12-07 07:45:27 -------- d-----w- C:\Users\Kuthe\AppData\Local\THQ
2014-12-06 10:51:55 -------- d-----w- C:\Users\Kuthe\AppData\Local\Blizzard
2014-12-04 02:32:44 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Ventrilo
2014-12-04 02:32:32 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2014-12-03 10:44:16 -------- d-sh--w- C:\Users\Kuthe\AppData\Locallow\EmieUserList
2014-12-03 10:44:16 -------- d-sh--w- C:\Users\Kuthe\AppData\Locallow\EmieBrowserModeList
2014-12-03 10:44:03 -------- d-sh--w- C:\Users\Kuthe\AppData\Local\EmieUserList
2014-12-03 10:44:03 -------- d-sh--w- C:\Users\Kuthe\AppData\Local\EmieSiteList
2014-12-03 10:44:03 -------- d-sh--w- C:\Users\Kuthe\AppData\Local\EmieBrowserModeList
2014-12-03 10:44:00 -------- d-sh--w- C:\Users\Kuthe\AppData\Locallow\EmieSiteList
2014-12-01 12:15:19 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-11-30 21:11:54 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-11-30 12:07:39 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\CrashDumps
2014-11-18 02:03:28 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Corsair
2014-11-18 02:03:28 -------- d-----w- C:\Users\Kuthe\AppData\Local\Corsair
2014-11-18 00:40:47 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-11-16 22:56:30 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Skype
2014-11-16 22:56:30 -------- d-----w- C:\Users\Kuthe\AppData\Local\Skype
2014-11-16 15:10:25 4E5B953322D4ECAEE558AA468A83CEA1 1200968 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-11-16 11:55:20 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Curse Advertising
2014-11-16 11:55:10 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Apps
2014-11-16 11:55:10 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-11-16 11:54:30 -------- d-----w- C:\Users\Kuthe\AppData\Local\Deployment
2014-11-16 11:54:30 -------- d-----w- C:\Users\Kuthe\AppData\Local\Apps
2014-11-16 09:56:19 -------- d-----w- C:\Users\Kuthe\AppData\Local\ElevatedDiagnostics
2014-11-16 09:51:14 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Origin
2014-11-16 09:51:12 -------- d-----w- C:\Users\Kuthe\AppData\Local\Origin
2014-11-16 09:41:59 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\HD Tune Pro
2014-11-14 23:08:59 -------- d-----w- C:\Users\Kuthe\AppData\Local\Diagnostics
2014-11-14 22:38:02 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2014-11-14 11:05:45 -------- d-----w- C:\Users\Kuthe\AppData\Local\Intel_Corporation
2014-11-14 10:41:22 -------- d-----w- C:\Users\Kuthe\AppData\Local\Blizzard Entertainment
2014-11-14 10:41:17 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Battle.net
2014-11-14 10:41:17 -------- d-----w- C:\Users\Kuthe\AppData\Local\Battle.net
2014-11-14 10:33:45 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\LolClient
2014-11-14 07:40:16 -------- d-----w- C:\Users\Default\AppData\Local\Google
2014-11-14 07:40:16 -------- d-----w- C:\Users\Default User\AppData\Local\Google
2014-11-14 07:34:26 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google
2014-11-14 07:26:28 -------- d-s---w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2014-11-14 04:21:43 -------- d-----w- C:\Users\Kuthe\AppData\Local\Ubisoft Game Launcher
2014-11-14 04:21:00 -------- d-----w- C:\Users\Kuthe\AppData\Locallow\Sun
2014-11-14 04:19:00 -------- d-s---w- C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2014-11-14 04:17:40 -------- d-s---w- C:\Users\Kuthe\AppData\Locallow\Microsoft
2014-11-14 04:16:49 -------- d-s---w- C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Microsoft
2014-11-14 03:33:12 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\NVIDIA
2014-11-14 03:33:11 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\CyberLink
2014-11-14 03:32:56 -------- d-----w- C:\Users\Kuthe\AppData\Local\Power2Go8
2014-11-14 03:29:51 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2014-11-14 03:29:14 -------- d-----w- C:\Users\Kuthe\AppData\Local\Google
2014-11-14 03:22:39 -------- d-----w- C:\Users\Kuthe\AppData\Local\NVIDIA Corporation
2014-11-14 03:22:39 -------- d-----w- C:\Users\Kuthe\AppData\Local\NVIDIA
2014-11-14 02:31:00 -------- d-s---w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft
2014-11-14 02:28:31 -------- d-----w- C:\Users\Kuthe\AppData\Local\Programs
2014-11-14 02:24:31 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Adobe
2014-11-14 02:24:31 -------- d-----w- C:\Users\Kuthe\AppData\Local\VirtualStore
2014-11-14 02:24:31 -------- d-----r- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-11-14 02:24:31 -------- d-----r- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-11-14 02:24:27 -------- d-----w- C:\Users\Kuthe\AppData\Local\Packages
2014-11-14 02:24:26 -------- d-s---w- C:\Users\Kuthe\AppData\Roaming\Microsoft
2014-11-14 02:24:26 -------- d-----w- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-14 02:24:26 -------- d-----w- C:\Users\Kuthe\AppData\Local\Temp
2014-11-14 02:24:26 -------- d-----w- C:\Users\Kuthe\AppData\Local\Microsoft
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-14 02:22:22 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-11-14 02:21:52 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages
====== C:\Users\Kuthe ======
2014-12-07 13:22:12 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Users\Kuthe\Desktop\mbar-1.08.2.1001.exe
2014-12-07 12:47:52 2F3CC1F69C009EC8F616B824442F6FDA 2119680 ----a-w- C:\Users\Kuthe\Desktop\FRST64.exe
2014-12-04 02:31:35 BF048C561E8FC17E5E018FB65F5614E1 4135696 ----a-w- C:\Users\Kuthe\Downloads\ventrilo-3.0.8-Windows-x64.exe
2014-12-03 00:39:38 23DEAC9FBE97193CEC07942B6115CE31 28115400 ----a-w- C:\Users\Kuthe\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2014-12-02 11:43:32 -------- d-----w- C:\ProgramData\EA Core
2014-12-01 11:59:04 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-17 14:34:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2014-11-17 14:30:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-17 13:54:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-11-17 13:10:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2014-11-16 22:56:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-16 22:56:26 -------- d-----w- C:\ProgramData\Skype
2014-11-16 10:23:50 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-16 10:04:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-16 09:50:42 -------- d-----w- C:\ProgramData\Origin
2014-11-16 09:50:42 -------- d-----w- C:\ProgramData\Electronic Arts
2014-11-16 09:41:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2014-11-14 11:13:53 -------- d-----w- C:\Users\Kuthe\jagexcache
2014-11-14 11:02:37 -------- d-----w- C:\ProgramData\SystemRequirementsLab
2014-11-14 10:41:17 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-11-14 10:37:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-11-14 10:33:33 -------- d-----w- C:\ProgramData\Riot Games
2014-11-14 07:28:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-11-14 04:30:08 -------- d-----w- C:\ProgramData\Battle.net
2014-11-14 04:25:43 -------- d-----w- C:\ProgramData\Sun
2014-11-14 04:25:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-14 04:25:38 -------- d-----w- C:\ProgramData\Oracle
2014-11-14 04:22:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-14 03:30:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2014-11-14 03:30:11 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\Intel
2014-11-14 03:30:11 -------- d-----w- C:\ProgramData\Intel
2014-11-14 03:29:58 -------- d-----w- C:\Users\Kuthe\Intel
2014-11-14 03:29:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-14 03:22:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-14 03:22:08 -------- d-----w- C:\ProgramData\NVIDIA
2014-11-14 03:21:57 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-11-14 03:15:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-14 03:12:57 -------- d-----w- C:\ProgramData\Samsung
2014-11-14 03:05:50 -------- d-----w- C:\ProgramData\install_clap
2014-11-14 03:04:26 -------- d-----w- C:\ProgramData\Temp
2014-11-14 03:04:07 -------- d-----w- C:\ProgramData\CyberLink
2014-11-14 02:28:32 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool
2014-11-14 02:24:31 -------- d-----r- C:\Users\Kuthe\Searches
2014-11-14 02:24:31 -------- d-----r- C:\Users\Kuthe\Contacts
2014-11-14 02:24:26 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Kuthe\ntuser.ini
2014-11-14 02:24:26 -------- d--h--w- C:\Users\Kuthe\AppData
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Videos
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Saved Games
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Pictures
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Music
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Links
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Favorites
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Downloads
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Documents
2014-11-14 02:24:26 -------- d-----r- C:\Users\Kuthe\Desktop

