TechSpot

[A] Sirefef virus infection.

Inactive
By Jerevicious
Jul 29, 2012
  1. Hey all. I, like a number of people have gotten hit by this virus. I'm getting the error where it says windows has a critical error and will restart in one minute. I downloaded frst64 and ran that and also did the search for services.txt. I'll c/p them now. Thanks so much in advance.

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 29-07-2012 11:14:01
    Running from D:\Tools
    Windows 7 Enterprise (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [855608 2007-09-26] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe [1662976 2007-08-29] (D-Link)
    HKLM-x32\...\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\TGizz\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [369200 2009-10-30] (DT Soft Ltd)
    HKU\TGizz\...\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLA.EXE /FU "C:\Windows\TEMP\E_SA9B3.tmp" /EF "HKCU" [213504 2007-03-30] (SEIKO EPSON CORPORATION)
    HKU\TGizz\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\TGizz\...\Run: [Google Update] "C:\Users\TGizz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-03-22] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ==================== Services (Whitelisted) ======

    4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    3 A3AB; C:\Windows\System32\DRIVERS\A3ABvx.sys [924672 2007-08-02] (D-Link Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-21] (Duplex Secure Ltd.)
    3 ALSysIO; \??\C:\Users\TGizz\AppData\Local\Temp\ALSysIO64.sys [x]
    3 dump_wmimmc; \??\C:\Games\Pangya\GameGuard\dump_wmimmc.sys [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-29 11:13 - 2012-07-29 11:14 - 00000000 ____D C:\FRST
    2012-07-29 01:05 - 2012-07-29 01:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96207E9719CBEB45
    2012-07-29 01:02 - 2012-07-29 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD424564394946
    2012-07-29 00:58 - 2012-07-29 00:59 - 00001270 ____A C:\Users\TGizz\Desktop\shutdown.exe (2).lnk
    2012-07-29 00:58 - 2012-07-29 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.657AAC65192604D9
    2012-07-29 00:55 - 2012-07-29 00:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCBD345DF1523588
    2012-07-29 00:55 - 2012-07-29 00:55 - 00001270 ____A C:\Users\TGizz\Desktop\shutdown.exe.lnk
    2012-07-29 00:52 - 2012-07-29 00:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2DE491674F1AE16
    2012-07-29 00:49 - 2012-07-29 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8229C7916A950F5C
    2012-07-29 00:40 - 2012-07-29 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E9B4693BD17E645
    2012-07-29 00:37 - 2012-07-29 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A96C8E1B1E6E8B4
    2012-07-29 00:29 - 2012-07-29 00:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FC008249AAB82B0
    2012-07-29 00:17 - 2012-07-29 00:17 - 00730464 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-29 00:17 - 2012-07-29 00:17 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-29 00:17 - 2012-07-29 00:17 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-29 00:17 - 2012-07-29 00:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-29 00:15 - 2012-07-29 00:15 - 12621696 ____A (Microsoft Corporation) C:\Users\TGizz\Downloads\mseinstall.exe
    2012-07-28 22:17 - 2012-07-28 22:17 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-28 21:46 - 2012-07-28 21:46 - 00285512 ____A C:\Windows\Minidump\072912-35037-01.dmp
    2012-07-28 21:42 - 2012-07-28 21:43 - 00292184 ____A C:\Windows\Minidump\072912-31200-01.dmp
    2012-07-27 23:12 - 2012-07-27 23:12 - 06723616 ____A (Adobe Systems Inc.) C:\Users\TGizz\Downloads\Shockwave_Installer_Slim.exe
    2012-07-27 22:55 - 2012-07-27 22:55 - 00000000 ____D C:\Users\TGizz\Documents\My Games
    2012-07-27 22:54 - 2012-07-27 22:54 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
    2012-07-27 22:54 - 2012-07-27 22:54 - 00000000 ____D C:\Program Files (x86)\Grinding Gear Games
    2012-07-25 18:59 - 2012-07-25 18:59 - 06603776 ____A C:\Users\TGizz\Downloads\PathOfExileInstaller.msi
    2012-07-17 00:24 - 2012-07-17 00:24 - 00003947 ____A C:\Users\TGizz\Downloads\DIABLO 3.TXT
    2012-07-14 17:30 - 2012-07-14 17:30 - 00292184 ____A C:\Windows\Minidump\071412-36317-01.dmp
    2012-07-11 15:18 - 2012-07-11 15:18 - 00651538 ____A C:\Users\TGizz\Downloads\Unconfirmed 9862.crdownload
    2012-07-11 00:12 - 2012-07-11 00:14 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
    2012-07-11 00:12 - 2012-07-11 00:12 - 00001068 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-08 13:56 - 2012-07-08 13:56 - 32409936 ____A C:\Users\TGizz\Downloads\WOW-4.3.4.15050-enUS-Trial.exe
    2012-07-03 01:22 - 2012-07-03 01:22 - 00292184 ____A C:\Windows\Minidump\070312-39265-01.dmp

    ============ 3 Months Modified Files ========================

    2012-07-29 07:08 - 2012-05-29 20:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000UA.job
    2012-07-29 07:07 - 2010-06-30 11:55 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-29 07:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-29 07:06 - 2011-05-14 21:00 - 00004491 ____A C:\Windows\setupact.log
    2012-07-29 01:05 - 2012-07-29 01:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.96207E9719CBEB45
    2012-07-29 01:02 - 2012-07-29 01:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28CD424564394946
    2012-07-29 00:59 - 2012-07-29 00:58 - 00001270 ____A C:\Users\TGizz\Desktop\shutdown.exe (2).lnk
    2012-07-29 00:58 - 2012-07-29 00:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.657AAC65192604D9
    2012-07-29 00:55 - 2012-07-29 00:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCBD345DF1523588
    2012-07-29 00:55 - 2012-07-29 00:55 - 00001270 ____A C:\Users\TGizz\Desktop\shutdown.exe.lnk
    2012-07-29 00:52 - 2012-07-29 00:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2DE491674F1AE16
    2012-07-29 00:49 - 2012-07-29 00:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8229C7916A950F5C
    2012-07-29 00:45 - 2010-06-30 11:55 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-29 00:44 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-07-29 00:40 - 2012-07-29 00:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3E9B4693BD17E645
    2012-07-29 00:37 - 2012-07-29 00:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4A96C8E1B1E6E8B4
    2012-07-29 00:31 - 2011-07-23 17:33 - 00010596 ____A C:\Windows\PFRO.log
    2012-07-29 00:29 - 2012-07-29 00:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7FC008249AAB82B0
    2012-07-29 00:18 - 2010-03-14 21:37 - 00445799 ____A C:\Windows\WindowsUpdate.log
    2012-07-29 00:17 - 2012-07-29 00:17 - 00730464 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-29 00:17 - 2012-07-29 00:17 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-07-29 00:15 - 2012-07-29 00:15 - 12621696 ____A (Microsoft Corporation) C:\Users\TGizz\Downloads\mseinstall.exe
    2012-07-28 21:53 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-28 21:53 - 2009-07-13 20:45 - 00015136 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-28 21:52 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-28 21:46 - 2012-07-28 21:46 - 00285512 ____A C:\Windows\Minidump\072912-35037-01.dmp
    2012-07-28 21:46 - 2011-07-23 17:33 - 347942359 ____A C:\Windows\MEMORY.DMP
    2012-07-28 21:43 - 2012-07-28 21:42 - 00292184 ____A C:\Windows\Minidump\072912-31200-01.dmp
    2012-07-28 02:07 - 2012-05-29 20:57 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000Core.job
    2012-07-27 23:12 - 2012-07-27 23:12 - 06723616 ____A (Adobe Systems Inc.) C:\Users\TGizz\Downloads\Shockwave_Installer_Slim.exe
    2012-07-27 22:54 - 2012-07-27 22:54 - 00002106 ____A C:\Users\Public\Desktop\Path of Exile.lnk
    2012-07-25 18:59 - 2012-07-25 18:59 - 06603776 ____A C:\Users\TGizz\Downloads\PathOfExileInstaller.msi
    2012-07-17 00:24 - 2012-07-17 00:24 - 00003947 ____A C:\Users\TGizz\Downloads\DIABLO 3.TXT
    2012-07-14 17:30 - 2012-07-14 17:30 - 00292184 ____A C:\Windows\Minidump\071412-36317-01.dmp
    2012-07-11 19:04 - 2012-05-29 20:57 - 00002401 ____A C:\Users\TGizz\Desktop\Google Chrome.lnk
    2012-07-11 15:18 - 2012-07-11 15:18 - 00651538 ____A C:\Users\TGizz\Downloads\Unconfirmed 9862.crdownload
    2012-07-11 00:12 - 2012-07-11 00:12 - 00001068 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-07-08 13:56 - 2012-07-08 13:56 - 32409936 ____A C:\Users\TGizz\Downloads\WOW-4.3.4.15050-enUS-Trial.exe
    2012-07-08 13:37 - 2012-06-08 19:14 - 00029184 __ASH C:\Users\TGizz\Documents\Thumbs.db
    2012-07-03 09:46 - 2010-03-14 19:29 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 01:22 - 2012-07-03 01:22 - 00292184 ____A C:\Windows\Minidump\070312-39265-01.dmp
    2012-06-15 07:13 - 2012-06-15 07:13 - 00019397 ____A C:\Users\TGizz\Downloads\Rock_Band_Unplugged_USA_REPACK_PSP-pSyPSP.torrent
    2012-06-13 12:05 - 2012-06-13 12:05 - 00666724 ____A C:\Users\TGizz\Downloads\Lollipop.Chainsaw.XBOX360-SPARE.torrent
    2012-06-01 10:25 - 2012-06-01 10:25 - 22267083 ____A C:\Users\TGizz\Downloads\Diablo III Extreme Theme by VikiTech.zip
    2012-06-01 01:16 - 2012-06-01 01:16 - 11639286 ____A C:\Users\TGizz\Downloads\Diablo3.themepack.exe
    2012-06-01 01:16 - 2012-06-01 01:16 - 11639286 ____A C:\Users\TGizz\Downloads\Diablo3.themepack (1).exe
    2012-05-29 20:46 - 2012-05-29 20:47 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-05-29 20:46 - 2012-05-29 20:47 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-05-14 23:06 - 2012-05-14 23:06 - 00000000 ____A C:\Users\TGizz\Desktop\New Text Document.txt
    2012-05-14 19:09 - 2012-05-14 18:53 - 00000894 ____A C:\Users\Public\Desktop\Diablo III.lnk
    2012-05-13 22:14 - 2012-05-13 22:14 - 07336648 ____A (Blizzard Entertainment) C:\Users\TGizz\Downloads\Diablo-III-8370-enUS-Installer-downloader.exe
    2012-05-13 21:34 - 2012-05-13 21:34 - 04815840 ____A (Make The Cut, LLC.) C:\Users\TGizz\Downloads\iRinger.exe
    2012-05-01 17:57 - 2012-05-01 17:57 - 00013429 ____A C:\Users\TGizz\Downloads\epic-meal-time-Bacon-Strips.m4r
    2012-05-01 17:54 - 2012-05-01 17:54 - 00027697 ____A C:\Users\TGizz\Downloads\old-spice-whistle.m4r

    ZeroAccess:
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}\@
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}\L
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}\U
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}\U\00000001.@
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82}\U\800000cb.@

    Possible partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 13%
    Total physical RAM: 4095.05 MB
    Available physical RAM: 3537.86 MB
    Total Pagefile: 4093.2 MB
    Available Pagefile: 3521.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:269.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Removable) (Total:7.53 GB) (Free:7.52 GB) FAT32
    3 Drive e: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
    5 Drive g: (DVD_ROM) (CDROM) (Total:0.18 GB) (Free:0 GB) UDF
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 7712 MB 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 E NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 7712 MB 0 B

    ==================================================================================

    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-08 02:20

    ======================= End Of Log ==========================




    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 11:15:26
    Running from D:\Tools

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-07-29 00:44] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  3. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Hi, Broni. Thank you so much. Here is the fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 12:08:12 Run:2
    Running from F:\Tools

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.96207E9719CBEB45 not found.
    C:\Windows\System32\services.exe.28CD424564394946 not found.
    C:\Users\TGizz\Desktop\shutdown.exe (2).lnk not found.
    C:\Windows\System32\services.exe.657AAC65192604D9 not found.
    C:\Windows\System32\services.exe.DCBD345DF1523588 not found.
    C:\Users\TGizz\Desktop\shutdown.exe.lnk not found.
    C:\Windows\System32\services.exe.B2DE491674F1AE16 not found.
    C:\Windows\System32\services.exe.8229C7916A950F5C not found.
    C:\Windows\System32\services.exe.3E9B4693BD17E645 not found.
    C:\Windows\System32\services.exe.4A96C8E1B1E6E8B4 not found.
    C:\Windows\System32\services.exe.7FC008249AAB82B0 not found.
    C:\Windows\Installer\{2c09a3b0-5747-e3af-45e1-05c244adca82} moved successfully.
    C:\Windows\svchost.exe not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    Now. I downloaded ComboFix and attempted to run it. It's saying it had detected the following real time scanners:

    AVG Anti-Virus Free Edition 2012

    The thing is, I already uninstalled AVG. I switched to MSE instead. If I do a search on my PC, nothing for AVG comes up, and it's not in control panel. Combofix says to disable these scanners before I hit ok. There's nothing to disable..... I didn't hit OK yet, I figured I'd ask you. Thanks.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Go ahead and run Combofix anyway.
     
  5. Jerevicious

    Jerevicious TS Rookie Topic Starter

    I was going to run it, but I wasn't sure, so I asked :) Here's the combofix log:

    ComboFix 12-07-29.02 - TGizz 07/29/2012 13:43:53.1.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4095.3246 [GMT -4:00]
    Running from: c:\users\TGizz\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\TGizz\196.34_desktop_win7_winvista_64bit_english_beta.exe
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-29 19:13 . 2012-07-29 19:14 -------- d-----w- C:\FRST
    2012-07-29 17:51 . 2012-07-29 17:51 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D7E739-E0A2-4C03-B8AD-15AA484A5DF4}\offreg.dll
    2012-07-29 17:49 . 2012-07-29 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-29 08:18 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22839B2D-09BA-4526-8928-E63D9EB59D31}\gapaengine.dll
    2012-07-29 08:18 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D7E739-E0A2-4C03-B8AD-15AA484A5DF4}\mpengine.dll
    2012-07-29 08:17 . 2012-07-29 08:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-29 08:17 . 2012-07-29 08:17 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-29 06:17 . 2012-07-29 06:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-28 06:54 . 2012-07-28 06:54 -------- d-----w- c:\program files (x86)\Grinding Gear Games
    2012-07-11 08:12 . 2012-07-11 08:14 -------- d-----w- c:\program files (x86)\World of Warcraft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 17:46 . 2010-03-15 03:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "D-Link RangeBooster G WDA-2320"="c:\program files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976]
    "ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 136176]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3ABvx.sys [2007-08-02 924672]
    R3 ALSysIO;ALSysIO;c:\users\TGizz\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\games\Pangya\GameGuard\dump_wmimmc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 834544]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 19:55]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 19:55]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000Core.job
    - c:\users\TGizz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 22:35]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000UA.job
    - c:\users\TGizz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 22:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\TGizz\AppData\Roaming\Mozilla\Firefox\Profiles\f5eond7y.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3568411142-4073580314-4145923839-1000\Software\SecuROM\License information*]
    "datasecu"=hex:6d,19,ad,42,de,53,e0,ea,2a,3f,58,51,67,78,01,a3,28,9f,a5,1a,ec,
    8c,16,d6,5c,8e,b1,bb,37,75,de,4c,df,e2,e7,7b,85,99,17,b3,77,16,f6,9d,43,46,\
    "rkeysecu"=hex:f0,46,92,75,6a,dc,03,c9,b3,72,2c,cf,68,42,31,a0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-29 14:04:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-29 18:04
    .
    Pre-Run: 290,253,205,504 bytes free
    Post-Run: 290,054,676,480 bytes free
    .
    - - End Of File - - 3BB74CD89D5BC7DA897A18CB52B65E95
     
  6. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Looks good :)

    Any current issues?

    ===============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Thanks again!. Nothing so far. MBAM did find a couple things though. MBAM log first:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    TGizz :: POSEIDON [administrator]

    7/29/2012 2:15:48 PM
    mbam-log-2012-07-29 (14-15-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193112
    Time elapsed: 2 minute(s), 18 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3932 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\TGizz\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    Now, OTL.txt:

    OTL logfile created on: 7/29/2012 2:23:41 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TGizz\Desktop
    64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.34% Memory free
    8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 357.11 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
    Drive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFS
    Drive E: | 183.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 7.53 Gb Total Space | 7.52 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

    Computer Name: POSEIDON | User Name: TGizz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/29 14:21:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TGizz\Desktop\OTL.exe
    PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
    PRC - [2009/06/04 17:48:22 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2007/08/29 15:15:42 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
    PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/08/20 17:41:12 | 000,233,472 | ---- | M] () -- C:\Windows\SysWOW64\WlanApp.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/06/04 17:48:20 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/18 00:14:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/02/15 12:44:00 | 003,473,644 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/03/22 03:40:22 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/14 14:14:16 | 000,097,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/05/14 14:14:14 | 000,131,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/05/14 14:14:10 | 000,019,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/04/07 19:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2007/08/02 14:56:40 | 000,924,672 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\A3ABvx.sys -- (A3AB)
    DRV:64bit: - [2007/02/26 21:15:20 | 000,092,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/01/04 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F C0 51 81 8A 7C CC 01 [binary data]
    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: unplug@compunach:2.026
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TGizz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TGizz\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 00:14:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/30 00:47:49 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 00:14:28 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/30 00:47:49 | 000,000,000 | ---D | M]

    [2010/03/14 23:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TGizz\AppData\Roaming\Mozilla\Extensions
    [2012/05/19 05:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TGizz\AppData\Roaming\Mozilla\Firefox\Profiles\f5eond7y.default\extensions
    [2012/04/21 05:07:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\TGizz\AppData\Roaming\Mozilla\Firefox\Profiles\f5eond7y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/05/19 05:35:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\TGizz\AppData\Roaming\Mozilla\Firefox\Profiles\f5eond7y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2012/04/20 23:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/04/20 23:34:17 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\TGIZZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5EOND7Y.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2012/04/20 23:34:16 | 000,145,972 | ---- | M] () (No name found) -- C:\USERS\TGIZZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5EOND7Y.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
    [2012/06/18 00:14:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/20 23:33:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 23:33:13 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\TGizz\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TGizz\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TGizz\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\TGizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\TGizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\TGizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\TGizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/29 13:52:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [D-Link RangeBooster G WDA-2320] C:\Program Files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe (D-Link)
    O4 - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3568411142-4073580314-4145923839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C3EA092-80AC-495E-912A-5EF327BDAF83}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/29 15:13:54 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/29 14:22:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\TGizz\Desktop\OTL.exe
    [2012/07/29 14:10:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/29 14:04:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 13:41:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 13:41:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 13:41:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 12:13:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 12:13:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 04:23:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/29 04:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/07/29 04:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/07/29 02:17:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/07/28 02:55:51 | 000,000,000 | ---D | C] -- C:\Users\TGizz\Documents\My Games
    [2012/07/28 02:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
    [2012/07/28 02:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games
    [2012/07/11 04:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    [2012/07/11 04:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/29 14:28:34 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 14:28:34 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/29 14:23:39 | 000,717,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/29 14:23:39 | 000,617,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/29 14:23:39 | 000,104,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/29 14:21:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\TGizz\Desktop\OTL.exe
    [2012/07/29 14:21:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/29 14:21:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/29 14:21:02 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/29 14:07:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000UA.job
    [2012/07/29 13:52:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/29 13:45:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/29 12:03:38 | 310,676,951 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/29 04:17:53 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/07/29 04:17:22 | 000,730,464 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/28 06:07:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000Core.job
    [2012/07/28 02:54:59 | 000,002,106 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk
    [2012/07/08 17:34:40 | 000,082,432 | ---- | M] () -- C:\Users\TGizz\Documents\shield.png
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/29 13:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 13:41:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 13:41:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 13:41:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 13:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/29 04:17:53 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2012/07/29 04:17:39 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/29 04:17:22 | 000,730,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/28 02:54:59 | 000,002,106 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk
    [2012/07/08 17:34:40 | 000,082,432 | ---- | C] () -- C:\Users\TGizz\Documents\shield.png
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/01/03 03:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
    [2009/07/13 19:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{2c09a3b0-5747-e3af-45e1-05c244adca82}\@
    [2009/07/13 19:22:13 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{2c09a3b0-5747-e3af-45e1-05c244adca82}\@

    ========== LOP Check ==========

    [2012/05/06 01:38:19 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\abgx360
    [2011/05/09 13:01:32 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\Azureus
    [2010/03/22 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\DAEMON Tools Lite
    [2010/09/21 00:55:00 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\DiskAid
    [2010/05/03 16:58:44 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\DJ Hackers
    [2010/03/27 03:13:03 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\ImgBurn
    [2010/03/27 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\Leadertech
    [2010/06/17 15:27:50 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\Mp3tag
    [2010/09/20 23:51:47 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\NCH Swift Sound
    [2012/05/30 00:55:45 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\SystemRequirementsLab
    [2012/06/18 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\TGizz\AppData\Roaming\uTorrent
    [2009/07/14 01:08:49 | 000,012,886 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    (C:\Users\TGizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??????????) -- C:\Users\TGizz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\私立さくらんぼ小学校

    < End of report >
     
  8. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Now, Extras.txt:

    OTL Extras logfile created on: 7/29/2012 2:23:41 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\TGizz\Desktop
    64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.85 Gb Available Physical Memory | 71.34% Memory free
    8.00 Gb Paging File | 6.77 Gb Available in Paging File | 84.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 357.11 Gb Free Space | 38.34% Space Free | Partition Type: NTFS
    Drive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFS
    Drive E: | 183.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 7.53 Gb Total Space | 7.52 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

    Computer Name: POSEIDON | User Name: TGizz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3568411142-4073580314-4145923839-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}" = Microsoft Xbox 360 Accessories 1.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
    "CCleaner" = CCleaner
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft Security Client" = Microsoft Security Essentials
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03ABC33C-10B1-400E-B1FA-E817FE98D11C}" = YUME MIRU KUSURI
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
    "{584109EB-CEA0-4954-804B-211000018301}" = Tinker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90C5C0B5-923C-4BE0-9A0C-98266CA6E170}" = Path of Exile
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A0878C51-B88B-4E4C-9061-F95B98290505}" = RangeBooster G WDA-2320
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
    "8461-7759-5462-8226" = Vuze
    "abgx360" = abgx360 v1.0.6
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Diablo III" = Diablo III
    "EPSON Scanner" = EPSON Scan
    "GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
    "GOM Player" = GOM Player
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Mp3tag" = Mp3tag v2.46a
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pangya" = Pangya (Ntreev USA)
    "RealAlt_is1" = Real Alternative 2.0.2
    "StarCraft II" = StarCraft II
    "UnderCoverXP_is1" = UnderCoverXP 1.23
    "uTorrent" = µTorrent
    "WavePad" = WavePad Sound Editor
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3568411142-4073580314-4145923839-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/18/2012 2:51:18 AM | Computer Name = Poseidon | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x32663631 Faulting process id: 0x127c Faulting application
    start time: 0x01cd4d0965ef4ad1 Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 00c8ee72-b912-11e1-b9af-0002762a96eb

    Error - 6/18/2012 3:02:48 AM | Computer Name = Poseidon | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x65313835 Faulting process id: 0x14a4 Faulting application
    start time: 0x01cd4d1ee758b61e Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 9bf7f6d8-b913-11e1-b9af-0002762a96eb

    Error - 7/6/2012 2:55:58 AM | Computer Name = Poseidon | Source = Application Hang | ID = 1002
    Description = The program Diablo III.exe version 1.0.3.10235 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1d94 Start
    Time: 01cd5b445003d099 Termination Time: 8 Application Path: C:\Games\Diablo III\Diablo
    III.exe Report Id: 9477230a-c737-11e1-b873-0002762a96eb

    Error - 7/10/2012 3:49:53 PM | Computer Name = Poseidon | Source = Application Error | ID = 1000
    Description = Faulting application name: Diablo III.exe, version: 1.0.3.10235, time
    stamp: 0x4fe14230 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x00022272 Faulting process
    id: 0x26b4 Faulting application start time: 0x01cd5ed5129376f0 Faulting application
    path: C:\Games\Diablo III\Diablo III.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 6aa299a5-cac8-11e1-b873-0002762a96eb

    Error - 7/14/2012 9:38:26 PM | Computer Name = Poseidon | Source = Application Hang | ID = 1002
    Description = The program Diablo III.exe version 1.0.3.10485 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 4dc Start
    Time: 01cd622a51d05945 Termination Time: 6 Application Path: C:\Games\Diablo III\Diablo
    III.exe Report Id: a5e86f0c-ce1d-11e1-9109-0002762a96eb

    Error - 7/29/2012 4:37:43 AM | Computer Name = Poseidon | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/29/2012 4:40:56 AM | Computer Name = Poseidon | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/29/2012 4:52:30 AM | Computer Name = Poseidon | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/29/2012 5:05:31 AM | Computer Name = Poseidon | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    Error - 7/29/2012 12:05:37 PM | Computer Name = Poseidon | Source = Microsoft-Windows-CAPI2 | ID = 512
    Description = The Cryptographic Services service failed to initialize the VSS backup
    "System Writer" object. Details: Could not query the status of the EventSystem service.

    System
    Error: The RPC server is unavailable. .

    [ System Events ]
    Error - 7/29/2012 12:12:16 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/29/2012 12:12:16 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/29/2012 1:47:45 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/29/2012 1:49:26 PM | Computer Name = Poseidon | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 7/29/2012 1:50:13 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 7/29/2012 1:51:36 PM | Computer Name = Poseidon | Source = BTHUSB | ID = 327685
    Description = The Bluetooth driver expected an HCI event with a certain size but
    did not receive it.

    Error - 7/29/2012 1:51:53 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/29/2012 1:53:13 PM | Computer Name = Poseidon | Source = WMPNetworkSvc | ID = 866300
    Description =

    Error - 7/29/2012 1:57:29 PM | Computer Name = Poseidon | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.

    Error - 7/29/2012 2:21:03 PM | Computer Name = Poseidon | Source = BTHUSB | ID = 327685
    Description = The Bluetooth driver expected an HCI event with a certain size but
    did not receive it.


    < End of report >

    Again, I really appreciate the help with this.
     
  9. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Please re-run MBAM one more time.
     