====== C: exe-files ==
2014-12-07 13:23:03 FAB83053CAE661446491946824E843CC 821560 ----a-w- C:\Users\Kuthe\Desktop\mbar\Plugins\fixdamage.exe
2014-12-07 13:23:03 EACCC127C05090878AC0153FA17C4E65 54072 ----a-w- C:\Users\Kuthe\Desktop\mbar\mbamdor.exe
2014-12-07 13:23:03 2E65369E31EC7B7C95ABCD5516A06B5F 1216824 ----a-w- C:\Users\Kuthe\Desktop\mbar\mbar.exe
2014-12-07 13:22:12 F92CE6E6B3A0AB75E48D9A6BE9DDB550 16448208 ----a-w- C:\Users\Kuthe\Desktop\mbar-1.08.2.1001.exe
2014-12-07 12:47:52 2F3CC1F69C009EC8F616B824442F6FDA 2119680 ----a-w- C:\Users\Kuthe\Desktop\FRST64.exe
2014-12-05 14:51:00 99CD14EFE0F5A39FD6FA63B0D62F5E88 4451032 ----a-w- C:\Users\Kuthe\AppData\Local\NVIDIA\NvBackend\Packages\00006942\DAO.19113547.exe
2014-12-05 14:51:00 053A3499F9FA53C8CA808033C0F2B8E2 429800 ----a-w- C:\Users\Kuthe\AppData\Local\NVIDIA\NvBackend\Packages\00006943\CoProc update.19113656.exe
2014-12-04 02:31:35 BF048C561E8FC17E5E018FB65F5614E1 4135696 ----a-w- C:\Users\Kuthe\Downloads\ventrilo-3.0.8-Windows-x64.exe
2014-12-03 00:39:38 23DEAC9FBE97193CEC07942B6115CE31 28115400 ----a-w- C:\Users\Kuthe\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-4070813323-3721601472-3593959141-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="C:\Program Files (x86)\EXPERTool\TBPanel.exe /A"
"Akamai NetSession Interface"="C:\Users\Kuthe\AppData\Local\Akamai\netsession_win.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Super Charger"="C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"Corsair Utility Engine"="C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe --autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="C:\Program Files (x86)\EXPERTool\TBPanel.exe /A"
"Akamai NetSession Interface"="C:\Users\Kuthe\AppData\Local\Akamai\netsession_win.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"ISCT Tray"="C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"