  10. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    TGizz :: POSEIDON [administrator]

    7/29/2012 2:49:05 PM
    mbam-log-2012-07-29 (14-49-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193141
    Time elapsed: 1 minute(s), 57 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3800 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    svchost.exe keeps coming back.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
     
  12. Jerevicious

    Jerevicious TS Rookie Topic Starter

    15:03:24.0361 2468 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    15:03:24.0606 2468 ============================================================
    15:03:24.0606 2468 Current date / time: 2012/07/29 15:03:24.0606
    15:03:24.0606 2468 SystemInfo:
    15:03:24.0606 2468
    15:03:24.0606 2468 OS Version: 6.1.7600 ServicePack: 0.0
    15:03:24.0606 2468 Product type: Workstation
    15:03:24.0606 2468 ComputerName: POSEIDON
    15:03:24.0606 2468 UserName: TGizz
    15:03:24.0606 2468 Windows directory: C:\Windows
    15:03:24.0606 2468 System windows directory: C:\Windows
    15:03:24.0606 2468 Running under WOW64
    15:03:24.0606 2468 Processor architecture: Intel x64
    15:03:24.0606 2468 Number of processors: 4
    15:03:24.0606 2468 Page size: 0x1000
    15:03:24.0606 2468 Boot type: Normal boot
    15:03:24.0606 2468 ============================================================
    15:03:26.0563 2468 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
    15:03:26.0596 2468 ============================================================
    15:03:26.0596 2468 \Device\Harddisk0\DR0:
    15:03:26.0596 2468 MBR partitions:
    15:03:26.0596 2468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    15:03:26.0596 2468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    15:03:26.0596 2468 ============================================================
    15:03:26.0648 2468 C: <-> \Device\Harddisk0\DR0\Partition1
    15:03:26.0665 2468 D: <-> \Device\Harddisk0\DR0\Partition0
    15:03:26.0665 2468 ============================================================
    15:03:26.0665 2468 Initialize success
    15:03:26.0665 2468 ============================================================
    15:03:36.0189 1592 ============================================================
    15:03:36.0189 1592 Scan started
    15:03:36.0189 1592 Mode: Manual;
    15:03:36.0189 1592 ============================================================
    15:03:40.0023 1592 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    15:03:40.0026 1592 1394ohci - ok
    15:03:40.0108 1592 A3AB (b1503ab6d48ed02319f3d11615d3158d) C:\Windows\system32\DRIVERS\A3ABvx.sys
    15:03:40.0130 1592 A3AB - ok
    15:03:40.0163 1592 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    15:03:40.0167 1592 ACPI - ok
    15:03:40.0181 1592 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    15:03:40.0182 1592 AcpiPmi - ok
    15:03:40.0220 1592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    15:03:40.0230 1592 adp94xx - ok
    15:03:40.0260 1592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    15:03:40.0273 1592 adpahci - ok
    15:03:40.0291 1592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    15:03:40.0297 1592 adpu320 - ok
    15:03:40.0321 1592 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:03:40.0323 1592 AeLookupSvc - ok
    15:03:40.0358 1592 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    15:03:40.0368 1592 AFD - ok
    15:03:40.0376 1592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    15:03:40.0378 1592 agp440 - ok
    15:03:40.0396 1592 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:03:40.0398 1592 ALG - ok
    15:03:40.0411 1592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    15:03:40.0412 1592 aliide - ok
    15:03:40.0495 1592 ALSysIO - ok
    15:03:40.0510 1592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    15:03:40.0511 1592 amdide - ok
    15:03:40.0521 1592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    15:03:40.0522 1592 AmdK8 - ok
    15:03:40.0534 1592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    15:03:40.0536 1592 AmdPPM - ok
    15:03:40.0567 1592 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    15:03:40.0568 1592 amdsata - ok
    15:03:40.0587 1592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    15:03:40.0592 1592 amdsbs - ok
    15:03:40.0651 1592 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    15:03:40.0652 1592 amdxata - ok
    15:03:40.0677 1592 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    15:03:40.0679 1592 AppID - ok
    15:03:40.0704 1592 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:03:40.0705 1592 AppIDSvc - ok
    15:03:40.0721 1592 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    15:03:40.0723 1592 Appinfo - ok
    15:03:40.0818 1592 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:03:40.0820 1592 Apple Mobile Device - ok
    15:03:40.0861 1592 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    15:03:40.0867 1592 AppMgmt - ok
    15:03:40.0888 1592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    15:03:40.0889 1592 arc - ok
    15:03:40.0910 1592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    15:03:40.0911 1592 arcsas - ok
    15:03:40.0936 1592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:03:40.0937 1592 AsyncMac - ok
    15:03:40.0952 1592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    15:03:40.0952 1592 atapi - ok
    15:03:41.0048 1592 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
    15:03:41.0094 1592 athr - ok
    15:03:41.0256 1592 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    15:03:41.0294 1592 AudioEndpointBuilder - ok
    15:03:41.0302 1592 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    15:03:41.0307 1592 AudioSrv - ok
    15:03:41.0354 1592 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    15:03:41.0356 1592 AxInstSV - ok
    15:03:41.0436 1592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    15:03:41.0446 1592 b06bdrv - ok
    15:03:41.0471 1592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:03:41.0486 1592 b57nd60a - ok
    15:03:41.0509 1592 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:03:41.0511 1592 BDESVC - ok
    15:03:41.0536 1592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:03:41.0536 1592 Beep - ok
    15:03:41.0601 1592 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    15:03:41.0620 1592 BFE - ok
    15:03:41.0717 1592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    15:03:41.0718 1592 blbdrive - ok
    15:03:41.0824 1592 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    15:03:41.0834 1592 Bonjour Service - ok
    15:03:41.0860 1592 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    15:03:41.0862 1592 bowser - ok
    15:03:41.0871 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    15:03:41.0872 1592 BrFiltLo - ok
    15:03:41.0884 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    15:03:41.0885 1592 BrFiltUp - ok
    15:03:41.0898 1592 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    15:03:41.0899 1592 BridgeMP - ok
    15:03:41.0915 1592 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    15:03:41.0917 1592 Browser - ok
    15:03:41.0946 1592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:03:41.0958 1592 Brserid - ok
    15:03:41.0987 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:03:41.0988 1592 BrSerWdm - ok
    15:03:42.0000 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:03:42.0001 1592 BrUsbMdm - ok
    15:03:42.0009 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:03:42.0010 1592 BrUsbSer - ok
    15:03:42.0053 1592 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    15:03:42.0054 1592 BthEnum - ok
    15:03:42.0069 1592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    15:03:42.0071 1592 BTHMODEM - ok
    15:03:42.0087 1592 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    15:03:42.0089 1592 BthPan - ok
    15:03:42.0149 1592 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
    15:03:42.0168 1592 BTHPORT - ok
    15:03:42.0187 1592 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:03:42.0189 1592 bthserv - ok
    15:03:42.0237 1592 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
    15:03:42.0238 1592 BTHUSB - ok
    15:03:42.0272 1592 btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
    15:03:42.0273 1592 btwaudio - ok
    15:03:42.0324 1592 btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
    15:03:42.0325 1592 btwavdt - ok
    15:03:42.0418 1592 btwdins (541590dc8948e19f7f9f7c8e2e067d99) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    15:03:42.0432 1592 btwdins - ok
    15:03:42.0451 1592 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
    15:03:42.0451 1592 btwl2cap - ok
    15:03:42.0497 1592 btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
    15:03:42.0498 1592 btwrchid - ok
    15:03:42.0508 1592 catchme - ok
    15:03:42.0533 1592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:03:42.0534 1592 cdfs - ok
    15:03:42.0565 1592 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    15:03:42.0572 1592 cdrom - ok
    15:03:42.0607 1592 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    15:03:42.0609 1592 CertPropSvc - ok
    15:03:42.0628 1592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    15:03:42.0629 1592 circlass - ok
    15:03:42.0658 1592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:03:42.0663 1592 CLFS - ok
    15:03:42.0769 1592 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:03:42.0772 1592 clr_optimization_v2.0.50727_32 - ok
    15:03:42.0830 1592 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:03:42.0833 1592 clr_optimization_v2.0.50727_64 - ok
    15:03:42.0863 1592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:03:42.0864 1592 CmBatt - ok
    15:03:42.0880 1592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    15:03:42.0881 1592 cmdide - ok
    15:03:42.0914 1592 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    15:03:42.0925 1592 CNG - ok
    15:03:42.0936 1592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    15:03:42.0937 1592 Compbatt - ok
    15:03:42.0964 1592 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    15:03:42.0965 1592 CompositeBus - ok
    15:03:42.0969 1592 COMSysApp - ok
    15:03:42.0985 1592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    15:03:42.0986 1592 crcdisk - ok
    15:03:43.0024 1592 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    15:03:43.0031 1592 CryptSvc - ok
    15:03:43.0085 1592 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    15:03:43.0093 1592 CSC - ok
    15:03:43.0159 1592 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
    15:03:43.0179 1592 CscService - ok
    15:03:43.0221 1592 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    15:03:43.0228 1592 DcomLaunch - ok
    15:03:43.0268 1592 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:03:43.0283 1592 defragsvc - ok
    15:03:43.0314 1592 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    15:03:43.0316 1592 DfsC - ok
    15:03:43.0352 1592 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    15:03:43.0366 1592 Dhcp - ok
    15:03:43.0381 1592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:03:43.0383 1592 discache - ok
    15:03:43.0397 1592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    15:03:43.0398 1592 Disk - ok
    15:03:43.0419 1592 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
    15:03:43.0425 1592 Dnscache - ok
    15:03:43.0451 1592 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    15:03:43.0466 1592 dot3svc - ok
    15:03:43.0483 1592 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    15:03:43.0490 1592 DPS - ok
    15:03:43.0518 1592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:03:43.0518 1592 drmkaud - ok
    15:03:43.0591 1592 dump_wmimmc - ok
    15:03:43.0652 1592 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
    15:03:43.0674 1592 DXGKrnl - ok
    15:03:43.0746 1592 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:03:43.0749 1592 EapHost - ok
    15:03:43.0917 1592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    15:03:43.0972 1592 ebdrv - ok
    15:03:44.0059 1592 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    15:03:44.0060 1592 EFS - ok
    15:03:44.0131 1592 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
    15:03:44.0150 1592 ehRecvr - ok
    15:03:44.0164 1592 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:03:44.0165 1592 ehSched - ok
    15:03:44.0216 1592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    15:03:44.0224 1592 elxstor - ok
    15:03:44.0240 1592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    15:03:44.0241 1592 ErrDev - ok
    15:03:44.0293 1592 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:03:44.0305 1592 EventSystem - ok
    15:03:44.0326 1592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:03:44.0332 1592 exfat - ok
    15:03:44.0347 1592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:03:44.0353 1592 fastfat - ok
    15:03:44.0406 1592 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    15:03:44.0426 1592 Fax - ok
    15:03:44.0443 1592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    15:03:44.0444 1592 fdc - ok
    15:03:44.0451 1592 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:03:44.0452 1592 fdPHost - ok
    15:03:44.0465 1592 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:03:44.0466 1592 FDResPub - ok
    15:03:44.0476 1592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:03:44.0477 1592 FileInfo - ok
    15:03:44.0488 1592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:03:44.0489 1592 Filetrace - ok
    15:03:44.0497 1592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:03:44.0498 1592 flpydisk - ok
    15:03:44.0524 1592 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    15:03:44.0539 1592 FltMgr - ok
    15:03:44.0651 1592 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    15:03:44.0672 1592 FontCache - ok
    15:03:44.0739 1592 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:03:44.0740 1592 FontCache3.0.0.0 - ok
    15:03:44.0762 1592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:03:44.0764 1592 FsDepends - ok
    15:03:44.0773 1592 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    15:03:44.0774 1592 Fs_Rec - ok
    15:03:44.0817 1592 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    15:03:44.0833 1592 fvevol - ok
    15:03:44.0852 1592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    15:03:44.0853 1592 gagp30kx - ok
    15:03:44.0897 1592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:03:44.0898 1592 GEARAspiWDM - ok
    15:03:44.0950 1592 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    15:03:44.0964 1592 gpsvc - ok
    15:03:45.0084 1592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:03:45.0086 1592 gupdate - ok
    15:03:45.0097 1592 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    15:03:45.0099 1592 gupdatem - ok
    15:03:45.0111 1592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:03:45.0112 1592 hcw85cir - ok
    15:03:45.0151 1592 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    15:03:45.0163 1592 HdAudAddService - ok
    15:03:45.0186 1592 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:03:45.0188 1592 HDAudBus - ok
    15:03:45.0215 1592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    15:03:45.0216 1592 HidBatt - ok
    15:03:45.0231 1592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    15:03:45.0233 1592 HidBth - ok
    15:03:45.0247 1592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    15:03:45.0248 1592 HidIr - ok
    15:03:45.0265 1592 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    15:03:45.0267 1592 hidserv - ok
    15:03:45.0293 1592 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    15:03:45.0294 1592 HidUsb - ok
    15:03:45.0322 1592 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    15:03:45.0324 1592 hkmsvc - ok
    15:03:45.0342 1592 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    15:03:45.0358 1592 HomeGroupListener - ok
    15:03:45.0383 1592 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    15:03:45.0389 1592 HomeGroupProvider - ok
    15:03:45.0412 1592 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    15:03:45.0414 1592 HpSAMD - ok
    15:03:45.0466 1592 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    15:03:45.0484 1592 HTTP - ok
    15:03:45.0510 1592 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    15:03:45.0511 1592 hwpolicy - ok
    15:03:45.0535 1592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:03:45.0537 1592 i8042prt - ok
    15:03:45.0573 1592 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    15:03:45.0579 1592 iaStorV - ok
    15:03:45.0690 1592 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:03:45.0704 1592 idsvc - ok
    15:03:45.0767 1592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    15:03:45.0768 1592 iirsp - ok
    15:03:45.0831 1592 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    15:03:45.0846 1592 IKEEXT - ok
    15:03:45.0856 1592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    15:03:45.0857 1592 intelide - ok
    15:03:45.0871 1592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:03:45.0872 1592 intelppm - ok
    15:03:45.0884 1592 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:03:45.0886 1592 IPBusEnum - ok
    15:03:45.0910 1592 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:03:45.0912 1592 IpFilterDriver - ok
    15:03:45.0955 1592 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    15:03:45.0973 1592 iphlpsvc - ok
    15:03:45.0984 1592 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    15:03:45.0985 1592 IPMIDRV - ok
    15:03:46.0007 1592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:03:46.0009 1592 IPNAT - ok
    15:03:46.0130 1592 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    15:03:46.0141 1592 iPod Service - ok
    15:03:46.0163 1592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:03:46.0164 1592 IRENUM - ok
    15:03:46.0181 1592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    15:03:46.0182 1592 isapnp - ok
    15:03:46.0208 1592 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:03:46.0224 1592 iScsiPrt - ok
    15:03:46.0247 1592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:03:46.0248 1592 kbdclass - ok
    15:03:46.0267 1592 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:03:46.0268 1592 kbdhid - ok
    15:03:46.0282 1592 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    15:03:46.0284 1592 KeyIso - ok
    15:03:46.0309 1592 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    15:03:46.0311 1592 KSecDD - ok
    15:03:46.0327 1592 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    15:03:46.0334 1592 KSecPkg - ok
    15:03:46.0345 1592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:03:46.0346 1592 ksthunk - ok
    15:03:46.0386 1592 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:03:46.0399 1592 KtmRm - ok
    15:03:46.0430 1592 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
    15:03:46.0445 1592 LanmanServer - ok
    15:03:46.0468 1592 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    15:03:46.0472 1592 LanmanWorkstation - ok
    15:03:46.0489 1592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:03:46.0490 1592 lltdio - ok
    15:03:46.0520 1592 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:03:46.0534 1592 lltdsvc - ok
    15:03:46.0557 1592 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:03:46.0559 1592 lmhosts - ok
    15:03:46.0635 1592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    15:03:46.0637 1592 LSI_FC - ok
    15:03:46.0647 1592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    15:03:46.0648 1592 LSI_SAS - ok
    15:03:46.0662 1592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    15:03:46.0664 1592 LSI_SAS2 - ok
    15:03:46.0681 1592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    15:03:46.0683 1592 LSI_SCSI - ok
    15:03:46.0702 1592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:03:46.0704 1592 luafv - ok
    15:03:46.0740 1592 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    15:03:46.0741 1592 MBAMProtector - ok
    15:03:46.0867 1592 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    15:03:46.0882 1592 MBAMService - ok
    15:03:46.0921 1592 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    15:03:46.0924 1592 Mcx2Svc - ok
    15:03:46.0929 1592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    15:03:46.0930 1592 megasas - ok
    15:03:46.0955 1592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    15:03:46.0967 1592 MegaSR - ok
    15:03:46.0995 1592 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:03:46.0997 1592 MMCSS - ok
    15:03:47.0013 1592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:03:47.0014 1592 Modem - ok
    15:03:47.0034 1592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:03:47.0035 1592 monitor - ok
    15:03:47.0043 1592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:03:47.0044 1592 mouclass - ok
    15:03:47.0069 1592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:03:47.0070 1592 mouhid - ok
    15:03:47.0083 1592 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    15:03:47.0084 1592 mountmgr - ok
    15:03:47.0159 1592 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    15:03:47.0161 1592 MozillaMaintenance - ok
    15:03:47.0207 1592 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    15:03:47.0213 1592 MpFilter - ok
    15:03:47.0230 1592 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    15:03:47.0233 1592 mpio - ok
    15:03:47.0249 1592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    15:03:47.0251 1592 mpsdrv - ok
    15:03:47.0325 1592 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    15:03:47.0339 1592 MpsSvc - ok
    15:03:47.0357 1592 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    15:03:47.0359 1592 MRxDAV - ok
    15:03:47.0379 1592 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:03:47.0381 1592 mrxsmb - ok
    15:03:47.0406 1592 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:03:47.0420 1592 mrxsmb10 - ok
    15:03:47.0451 1592 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:03:47.0452 1592 mrxsmb20 - ok
    15:03:47.0467 1592 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    15:03:47.0469 1592 msahci - ok
    15:03:47.0480 1592 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    15:03:47.0483 1592 msdsm - ok
    15:03:47.0511 1592 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    15:03:47.0519 1592 MSDTC - ok
    15:03:47.0551 1592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    15:03:47.0551 1592 Msfs - ok
    15:03:47.0559 1592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    15:03:47.0559 1592 mshidkmdf - ok
    15:03:47.0566 1592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    15:03:47.0567 1592 msisadrv - ok
    15:03:47.0599 1592 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    15:03:47.0606 1592 MSiSCSI - ok
    15:03:47.0609 1592 msiserver - ok
    15:03:47.0641 1592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    15:03:47.0642 1592 MSKSSRV - ok
    15:03:47.0736 1592 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    15:03:47.0737 1592 MsMpSvc - ok
    15:03:47.0748 1592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:03:47.0749 1592 MSPCLOCK - ok
    15:03:47.0752 1592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    15:03:47.0753 1592 MSPQM - ok
    15:03:47.0783 1592 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    15:03:47.0795 1592 MsRPC - ok
    15:03:47.0871 1592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:03:47.0872 1592 mssmbios - ok
    15:03:47.0878 1592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    15:03:47.0879 1592 MSTEE - ok
    15:03:47.0887 1592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    15:03:47.0888 1592 MTConfig - ok
    15:03:47.0907 1592 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    15:03:47.0908 1592 MTsensor - ok
    15:03:47.0942 1592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    15:03:47.0944 1592 Mup - ok
    15:03:47.0985 1592 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    15:03:47.0994 1592 napagent - ok
    15:03:48.0017 1592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    15:03:48.0031 1592 NativeWifiP - ok
    15:03:48.0098 1592 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    15:03:48.0109 1592 NDIS - ok
    15:03:48.0124 1592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    15:03:48.0125 1592 NdisCap - ok
    15:03:48.0143 1592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:03:48.0143 1592 NdisTapi - ok
    15:03:48.0154 1592 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:03:48.0155 1592 Ndisuio - ok
    15:03:48.0171 1592 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:03:48.0178 1592 NdisWan - ok
    15:03:48.0196 1592 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    15:03:48.0197 1592 NDProxy - ok
    15:03:48.0207 1592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    15:03:48.0208 1592 NetBIOS - ok
    15:03:48.0233 1592 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    15:03:48.0248 1592 NetBT - ok
    15:03:48.0271 1592 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    15:03:48.0272 1592 Netlogon - ok
    15:03:48.0311 1592 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    15:03:48.0324 1592 Netman - ok
    15:03:48.0355 1592 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    15:03:48.0365 1592 netprofm - ok
    15:03:48.0427 1592 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:03:48.0429 1592 NetTcpPortSharing - ok
    15:03:48.0444 1592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    15:03:48.0445 1592 nfrd960 - ok
    15:03:48.0491 1592 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    15:03:48.0493 1592 NisDrv - ok
    15:03:48.0616 1592 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    15:03:48.0675 1592 NisSrv - ok
    15:03:48.0696 1592 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    15:03:48.0710 1592 NlaSvc - ok
    15:03:48.0721 1592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    15:03:48.0722 1592 Npfs - ok
    15:03:48.0728 1592 npggsvc - ok
    15:03:48.0734 1592 NPPTNT2 - ok
    15:03:48.0753 1592 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    15:03:48.0755 1592 nsi - ok
    15:03:48.0769 1592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    15:03:48.0770 1592 nsiproxy - ok
    15:03:48.0857 1592 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    15:03:48.0885 1592 Ntfs - ok
    15:03:48.0997 1592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    15:03:48.0997 1592 Null - ok
    15:03:49.0574 1592 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:03:49.0648 1592 nvlddmkm - ok
    15:03:49.0798 1592 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    15:03:49.0805 1592 nvraid - ok
    15:03:49.0824 1592 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    15:03:49.0826 1592 nvstor - ok
    15:03:49.0884 1592 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
    15:03:49.0894 1592 nvsvc - ok
    15:03:49.0978 1592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    15:03:49.0979 1592 nv_agp - ok
    15:03:49.0995 1592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:03:49.0996 1592 ohci1394 - ok
    15:03:50.0092 1592 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:03:50.0093 1592 ose - ok
    15:03:50.0122 1592 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:03:50.0136 1592 p2pimsvc - ok
    15:03:50.0169 1592 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    15:03:50.0180 1592 p2psvc - ok
    15:03:50.0190 1592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    15:03:50.0192 1592 Parport - ok
    15:03:50.0207 1592 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    15:03:50.0209 1592 partmgr - ok
    15:03:50.0228 1592 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    15:03:50.0234 1592 PcaSvc - ok
    15:03:50.0243 1592 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    15:03:50.0246 1592 pci - ok
    15:03:50.0258 1592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    15:03:50.0259 1592 pciide - ok
    15:03:50.0283 1592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    15:03:50.0288 1592 pcmcia - ok
    15:03:50.0300 1592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    15:03:50.0302 1592 pcw - ok
    15:03:50.0331 1592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    15:03:50.0348 1592 PEAUTH - ok
    15:03:50.0420 1592 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    15:03:50.0444 1592 PeerDistSvc - ok
    15:03:50.0506 1592 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    15:03:50.0508 1592 PerfHost - ok
    15:03:50.0691 1592 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    15:03:50.0724 1592 pla - ok
    15:03:50.0760 1592 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
    15:03:50.0765 1592 PlugPlay - ok
    15:03:50.0775 1592 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    15:03:50.0776 1592 PNRPAutoReg - ok
    15:03:50.0800 1592 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    15:03:50.0802 1592 PNRPsvc - ok
    15:03:50.0840 1592 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    15:03:50.0849 1592 PolicyAgent - ok
    15:03:50.0865 1592 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    15:03:50.0872 1592 Power - ok
    15:03:50.0916 1592 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    15:03:50.0917 1592 PptpMiniport - ok
    15:03:50.0939 1592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    15:03:50.0940 1592 Processor - ok
    15:03:50.0970 1592 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    15:03:50.0986 1592 ProfSvc - ok
    15:03:51.0004 1592 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    15:03:51.0005 1592 ProtectedStorage - ok
    15:03:51.0034 1592 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    15:03:51.0036 1592 Psched - ok
    15:03:51.0114 1592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    15:03:51.0155 1592 ql2300 - ok
    15:03:51.0264 1592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    15:03:51.0265 1592 ql40xx - ok
    15:03:51.0283 1592 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    15:03:51.0299 1592 QWAVE - ok
    15:03:51.0323 1592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    15:03:51.0324 1592 QWAVEdrv - ok
    15:03:51.0338 1592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    15:03:51.0338 1592 RasAcd - ok
    15:03:51.0361 1592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    15:03:51.0362 1592 RasAgileVpn - ok
    15:03:51.0375 1592 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    15:03:51.0377 1592 RasAuto - ok
    15:03:51.0395 1592 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:03:51.0397 1592 Rasl2tp - ok
    15:03:51.0446 1592 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    15:03:51.0459 1592 RasMan - ok
    15:03:51.0489 1592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:03:51.0491 1592 RasPppoe - ok
    15:03:51.0510 1592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    15:03:51.0512 1592 RasSstp - ok
    15:03:51.0534 1592 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    15:03:51.0576 1592 rdbss - ok
    15:03:51.0613 1592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    15:03:51.0614 1592 rdpbus - ok
    15:03:51.0627 1592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:03:51.0628 1592 RDPCDD - ok
    15:03:51.0655 1592 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    15:03:51.0662 1592 RDPDR - ok
    15:03:51.0666 1592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    15:03:51.0667 1592 RDPENCDD - ok
    15:03:51.0688 1592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    15:03:51.0689 1592 RDPREFMP - ok
    15:03:51.0707 1592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    15:03:51.0713 1592 RDPWD - ok
    15:03:51.0757 1592 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    15:03:51.0774 1592 rdyboost - ok
    15:03:51.0803 1592 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    15:03:51.0805 1592 RemoteAccess - ok
    15:03:51.0826 1592 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    15:03:51.0833 1592 RemoteRegistry - ok
    15:03:51.0888 1592 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    15:03:51.0890 1592 RFCOMM - ok
    15:03:51.0907 1592 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    15:03:51.0909 1592 RpcEptMapper - ok
    15:03:51.0925 1592 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    15:03:51.0926 1592 RpcLocator - ok
    15:03:51.0955 1592 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    15:03:51.0959 1592 RpcSs - ok
    15:03:52.0008 1592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    15:03:52.0010 1592 rspndr - ok
     