==== Startup Folders ======================

2014-11-14 10:37:26 1760 ----a-w- C:\Users\Kuthe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [30/11/2014 04:41 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/11/2014 02:29 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/11/2014 02:29 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"]
"C:\Windows\SysNative\tasks\EXPERTool" [C:\Program Files (x86)\EXPERTool\TBPanel.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SamsungMagician" ["C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{B1471B66-7717-4090-A6A8-2DA7BD8D0A7F}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [01/12/2014 11:15 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

Google Voice Search Hotword (Beta) - Kuthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
SiteAdvisor - Kuthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
AdBlock - Kuthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Into The Mist - Kuthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh
Google Wallet - Kuthe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Chromium Fix ======================

C:\Users\Kuthe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kuthe\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Kuthe\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Kuthe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=26 folders=25 24296470 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Kuthe\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Kuthe\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 09/12/2014 at 0:05:49.73 ======================
 
K

Kuthe93

New Member
Thread author
Verified
Nov 20, 2014
16
Mmm, okay. So I should just ignore seeing the Com surrogate in task manager, I suppose it's always going to bother me, but if you're sure it won't be doing anything, I can live with it being there.
 

Similar threads

N
Advice Request Looking for software Forum Additive like software (forum topic tracker) or Firefox addon?
Replies
3
Views
927
Other software
ng4ever
N
S
  • Locked
COM Surrogate eats 20% of CPU. And I don't know if its that a virus or not. Could anyone help me?
Replies
1
Views
933
Windows Malware Removal Help & Support
nasdaq
nasdaq
B
  • Locked
Site being blocked by Sky and Virgin - HELP
Replies
2
Views
381
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top