  13. Jerevicious

    Jerevicious TS Rookie Topic Starter

    15:03:52.0031 1592 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    15:03:52.0033 1592 s3cap - ok
    15:03:52.0048 1592 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    15:03:52.0050 1592 SamSs - ok
    15:03:52.0067 1592 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    15:03:52.0069 1592 sbp2port - ok
    15:03:52.0093 1592 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    15:03:52.0099 1592 SCardSvr - ok
    15:03:52.0127 1592 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    15:03:52.0128 1592 scfilter - ok
    15:03:52.0192 1592 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
    15:03:52.0211 1592 Schedule - ok
    15:03:52.0241 1592 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    15:03:52.0241 1592 SCPolicySvc - ok
    15:03:52.0261 1592 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    15:03:52.0268 1592 SDRSVC - ok
    15:03:52.0299 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    15:03:52.0300 1592 secdrv - ok
    15:03:52.0315 1592 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    15:03:52.0317 1592 seclogon - ok
    15:03:52.0339 1592 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    15:03:52.0341 1592 SENS - ok
    15:03:52.0346 1592 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    15:03:52.0348 1592 SensrSvc - ok
    15:03:52.0388 1592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    15:03:52.0389 1592 Serenum - ok
    15:03:52.0415 1592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    15:03:52.0417 1592 Serial - ok
    15:03:52.0426 1592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    15:03:52.0427 1592 sermouse - ok
    15:03:52.0451 1592 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    15:03:52.0454 1592 SessionEnv - ok
    15:03:52.0465 1592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    15:03:52.0466 1592 sffdisk - ok
    15:03:52.0482 1592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    15:03:52.0483 1592 sffp_mmc - ok
    15:03:52.0489 1592 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    15:03:52.0490 1592 sffp_sd - ok
    15:03:52.0497 1592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    15:03:52.0498 1592 sfloppy - ok
    15:03:52.0584 1592 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    15:03:52.0630 1592 SharedAccess - ok
    15:03:52.0683 1592 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    15:03:52.0696 1592 ShellHWDetection - ok
    15:03:52.0728 1592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    15:03:52.0729 1592 SiSRaid2 - ok
    15:03:52.0735 1592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    15:03:52.0736 1592 SiSRaid4 - ok
    15:03:52.0753 1592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    15:03:52.0755 1592 Smb - ok
    15:03:52.0787 1592 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    15:03:52.0789 1592 SNMPTRAP - ok
    15:03:52.0804 1592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    15:03:52.0805 1592 spldr - ok
    15:03:52.0834 1592 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
    15:03:52.0874 1592 Spooler - ok
    15:03:53.0060 1592 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    15:03:53.0127 1592 sppsvc - ok
    15:03:53.0230 1592 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    15:03:53.0233 1592 sppuinotify - ok
    15:03:53.0327 1592 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    15:03:53.0327 1592 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    15:03:53.0329 1592 sptd ( LockedFile.Multi.Generic ) - warning
    15:03:53.0329 1592 sptd - detected LockedFile.Multi.Generic (1)
    15:03:53.0380 1592 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    15:03:53.0385 1592 srv - ok
    15:03:53.0435 1592 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    15:03:53.0458 1592 srv2 - ok
    15:03:53.0491 1592 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    15:03:53.0498 1592 srvnet - ok
    15:03:53.0537 1592 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    15:03:53.0554 1592 SSDPSRV - ok
    15:03:53.0570 1592 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    15:03:53.0572 1592 SstpSvc - ok
    15:03:53.0683 1592 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    15:03:53.0687 1592 Stereo Service - ok
    15:03:53.0712 1592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    15:03:53.0713 1592 stexstor - ok
    15:03:53.0761 1592 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    15:03:53.0801 1592 stisvc - ok
    15:03:53.0841 1592 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    15:03:53.0843 1592 storflt - ok
    15:03:53.0856 1592 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    15:03:53.0859 1592 StorSvc - ok
    15:03:53.0873 1592 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    15:03:53.0875 1592 storvsc - ok
    15:03:53.0888 1592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    15:03:53.0888 1592 swenum - ok
    15:03:53.0924 1592 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    15:03:53.0967 1592 swprv - ok
    15:03:54.0097 1592 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    15:03:54.0146 1592 SysMain - ok
    15:03:54.0256 1592 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    15:03:54.0259 1592 TabletInputService - ok
    15:03:54.0317 1592 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    15:03:54.0331 1592 TapiSrv - ok
    15:03:54.0370 1592 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    15:03:54.0373 1592 TBS - ok
    15:03:54.0542 1592 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    15:03:54.0636 1592 Tcpip - ok
    15:03:55.0271 1592 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    15:03:55.0284 1592 TCPIP6 - ok
    15:03:55.0397 1592 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    15:03:55.0398 1592 tcpipreg - ok
    15:03:55.0415 1592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    15:03:55.0416 1592 TDPIPE - ok
    15:03:55.0432 1592 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    15:03:55.0433 1592 TDTCP - ok
    15:03:55.0454 1592 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    15:03:55.0456 1592 tdx - ok
    15:03:55.0471 1592 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    15:03:55.0472 1592 TermDD - ok
    15:03:55.0528 1592 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    15:03:55.0546 1592 TermService - ok
    15:03:55.0574 1592 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    15:03:55.0576 1592 Themes - ok
    15:03:55.0594 1592 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:03:55.0596 1592 THREADORDER - ok
    15:03:55.0608 1592 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    15:03:55.0611 1592 TrkWks - ok
    15:03:55.0648 1592 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    15:03:55.0654 1592 TrustedInstaller - ok
    15:03:55.0685 1592 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:03:55.0686 1592 tssecsrv - ok
    15:03:55.0718 1592 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    15:03:55.0720 1592 tunnel - ok
    15:03:55.0732 1592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    15:03:55.0734 1592 uagp35 - ok
    15:03:55.0762 1592 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    15:03:55.0799 1592 udfs - ok
    15:03:55.0852 1592 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    15:03:55.0855 1592 UI0Detect - ok
    15:03:55.0861 1592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    15:03:55.0863 1592 uliagpkx - ok
    15:03:55.0907 1592 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    15:03:55.0908 1592 umbus - ok
    15:03:55.0918 1592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    15:03:55.0919 1592 UmPass - ok
    15:03:55.0943 1592 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
    15:03:55.0960 1592 UmRdpService - ok
    15:03:56.0007 1592 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    15:03:56.0020 1592 upnphost - ok
    15:03:56.0075 1592 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    15:03:56.0076 1592 USBAAPL64 - ok
    15:03:56.0090 1592 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:03:56.0092 1592 usbccgp - ok
    15:03:56.0116 1592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    15:03:56.0118 1592 usbcir - ok
    15:03:56.0133 1592 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    15:03:56.0134 1592 usbehci - ok
    15:03:56.0168 1592 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    15:03:56.0182 1592 usbhub - ok
    15:03:56.0188 1592 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    15:03:56.0189 1592 usbohci - ok
    15:03:56.0228 1592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    15:03:56.0230 1592 usbprint - ok
    15:03:56.0264 1592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    15:03:56.0265 1592 usbscan - ok
    15:03:56.0284 1592 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:03:56.0286 1592 USBSTOR - ok
    15:03:56.0298 1592 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:03:56.0299 1592 usbuhci - ok
    15:03:56.0322 1592 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    15:03:56.0324 1592 UxSms - ok
    15:03:56.0348 1592 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    15:03:56.0349 1592 VaultSvc - ok
    15:03:56.0373 1592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    15:03:56.0374 1592 vdrvroot - ok
    15:03:56.0414 1592 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    15:03:56.0456 1592 vds - ok
    15:03:56.0511 1592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:03:56.0512 1592 vga - ok
    15:03:56.0525 1592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    15:03:56.0526 1592 VgaSave - ok
    15:03:56.0542 1592 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    15:03:56.0636 1592 vhdmp - ok
    15:03:56.0685 1592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    15:03:56.0686 1592 viaide - ok
    15:03:56.0706 1592 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    15:03:56.0712 1592 vmbus - ok
    15:03:56.0757 1592 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    15:03:56.0758 1592 VMBusHID - ok
    15:03:56.0776 1592 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    15:03:56.0778 1592 volmgr - ok
    15:03:56.0800 1592 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    15:03:56.0813 1592 volmgrx - ok
    15:03:56.0859 1592 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    15:03:56.0874 1592 volsnap - ok
    15:03:56.0915 1592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    15:03:56.0923 1592 vsmraid - ok
    15:03:57.0125 1592 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    15:03:57.0158 1592 VSS - ok
    15:03:57.0265 1592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    15:03:57.0266 1592 vwifibus - ok
    15:03:57.0276 1592 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    15:03:57.0277 1592 vwififlt - ok
    15:03:57.0312 1592 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    15:03:57.0335 1592 W32Time - ok
    15:03:57.0366 1592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    15:03:57.0368 1592 WacomPen - ok
    15:03:57.0398 1592 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    15:03:57.0400 1592 WANARP - ok
    15:03:57.0405 1592 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    15:03:57.0407 1592 Wanarpv6 - ok
    15:03:57.0496 1592 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    15:03:57.0528 1592 wbengine - ok
    15:03:57.0649 1592 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    15:03:57.0666 1592 WbioSrvc - ok
    15:03:57.0704 1592 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    15:03:57.0716 1592 wcncsvc - ok
    15:03:57.0739 1592 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    15:03:57.0742 1592 WcsPlugInService - ok
    15:03:57.0780 1592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    15:03:57.0782 1592 Wd - ok
    15:03:57.0822 1592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    15:03:57.0830 1592 Wdf01000 - ok
    15:03:57.0861 1592 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:03:57.0864 1592 WdiServiceHost - ok
    15:03:57.0868 1592 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    15:03:57.0871 1592 WdiSystemHost - ok
    15:03:57.0907 1592 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    15:03:57.0934 1592 WebClient - ok
    15:03:58.0013 1592 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    15:03:58.0030 1592 Wecsvc - ok
    15:03:58.0078 1592 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    15:03:58.0107 1592 wercplsupport - ok
    15:03:58.0155 1592 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    15:03:58.0159 1592 WerSvc - ok
    15:03:58.0204 1592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    15:03:58.0205 1592 WfpLwf - ok
    15:03:58.0282 1592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    15:03:58.0304 1592 WIMMount - ok
    15:03:58.0409 1592 WinDefend - ok
    15:03:58.0419 1592 WinHttpAutoProxySvc - ok
    15:03:58.0495 1592 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    15:03:58.0510 1592 Winmgmt - ok
    15:03:58.0678 1592 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    15:03:58.0732 1592 WinRM - ok
    15:03:58.0884 1592 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    15:03:58.0885 1592 WinUsb - ok
    15:03:58.0957 1592 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    15:03:58.0977 1592 Wlansvc - ok
    15:03:59.0050 1592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:03:59.0051 1592 WmiAcpi - ok
    15:03:59.0387 1592 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    15:03:59.0398 1592 wmiApSrv - ok
    15:03:59.0443 1592 WMPNetworkSvc - ok
    15:03:59.0488 1592 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    15:03:59.0491 1592 WPCSvc - ok
    15:03:59.0507 1592 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    15:03:59.0510 1592 WPDBusEnum - ok
    15:03:59.0530 1592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    15:03:59.0531 1592 ws2ifsl - ok
    15:03:59.0558 1592 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    15:03:59.0561 1592 wscsvc - ok
    15:03:59.0566 1592 WSearch - ok
    15:03:59.0719 1592 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    15:03:59.0768 1592 wuauserv - ok
    15:03:59.0884 1592 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    15:03:59.0886 1592 WudfPf - ok
    15:03:59.0911 1592 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:03:59.0917 1592 WUDFRd - ok
    15:03:59.0942 1592 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    15:03:59.0945 1592 wudfsvc - ok
    15:03:59.0970 1592 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    15:04:00.0003 1592 WwanSvc - ok
    15:04:00.0074 1592 xusb21 (5aa532bbac7e34186edff24f72bcd61b) C:\Windows\system32\DRIVERS\xusb21.sys
    15:04:00.0076 1592 xusb21 - ok
    15:04:00.0106 1592 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
    15:04:00.0145 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    15:04:00.0145 1592 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    15:04:00.0150 1592 Boot (0x1200) (52a5c93792090bf8ddb4e4576127b67c) \Device\Harddisk0\DR0\Partition0
    15:04:00.0151 1592 \Device\Harddisk0\DR0\Partition0 - ok
    15:04:00.0154 1592 Boot (0x1200) (5e4aa99541610ee5ff2a9ae244ac241f) \Device\Harddisk0\DR0\Partition1
    15:04:00.0155 1592 \Device\Harddisk0\DR0\Partition1 - ok
    15:04:00.0156 1592 ============================================================
    15:04:00.0156 1592 Scan finished
    15:04:00.0156 1592 ============================================================
    15:04:00.0168 3676 Detected object count: 2
    15:04:00.0168 3676 Actual detected object count: 2
    15:04:32.0996 3676 sptd ( LockedFile.Multi.Generic ) - skipped by user
    15:04:32.0996 3676 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    15:04:33.0854 3676 \Device\Harddisk0\DR0\# - copied to quarantine
    15:04:33.0854 3676 \Device\Harddisk0\DR0 - copied to quarantine
    15:04:33.0880 3676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    15:04:33.0881 3676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    15:04:33.0884 3676 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    15:04:33.0888 3676 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    15:04:33.0897 3676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    15:04:33.0903 3676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    15:04:33.0905 3676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    15:04:33.0906 3676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    15:04:33.0907 3676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    15:04:33.0909 3676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    15:04:33.0911 3676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    15:04:33.0912 3676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    15:04:33.0959 3676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    15:04:33.0960 3676 \Device\Harddisk0\DR0 - ok
    15:04:33.0977 3676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    15:04:41.0584 1616 Deinitialize success
     
  14. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Very good :)

    Re-run MBAM one more time.
     
  15. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Heya. Had to step out for awhile. Just ran it a minute ago.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    TGizz :: POSEIDON [administrator]

    7/29/2012 7:45:22 PM
    mbam-log-2012-07-29 (19-45-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193196
    Time elapsed: 1 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)




    It's still there :(
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Re-run TDSSKiller one more time.
     
  17. Jerevicious

    Jerevicious TS Rookie Topic Starter

    21:11:37.0716 2092 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    21:11:37.0982 2092 ============================================================
    21:11:37.0982 2092 Current date / time: 2012/07/29 21:11:37.0982
    21:11:37.0982 2092 SystemInfo:
    21:11:37.0982 2092
    21:11:37.0982 2092 OS Version: 6.1.7600 ServicePack: 0.0
    21:11:37.0982 2092 Product type: Workstation
    21:11:37.0982 2092 ComputerName: POSEIDON
    21:11:37.0982 2092 UserName: TGizz
    21:11:37.0982 2092 Windows directory: C:\Windows
    21:11:37.0982 2092 System windows directory: C:\Windows
    21:11:37.0982 2092 Running under WOW64
    21:11:37.0982 2092 Processor architecture: Intel x64
    21:11:37.0982 2092 Number of processors: 4
    21:11:37.0982 2092 Page size: 0x1000
    21:11:37.0982 2092 Boot type: Normal boot
    21:11:37.0982 2092 ============================================================
    21:11:38.0886 2092 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
    21:11:38.0933 2092 ============================================================
    21:11:38.0933 2092 \Device\Harddisk0\DR0:
    21:11:38.0933 2092 MBR partitions:
    21:11:38.0933 2092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    21:11:38.0933 2092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    21:11:38.0933 2092 ============================================================
    21:11:38.0949 2092 C: <-> \Device\Harddisk0\DR0\Partition1
    21:11:38.0964 2092 D: <-> \Device\Harddisk0\DR0\Partition0
    21:11:38.0964 2092 ============================================================
    21:11:38.0964 2092 Initialize success
    21:11:38.0964 2092 ============================================================
    21:11:42.0225 3096 ============================================================
    21:11:42.0225 3096 Scan started
    21:11:42.0225 3096 Mode: Manual;
    21:11:42.0225 3096 ============================================================
    21:11:43.0426 3096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    21:11:43.0426 3096 1394ohci - ok
    21:11:43.0504 3096 A3AB (b1503ab6d48ed02319f3d11615d3158d) C:\Windows\system32\DRIVERS\A3ABvx.sys
    21:11:43.0535 3096 A3AB - ok
    21:11:43.0566 3096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    21:11:43.0566 3096 ACPI - ok
    21:11:43.0582 3096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    21:11:43.0582 3096 AcpiPmi - ok
    21:11:43.0613 3096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:11:43.0629 3096 adp94xx - ok
    21:11:43.0754 3096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    21:11:43.0785 3096 adpahci - ok
    21:11:43.0800 3096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    21:11:43.0800 3096 adpu320 - ok
    21:11:43.0832 3096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    21:11:43.0832 3096 AeLookupSvc - ok
    21:11:43.0863 3096 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    21:11:43.0894 3096 AFD - ok
    21:11:43.0894 3096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    21:11:43.0894 3096 agp440 - ok
    21:11:43.0910 3096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    21:11:43.0925 3096 ALG - ok
    21:11:43.0925 3096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    21:11:43.0925 3096 aliide - ok
    21:11:44.0019 3096 ALSysIO - ok
    21:11:44.0034 3096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    21:11:44.0034 3096 amdide - ok
    21:11:44.0034 3096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    21:11:44.0050 3096 AmdK8 - ok
    21:11:44.0050 3096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    21:11:44.0050 3096 AmdPPM - ok
    21:11:44.0081 3096 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    21:11:44.0081 3096 amdsata - ok
    21:11:44.0112 3096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:11:44.0112 3096 amdsbs - ok
    21:11:44.0144 3096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    21:11:44.0144 3096 amdxata - ok
    21:11:44.0159 3096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    21:11:44.0159 3096 AppID - ok
    21:11:44.0190 3096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    21:11:44.0190 3096 AppIDSvc - ok
    21:11:44.0206 3096 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    21:11:44.0206 3096 Appinfo - ok
    21:11:44.0284 3096 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:11:44.0284 3096 Apple Mobile Device - ok
    21:11:44.0331 3096 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
    21:11:44.0331 3096 AppMgmt - ok
    21:11:44.0346 3096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    21:11:44.0362 3096 arc - ok
    21:11:44.0362 3096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    21:11:44.0362 3096 arcsas - ok
    21:11:44.0393 3096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:11:44.0393 3096 AsyncMac - ok
    21:11:44.0409 3096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    21:11:44.0409 3096 atapi - ok
    21:11:44.0487 3096 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
    21:11:44.0518 3096 athr - ok
    21:11:44.0596 3096 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    21:11:44.0612 3096 AudioEndpointBuilder - ok
    21:11:44.0627 3096 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    21:11:44.0627 3096 AudioSrv - ok
    21:11:44.0643 3096 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    21:11:44.0643 3096 AxInstSV - ok
    21:11:44.0690 3096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    21:11:44.0705 3096 b06bdrv - ok
    21:11:44.0721 3096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:11:44.0736 3096 b57nd60a - ok
    21:11:44.0752 3096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    21:11:44.0752 3096 BDESVC - ok
    21:11:44.0783 3096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:11:44.0783 3096 Beep - ok
    21:11:44.0846 3096 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    21:11:44.0861 3096 BFE - ok
    21:11:44.0892 3096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:11:44.0892 3096 blbdrive - ok
    21:11:45.0002 3096 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:11:45.0017 3096 Bonjour Service - ok
    21:11:45.0033 3096 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    21:11:45.0033 3096 bowser - ok
    21:11:45.0048 3096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:11:45.0048 3096 BrFiltLo - ok
    21:11:45.0064 3096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:11:45.0064 3096 BrFiltUp - ok
    21:11:45.0080 3096 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    21:11:45.0080 3096 BridgeMP - ok
    21:11:45.0095 3096 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    21:11:45.0111 3096 Browser - ok
    21:11:45.0126 3096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:11:45.0142 3096 Brserid - ok
    21:11:45.0158 3096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:11:45.0158 3096 BrSerWdm - ok
    21:11:45.0173 3096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:11:45.0173 3096 BrUsbMdm - ok
    21:11:45.0189 3096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:11:45.0189 3096 BrUsbSer - ok
    21:11:45.0236 3096 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    21:11:45.0236 3096 BthEnum - ok
    21:11:45.0251 3096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:11:45.0251 3096 BTHMODEM - ok
    21:11:45.0267 3096 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    21:11:45.0282 3096 BthPan - ok
    21:11:45.0329 3096 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
    21:11:45.0360 3096 BTHPORT - ok
    21:11:45.0376 3096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    21:11:45.0376 3096 bthserv - ok
    21:11:45.0407 3096 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
    21:11:45.0407 3096 BTHUSB - ok
    21:11:45.0454 3096 btwaudio (ba1498a4c7e7372654433648a61434a7) C:\Windows\system32\drivers\btwaudio.sys
    21:11:45.0454 3096 btwaudio - ok
    21:11:45.0501 3096 btwavdt (ba66ceb74d49e00820c2c8d34c9caa83) C:\Windows\system32\DRIVERS\btwavdt.sys
    21:11:45.0501 3096 btwavdt - ok
    21:11:45.0610 3096 btwdins (541590dc8948e19f7f9f7c8e2e067d99) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    21:11:45.0626 3096 btwdins - ok
    21:11:45.0641 3096 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
    21:11:45.0641 3096 btwl2cap - ok
    21:11:45.0688 3096 btwrchid (138771ea158e3d7a14b0e0e357c8ca93) C:\Windows\system32\DRIVERS\btwrchid.sys
    21:11:45.0688 3096 btwrchid - ok
    21:11:45.0688 3096 catchme - ok
    21:11:45.0719 3096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:11:45.0719 3096 cdfs - ok
    21:11:45.0735 3096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    21:11:45.0750 3096 cdrom - ok
    21:11:45.0782 3096 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    21:11:45.0782 3096 CertPropSvc - ok
    21:11:45.0797 3096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    21:11:45.0797 3096 circlass - ok
    21:11:45.0828 3096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:11:45.0844 3096 CLFS - ok
    21:11:45.0906 3096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:11:45.0906 3096 clr_optimization_v2.0.50727_32 - ok
    21:11:45.0953 3096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:11:45.0953 3096 clr_optimization_v2.0.50727_64 - ok
    21:11:45.0984 3096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:11:45.0984 3096 CmBatt - ok
    21:11:45.0984 3096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    21:11:45.0984 3096 cmdide - ok
    21:11:46.0031 3096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    21:11:46.0047 3096 CNG - ok
    21:11:46.0062 3096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    21:11:46.0062 3096 Compbatt - ok
    21:11:46.0094 3096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    21:11:46.0094 3096 CompositeBus - ok
    21:11:46.0094 3096 COMSysApp - ok
    21:11:46.0109 3096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:11:46.0125 3096 crcdisk - ok
    21:11:46.0156 3096 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    21:11:46.0156 3096 CryptSvc - ok
    21:11:46.0187 3096 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    21:11:46.0203 3096 CSC - ok
    21:11:46.0250 3096 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
    21:11:46.0265 3096 CscService - ok
    21:11:46.0313 3096 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    21:11:46.0360 3096 DcomLaunch - ok
    21:11:46.0407 3096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    21:11:46.0422 3096 defragsvc - ok
    21:11:46.0453 3096 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    21:11:46.0453 3096 DfsC - ok
    21:11:46.0500 3096 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    21:11:46.0516 3096 Dhcp - ok
    21:11:46.0531 3096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:11:46.0531 3096 discache - ok
    21:11:46.0547 3096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    21:11:46.0547 3096 Disk - ok
    21:11:46.0563 3096 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
    21:11:46.0563 3096 Dnscache - ok
    21:11:46.0594 3096 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    21:11:46.0609 3096 dot3svc - ok
    21:11:46.0625 3096 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    21:11:46.0625 3096 DPS - ok
    21:11:46.0656 3096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:11:46.0656 3096 drmkaud - ok
    21:11:46.0750 3096 dump_wmimmc - ok
    21:11:46.0812 3096 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
    21:11:46.0828 3096 DXGKrnl - ok
    21:11:46.0859 3096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    21:11:46.0859 3096 EapHost - ok
    21:11:47.0015 3096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    21:11:47.0062 3096 ebdrv - ok
    21:11:47.0140 3096 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    21:11:47.0140 3096 EFS - ok
    21:11:47.0202 3096 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
    21:11:47.0233 3096 ehRecvr - ok
    21:11:47.0233 3096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    21:11:47.0249 3096 ehSched - ok
    21:11:47.0296 3096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    21:11:47.0311 3096 elxstor - ok
    21:11:47.0327 3096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    21:11:47.0327 3096 ErrDev - ok
    21:11:47.0374 3096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    21:11:47.0389 3096 EventSystem - ok
    21:11:47.0405 3096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:11:47.0405 3096 exfat - ok
    21:11:47.0421 3096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:11:47.0436 3096 fastfat - ok
    21:11:47.0483 3096 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    21:11:47.0499 3096 Fax - ok
    21:11:47.0514 3096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    21:11:47.0514 3096 fdc - ok
    21:11:47.0530 3096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    21:11:47.0530 3096 fdPHost - ok
    21:11:47.0545 3096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    21:11:47.0545 3096 FDResPub - ok
    21:11:47.0545 3096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:11:47.0561 3096 FileInfo - ok
    21:11:47.0561 3096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:11:47.0561 3096 Filetrace - ok
    21:11:47.0577 3096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:11:47.0577 3096 flpydisk - ok
    21:11:47.0608 3096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    21:11:47.0608 3096 FltMgr - ok
    21:11:47.0686 3096 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    21:11:47.0701 3096 FontCache - ok
    21:11:47.0779 3096 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:11:47.0779 3096 FontCache3.0.0.0 - ok
    21:11:47.0811 3096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:11:47.0811 3096 FsDepends - ok
    21:11:47.0826 3096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:11:47.0826 3096 Fs_Rec - ok
    21:11:47.0857 3096 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
    21:11:47.0873 3096 fvevol - ok
    21:11:47.0904 3096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:11:47.0904 3096 gagp30kx - ok
    21:11:47.0951 3096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:11:47.0951 3096 GEARAspiWDM - ok
    21:11:48.0013 3096 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    21:11:48.0029 3096 gpsvc - ok
    21:11:48.0123 3096 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:11:48.0123 3096 gupdate - ok
    21:11:48.0138 3096 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:11:48.0138 3096 gupdatem - ok
    21:11:48.0154 3096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:11:48.0154 3096 hcw85cir - ok
    21:11:48.0185 3096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    21:11:48.0201 3096 HdAudAddService - ok
    21:11:48.0216 3096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:11:48.0216 3096 HDAudBus - ok
    21:11:48.0232 3096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:11:48.0232 3096 HidBatt - ok
    21:11:48.0247 3096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    21:11:48.0247 3096 HidBth - ok
    21:11:48.0263 3096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    21:11:48.0263 3096 HidIr - ok
    21:11:48.0279 3096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    21:11:48.0279 3096 hidserv - ok
    21:11:48.0310 3096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    21:11:48.0310 3096 HidUsb - ok
    21:11:48.0341 3096 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    21:11:48.0341 3096 hkmsvc - ok
    21:11:48.0357 3096 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    21:11:48.0372 3096 HomeGroupListener - ok
    21:11:48.0403 3096 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    21:11:48.0403 3096 HomeGroupProvider - ok
    21:11:48.0419 3096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    21:11:48.0419 3096 HpSAMD - ok
    21:11:48.0481 3096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    21:11:48.0497 3096 HTTP - ok
    21:11:48.0513 3096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    21:11:48.0513 3096 hwpolicy - ok
    21:11:48.0528 3096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:11:48.0528 3096 i8042prt - ok
    21:11:48.0559 3096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    21:11:48.0575 3096 iaStorV - ok
    21:11:48.0669 3096 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:11:48.0684 3096 idsvc - ok
    21:11:48.0715 3096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    21:11:48.0715 3096 iirsp - ok
    21:11:48.0778 3096 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    21:11:48.0840 3096 IKEEXT - ok
    21:11:48.0871 3096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    21:11:48.0871 3096 intelide - ok
    21:11:48.0887 3096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:11:48.0887 3096 intelppm - ok
    21:11:48.0887 3096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    21:11:48.0903 3096 IPBusEnum - ok
    21:11:48.0918 3096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:11:48.0918 3096 IpFilterDriver - ok
    21:11:48.0965 3096 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    21:11:48.0981 3096 iphlpsvc - ok
    21:11:48.0996 3096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    21:11:48.0996 3096 IPMIDRV - ok
    21:11:49.0012 3096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:11:49.0012 3096 IPNAT - ok
    21:11:49.0152 3096 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    21:11:49.0168 3096 iPod Service - ok
    21:11:49.0183 3096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:11:49.0183 3096 IRENUM - ok
    21:11:49.0183 3096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    21:11:49.0183 3096 isapnp - ok
    21:11:49.0199 3096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:11:49.0215 3096 iScsiPrt - ok
    21:11:49.0230 3096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:11:49.0230 3096 kbdclass - ok
    21:11:49.0246 3096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:11:49.0261 3096 kbdhid - ok
    21:11:49.0261 3096 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    21:11:49.0261 3096 KeyIso - ok
    21:11:49.0277 3096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    21:11:49.0293 3096 KSecDD - ok
    21:11:49.0308 3096 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
    21:11:49.0308 3096 KSecPkg - ok
    21:11:49.0324 3096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:11:49.0324 3096 ksthunk - ok
    21:11:49.0355 3096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    21:11:49.0371 3096 KtmRm - ok
    21:11:49.0386 3096 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll
    21:11:49.0417 3096 LanmanServer - ok
    21:11:49.0433 3096 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    21:11:49.0433 3096 LanmanWorkstation - ok
    21:11:49.0449 3096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:11:49.0449 3096 lltdio - ok
    21:11:49.0480 3096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    21:11:49.0495 3096 lltdsvc - ok
    21:11:49.0511 3096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    21:11:49.0527 3096 lmhosts - ok
    21:11:49.0542 3096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:11:49.0542 3096 LSI_FC - ok
    21:11:49.0573 3096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:11:49.0573 3096 LSI_SAS - ok
    21:11:49.0589 3096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:11:49.0589 3096 LSI_SAS2 - ok
    21:11:49.0605 3096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:11:49.0605 3096 LSI_SCSI - ok
    21:11:49.0620 3096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:11:49.0620 3096 luafv - ok
    21:11:49.0651 3096 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    21:11:49.0651 3096 MBAMProtector - ok
    21:11:49.0761 3096 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    21:11:49.0776 3096 MBAMService - ok
    21:11:49.0807 3096 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    21:11:49.0807 3096 Mcx2Svc - ok
    21:11:49.0823 3096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    21:11:49.0823 3096 megasas - ok
    21:11:49.0839 3096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:11:49.0854 3096 MegaSR - ok
    21:11:49.0870 3096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:11:49.0870 3096 MMCSS - ok
    21:11:49.0885 3096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:11:49.0885 3096 Modem - ok
    21:11:49.0901 3096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:11:49.0901 3096 monitor - ok
    21:11:49.0901 3096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:11:49.0901 3096 mouclass - ok
    21:11:49.0932 3096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:11:49.0932 3096 mouhid - ok
    21:11:49.0948 3096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    21:11:49.0948 3096 mountmgr - ok
    21:11:50.0026 3096 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:11:50.0026 3096 MozillaMaintenance - ok
    21:11:50.0073 3096 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    21:11:50.0088 3096 MpFilter - ok
    21:11:50.0119 3096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    21:11:50.0119 3096 mpio - ok
    21:11:50.0135 3096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:11:50.0135 3096 mpsdrv - ok
    21:11:50.0213 3096 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    21:11:50.0229 3096 MpsSvc - ok
    21:11:50.0244 3096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    21:11:50.0244 3096 MRxDAV - ok
    21:11:50.0260 3096 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:11:50.0275 3096 mrxsmb - ok
    21:11:50.0291 3096 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:11:50.0307 3096 mrxsmb10 - ok
    21:11:50.0322 3096 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:11:50.0322 3096 mrxsmb20 - ok
    21:11:50.0338 3096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    21:11:50.0338 3096 msahci - ok
    21:11:50.0353 3096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    21:11:50.0353 3096 msdsm - ok
    21:11:50.0369 3096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    21:11:50.0385 3096 MSDTC - ok
    21:11:50.0400 3096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:11:50.0400 3096 Msfs - ok
    21:11:50.0416 3096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:11:50.0416 3096 mshidkmdf - ok
    21:11:50.0416 3096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    21:11:50.0416 3096 msisadrv - ok
    21:11:50.0463 3096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    21:11:50.0478 3096 MSiSCSI - ok
    21:11:50.0478 3096 msiserver - ok
    21:11:50.0494 3096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:11:50.0494 3096 MSKSSRV - ok
    21:11:50.0587 3096 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    21:11:50.0587 3096 MsMpSvc - ok
    21:11:50.0603 3096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:11:50.0603 3096 MSPCLOCK - ok
    21:11:50.0603 3096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:11:50.0603 3096 MSPQM - ok
    21:11:50.0634 3096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    21:11:50.0650 3096 MsRPC - ok
    21:11:50.0665 3096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:11:50.0665 3096 mssmbios - ok
    21:11:50.0681 3096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:11:50.0681 3096 MSTEE - ok
    21:11:50.0681 3096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:11:50.0681 3096 MTConfig - ok
    21:11:50.0712 3096 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
    21:11:50.0712 3096 MTsensor - ok
    21:11:50.0728 3096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:11:50.0728 3096 Mup - ok
    21:11:50.0759 3096 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    21:11:50.0775 3096 napagent - ok
    21:11:50.0806 3096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:11:50.0821 3096 NativeWifiP - ok
    21:11:50.0868 3096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    21:11:50.0884 3096 NDIS - ok
    21:11:50.0899 3096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:11:50.0899 3096 NdisCap - ok
    21:11:50.0915 3096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:11:50.0915 3096 NdisTapi - ok
    21:11:50.0931 3096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:11:50.0931 3096 Ndisuio - ok
    21:11:50.0946 3096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:11:50.0946 3096 NdisWan - ok
    21:11:50.0977 3096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    21:11:50.0977 3096 NDProxy - ok
    21:11:50.0977 3096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:11:50.0977 3096 NetBIOS - ok
    21:11:51.0009 3096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    21:11:51.0024 3096 NetBT - ok
    21:11:51.0040 3096 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    21:11:51.0055 3096 Netlogon - ok
    21:11:51.0087 3096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    21:11:51.0102 3096 Netman - ok
    21:11:51.0133 3096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    21:11:51.0149 3096 netprofm - ok
    21:11:51.0196 3096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:11:51.0211 3096 NetTcpPortSharing - ok
    21:11:51.0227 3096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    21:11:51.0227 3096 nfrd960 - ok
    21:11:51.0274 3096 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    21:11:51.0274 3096 NisDrv - ok
    21:11:51.0383 3096 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:11:51.0399 3096 NisSrv - ok
    21:11:51.0414 3096 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    21:11:51.0430 3096 NlaSvc - ok
    21:11:51.0445 3096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:11:51.0445 3096 Npfs - ok
    21:11:51.0445 3096 npggsvc - ok
    21:11:51.0445 3096 NPPTNT2 - ok
    21:11:51.0477 3096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    21:11:51.0477 3096 nsi - ok
    21:11:51.0492 3096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:11:51.0492 3096 nsiproxy - ok
    21:11:51.0586 3096 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    21:11:51.0601 3096 Ntfs - ok
    21:11:51.0679 3096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:11:51.0679 3096 Null - ok
    21:11:52.0257 3096 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:11:52.0459 3096 nvlddmkm - ok
    21:11:52.0537 3096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    21:11:52.0553 3096 nvraid - ok
    21:11:52.0569 3096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    21:11:52.0569 3096 nvstor - ok
    21:11:52.0647 3096 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
    21:11:52.0662 3096 nvsvc - ok
    21:11:52.0678 3096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    21:11:52.0693 3096 nv_agp - ok
    21:11:52.0709 3096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:11:52.0709 3096 ohci1394 - ok
    21:11:52.0787 3096 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:11:52.0787 3096 ose - ok
    21:11:52.0818 3096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:11:52.0834 3096 p2pimsvc - ok
    21:11:52.0865 3096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    21:11:52.0881 3096 p2psvc - ok
    21:11:52.0881 3096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    21:11:52.0896 3096 Parport - ok
    21:11:52.0912 3096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    21:11:52.0912 3096 partmgr - ok
    21:11:52.0927 3096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    21:11:52.0927 3096 PcaSvc - ok
    21:11:52.0943 3096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    21:11:52.0943 3096 pci - ok
    21:11:52.0959 3096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    21:11:52.0959 3096 pciide - ok
    21:11:52.0974 3096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:11:52.0990 3096 pcmcia - ok
    21:11:53.0005 3096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:11:53.0005 3096 pcw - ok
    21:11:53.0037 3096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:11:53.0052 3096 PEAUTH - ok
    21:11:53.0115 3096 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
    21:11:53.0161 3096 PeerDistSvc - ok
    21:11:53.0208 3096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    21:11:53.0224 3096 PerfHost - ok
    21:11:53.0349 3096 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    21:11:53.0380 3096 pla - ok
    21:11:53.0411 3096 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
    21:11:53.0427 3096 PlugPlay - ok
    21:11:53.0427 3096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    21:11:53.0427 3096 PNRPAutoReg - ok
    21:11:53.0458 3096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    21:11:53.0458 3096 PNRPsvc - ok
    21:11:53.0489 3096 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    21:11:53.0505 3096 PolicyAgent - ok
    21:11:53.0520 3096 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    21:11:53.0520 3096 Power - ok
    21:11:53.0567 3096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    21:11:53.0567 3096 PptpMiniport - ok
    21:11:53.0583 3096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    21:11:53.0583 3096 Processor - ok
    21:11:53.0598 3096 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    21:11:53.0614 3096 ProfSvc - ok
    21:11:53.0629 3096 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    21:11:53.0629 3096 ProtectedStorage - ok
    21:11:53.0661 3096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    21:11:53.0661 3096 Psched - ok
     
  18. Jerevicious

    Jerevicious TS Rookie Topic Starter

    21:11:53.0739 3096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    21:11:53.0770 3096 ql2300 - ok
    21:11:53.0832 3096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:11:53.0848 3096 ql40xx - ok
    21:11:53.0863 3096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    21:11:53.0879 3096 QWAVE - ok
    21:11:53.0895 3096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:11:53.0895 3096 QWAVEdrv - ok
    21:11:53.0895 3096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:11:53.0910 3096 RasAcd - ok
    21:11:53.0926 3096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:11:53.0926 3096 RasAgileVpn - ok
    21:11:53.0941 3096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    21:11:53.0941 3096 RasAuto - ok
    21:11:53.0957 3096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:11:53.0957 3096 Rasl2tp - ok
    21:11:53.0988 3096 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    21:11:54.0004 3096 RasMan - ok
    21:11:54.0019 3096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:11:54.0019 3096 RasPppoe - ok
    21:11:54.0035 3096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:11:54.0035 3096 RasSstp - ok
    21:11:54.0051 3096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    21:11:54.0082 3096 rdbss - ok
    21:11:54.0097 3096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:11:54.0097 3096 rdpbus - ok
    21:11:54.0113 3096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:11:54.0113 3096 RDPCDD - ok
    21:11:54.0129 3096 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    21:11:54.0144 3096 RDPDR - ok
    21:11:54.0144 3096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:11:54.0144 3096 RDPENCDD - ok
    21:11:54.0160 3096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:11:54.0160 3096 RDPREFMP - ok
    21:11:54.0175 3096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    21:11:54.0191 3096 RDPWD - ok
    21:11:54.0207 3096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    21:11:54.0222 3096 rdyboost - ok
    21:11:54.0253 3096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    21:11:54.0253 3096 RemoteAccess - ok
    21:11:54.0285 3096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    21:11:54.0285 3096 RemoteRegistry - ok
    21:11:54.0347 3096 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:11:54.0347 3096 RFCOMM - ok
    21:11:54.0363 3096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    21:11:54.0363 3096 RpcEptMapper - ok
    21:11:54.0378 3096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    21:11:54.0378 3096 RpcLocator - ok
    21:11:54.0409 3096 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    21:11:54.0409 3096 RpcSs - ok
    21:11:54.0425 3096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:11:54.0425 3096 rspndr - ok
    21:11:54.0441 3096 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    21:11:54.0441 3096 s3cap - ok
    21:11:54.0456 3096 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    21:11:54.0456 3096 SamSs - ok
    21:11:54.0472 3096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    21:11:54.0472 3096 sbp2port - ok
    21:11:54.0503 3096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    21:11:54.0519 3096 SCardSvr - ok
    21:11:54.0534 3096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    21:11:54.0534 3096 scfilter - ok
    21:11:54.0597 3096 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
    21:11:54.0628 3096 Schedule - ok
    21:11:54.0643 3096 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    21:11:54.0643 3096 SCPolicySvc - ok
    21:11:54.0675 3096 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    21:11:54.0675 3096 SDRSVC - ok
    21:11:54.0721 3096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:11:54.0721 3096 secdrv - ok
    21:11:54.0737 3096 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    21:11:54.0737 3096 seclogon - ok
    21:11:54.0753 3096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    21:11:54.0753 3096 SENS - ok
    21:11:54.0768 3096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    21:11:54.0768 3096 SensrSvc - ok
    21:11:54.0784 3096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    21:11:54.0784 3096 Serenum - ok
    21:11:54.0815 3096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    21:11:54.0815 3096 Serial - ok
    21:11:54.0831 3096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    21:11:54.0831 3096 sermouse - ok
    21:11:54.0846 3096 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    21:11:54.0846 3096 SessionEnv - ok
    21:11:54.0862 3096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    21:11:54.0862 3096 sffdisk - ok
    21:11:54.0877 3096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    21:11:54.0877 3096 sffp_mmc - ok
    21:11:54.0893 3096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    21:11:54.0893 3096 sffp_sd - ok
    21:11:54.0893 3096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:11:54.0893 3096 sfloppy - ok
    21:11:54.0955 3096 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    21:11:54.0955 3096 SharedAccess - ok
    21:11:54.0987 3096 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    21:11:55.0002 3096 ShellHWDetection - ok
    21:11:55.0018 3096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:11:55.0018 3096 SiSRaid2 - ok
    21:11:55.0018 3096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:11:55.0018 3096 SiSRaid4 - ok
    21:11:55.0033 3096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:11:55.0049 3096 Smb - ok
    21:11:55.0065 3096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    21:11:55.0065 3096 SNMPTRAP - ok
    21:11:55.0080 3096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:11:55.0080 3096 spldr - ok
    21:11:55.0111 3096 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
    21:11:55.0127 3096 Spooler - ok
    21:11:55.0283 3096 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    21:11:55.0345 3096 sppsvc - ok
    21:11:55.0408 3096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    21:11:55.0408 3096 sppuinotify - ok
    21:11:55.0501 3096 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    21:11:55.0501 3096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    21:11:55.0501 3096 sptd ( LockedFile.Multi.Generic ) - warning
    21:11:55.0501 3096 sptd - detected LockedFile.Multi.Generic (1)
    21:11:55.0548 3096 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
    21:11:55.0548 3096 srv - ok
    21:11:55.0579 3096 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
    21:11:55.0595 3096 srv2 - ok
    21:11:55.0611 3096 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
    21:11:55.0611 3096 srvnet - ok
    21:11:55.0642 3096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    21:11:55.0657 3096 SSDPSRV - ok
    21:11:55.0673 3096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    21:11:55.0689 3096 SstpSvc - ok
    21:11:55.0782 3096 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    21:11:55.0782 3096 Stereo Service - ok
    21:11:55.0798 3096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    21:11:55.0798 3096 stexstor - ok
    21:11:55.0845 3096 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    21:11:55.0860 3096 stisvc - ok
    21:11:55.0891 3096 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    21:11:55.0891 3096 storflt - ok
    21:11:55.0891 3096 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
    21:11:55.0907 3096 StorSvc - ok
    21:11:55.0923 3096 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    21:11:55.0923 3096 storvsc - ok
    21:11:55.0923 3096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    21:11:55.0938 3096 swenum - ok
    21:11:55.0969 3096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    21:11:55.0985 3096 swprv - ok
    21:11:56.0079 3096 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    21:11:56.0110 3096 SysMain - ok
    21:11:56.0172 3096 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    21:11:56.0172 3096 TabletInputService - ok
    21:11:56.0188 3096 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    21:11:56.0203 3096 TapiSrv - ok
    21:11:56.0219 3096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    21:11:56.0235 3096 TBS - ok
    21:11:56.0328 3096 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
    21:11:56.0359 3096 Tcpip - ok
    21:11:56.0469 3096 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
    21:11:56.0484 3096 TCPIP6 - ok
    21:11:56.0515 3096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    21:11:56.0515 3096 tcpipreg - ok
    21:11:56.0531 3096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:11:56.0531 3096 TDPIPE - ok
    21:11:56.0547 3096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    21:11:56.0547 3096 TDTCP - ok
    21:11:56.0562 3096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    21:11:56.0562 3096 tdx - ok
    21:11:56.0578 3096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    21:11:56.0578 3096 TermDD - ok
    21:11:56.0625 3096 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    21:11:56.0640 3096 TermService - ok
    21:11:56.0656 3096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    21:11:56.0656 3096 Themes - ok
    21:11:56.0687 3096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    21:11:56.0687 3096 THREADORDER - ok
    21:11:56.0703 3096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    21:11:56.0703 3096 TrkWks - ok
    21:11:56.0718 3096 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    21:11:56.0734 3096 TrustedInstaller - ok
    21:11:56.0749 3096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:11:56.0749 3096 tssecsrv - ok
    21:11:56.0765 3096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    21:11:56.0781 3096 tunnel - ok
    21:11:56.0781 3096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    21:11:56.0781 3096 uagp35 - ok
    21:11:56.0812 3096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    21:11:56.0827 3096 udfs - ok
    21:11:56.0843 3096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    21:11:56.0859 3096 UI0Detect - ok
    21:11:56.0859 3096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    21:11:56.0859 3096 uliagpkx - ok
    21:11:56.0890 3096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    21:11:56.0890 3096 umbus - ok
    21:11:56.0890 3096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    21:11:56.0890 3096 UmPass - ok
    21:11:56.0921 3096 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
    21:11:56.0937 3096 UmRdpService - ok
    21:11:56.0968 3096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    21:11:56.0968 3096 upnphost - ok
    21:11:57.0015 3096 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:11:57.0015 3096 USBAAPL64 - ok
    21:11:57.0030 3096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:11:57.0030 3096 usbccgp - ok
    21:11:57.0046 3096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    21:11:57.0046 3096 usbcir - ok
    21:11:57.0061 3096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    21:11:57.0061 3096 usbehci - ok
    21:11:57.0093 3096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    21:11:57.0108 3096 usbhub - ok
    21:11:57.0108 3096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    21:11:57.0108 3096 usbohci - ok
    21:11:57.0124 3096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    21:11:57.0124 3096 usbprint - ok
    21:11:57.0155 3096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    21:11:57.0171 3096 usbscan - ok
    21:11:57.0186 3096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:11:57.0186 3096 USBSTOR - ok
    21:11:57.0202 3096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:11:57.0202 3096 usbuhci - ok
    21:11:57.0202 3096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    21:11:57.0217 3096 UxSms - ok
    21:11:57.0233 3096 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    21:11:57.0233 3096 VaultSvc - ok
    21:11:57.0249 3096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    21:11:57.0249 3096 vdrvroot - ok
    21:11:57.0280 3096 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    21:11:57.0295 3096 vds - ok
    21:11:57.0311 3096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:11:57.0311 3096 vga - ok
    21:11:57.0327 3096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:11:57.0327 3096 VgaSave - ok
    21:11:57.0342 3096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    21:11:57.0358 3096 vhdmp - ok
    21:11:57.0373 3096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    21:11:57.0373 3096 viaide - ok
    21:11:57.0389 3096 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    21:11:57.0405 3096 vmbus - ok
    21:11:57.0405 3096 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    21:11:57.0405 3096 VMBusHID - ok
    21:11:57.0436 3096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    21:11:57.0436 3096 volmgr - ok
    21:11:57.0451 3096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    21:11:57.0467 3096 volmgrx - ok
    21:11:57.0498 3096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    21:11:57.0498 3096 volsnap - ok
    21:11:57.0529 3096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:11:57.0529 3096 vsmraid - ok
    21:11:57.0607 3096 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    21:11:57.0639 3096 VSS - ok
    21:11:57.0717 3096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:11:57.0717 3096 vwifibus - ok
    21:11:57.0732 3096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:11:57.0732 3096 vwififlt - ok
    21:11:57.0748 3096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    21:11:57.0763 3096 W32Time - ok
    21:11:57.0795 3096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    21:11:57.0795 3096 WacomPen - ok
    21:11:57.0826 3096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    21:11:57.0826 3096 WANARP - ok
    21:11:57.0841 3096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    21:11:57.0841 3096 Wanarpv6 - ok
    21:11:57.0919 3096 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    21:11:57.0951 3096 wbengine - ok
    21:11:57.0997 3096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    21:11:58.0013 3096 WbioSrvc - ok
    21:11:58.0044 3096 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
    21:11:58.0060 3096 wcncsvc - ok
    21:11:58.0075 3096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    21:11:58.0075 3096 WcsPlugInService - ok
    21:11:58.0091 3096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    21:11:58.0091 3096 Wd - ok
    21:11:58.0138 3096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:11:58.0153 3096 Wdf01000 - ok
    21:11:58.0153 3096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:11:58.0169 3096 WdiServiceHost - ok
    21:11:58.0169 3096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    21:11:58.0169 3096 WdiSystemHost - ok
    21:11:58.0200 3096 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
    21:11:58.0216 3096 WebClient - ok
    21:11:58.0231 3096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    21:11:58.0247 3096 Wecsvc - ok
    21:11:58.0263 3096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    21:11:58.0263 3096 wercplsupport - ok
    21:11:58.0294 3096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    21:11:58.0294 3096 WerSvc - ok
    21:11:58.0309 3096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:11:58.0309 3096 WfpLwf - ok
    21:11:58.0341 3096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:11:58.0341 3096 WIMMount - ok
    21:11:58.0356 3096 WinDefend - ok
    21:11:58.0372 3096 WinHttpAutoProxySvc - ok
    21:11:58.0434 3096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    21:11:58.0450 3096 Winmgmt - ok
    21:11:58.0559 3096 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    21:11:58.0606 3096 WinRM - ok
    21:11:58.0699 3096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:11:58.0699 3096 WinUsb - ok
    21:11:58.0777 3096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    21:11:58.0809 3096 Wlansvc - ok
    21:11:58.0824 3096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:11:58.0824 3096 WmiAcpi - ok
    21:11:58.0840 3096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    21:11:58.0840 3096 wmiApSrv - ok
    21:11:58.0887 3096 WMPNetworkSvc - ok
    21:11:58.0902 3096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    21:11:58.0918 3096 WPCSvc - ok
    21:11:58.0933 3096 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    21:11:58.0933 3096 WPDBusEnum - ok
    21:11:58.0949 3096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:11:58.0949 3096 ws2ifsl - ok
    21:11:58.0980 3096 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    21:11:58.0980 3096 wscsvc - ok
    21:11:58.0980 3096 WSearch - ok
    21:11:59.0121 3096 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    21:11:59.0167 3096 wuauserv - ok
    21:11:59.0245 3096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    21:11:59.0245 3096 WudfPf - ok
    21:11:59.0277 3096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:11:59.0277 3096 WUDFRd - ok
    21:11:59.0292 3096 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    21:11:59.0292 3096 wudfsvc - ok
    21:11:59.0339 3096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    21:11:59.0355 3096 WwanSvc - ok
    21:11:59.0401 3096 xusb21 (5aa532bbac7e34186edff24f72bcd61b) C:\Windows\system32\DRIVERS\xusb21.sys
    21:11:59.0401 3096 xusb21 - ok
    21:11:59.0433 3096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:11:59.0604 3096 \Device\Harddisk0\DR0 - ok
    21:11:59.0620 3096 Boot (0x1200) (52a5c93792090bf8ddb4e4576127b67c) \Device\Harddisk0\DR0\Partition0
    21:11:59.0635 3096 \Device\Harddisk0\DR0\Partition0 - ok
    21:11:59.0635 3096 Boot (0x1200) (5e4aa99541610ee5ff2a9ae244ac241f) \Device\Harddisk0\DR0\Partition1
    21:11:59.0635 3096 \Device\Harddisk0\DR0\Partition1 - ok
    21:11:59.0635 3096 ============================================================
    21:11:59.0635 3096 Scan finished
    21:11:59.0635 3096 ============================================================
    21:11:59.0651 1068 Detected object count: 1
    21:11:59.0651 1068 Actual detected object count: 1
    21:12:03.0504 1068 sptd ( LockedFile.Multi.Generic ) - skipped by user
    21:12:03.0504 1068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  19. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good :)

    Re-run Combofix one more time.
     
  20. Jerevicious

    Jerevicious TS Rookie Topic Starter

    ComboFix 12-07-29.02 - TGizz 07/29/2012 21:21:53.2.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4095.3098 [GMT -4:00]
    Running from: c:\users\TGizz\Desktop\Applications\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 01:27 . 2012-07-30 01:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-29 23:50 . 2012-07-29 23:50 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D7E739-E0A2-4C03-B8AD-15AA484A5DF4}\offreg.dll
    2012-07-29 19:13 . 2012-07-29 19:14 -------- d-----w- C:\FRST
    2012-07-29 18:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-07-29 18:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-07-29 18:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-07-29 18:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-29 18:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-07-29 18:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-07-29 08:18 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{22839B2D-09BA-4526-8928-E63D9EB59D31}\gapaengine.dll
    2012-07-29 08:18 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04D7E739-E0A2-4C03-B8AD-15AA484A5DF4}\mpengine.dll
    2012-07-29 08:17 . 2012-07-29 08:17 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-29 08:17 . 2012-07-29 08:17 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-29 06:17 . 2012-07-29 06:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-28 06:54 . 2012-07-28 06:54 -------- d-----w- c:\program files (x86)\Grinding Gear Games
    2012-07-11 08:12 . 2012-07-11 08:14 -------- d-----w- c:\program files (x86)\World of Warcraft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 17:46 . 2010-03-15 03:29 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-29_17.52.19 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-01-26 13:09 . 2012-07-29 17:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-26 13:09 . 2012-07-29 18:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-29 05:57 . 2012-07-29 18:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072920120730\index.dat
    + 2012-01-26 13:09 . 2012-07-29 18:55 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-07-29 18:00 . 2012-06-02 22:15 99840 c:\windows\system32\wudriver.dll
    - 2009-07-14 00:34 . 2009-07-14 01:39 36864 c:\windows\system32\wuapp.exe
    + 2012-07-29 18:00 . 2012-06-02 19:15 36864 c:\windows\system32\wuapp.exe
    + 2011-07-25 23:37 . 2012-07-29 19:07 18866 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-29 23:52 28228 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-06-02 19:19 . 2012-06-02 19:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
    - 2010-03-15 02:51 . 2012-07-29 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-03-15 02:51 . 2012-07-29 23:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2012-07-29 19:01 70792 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2012-03-17 22:03 . 2012-07-29 18:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-17 22:03 . 2012-07-29 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-03-17 22:03 . 2012-07-29 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-03-17 22:03 . 2012-07-29 18:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2012-03-17 22:03 . 2012-07-29 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2012-03-17 22:03 . 2012-07-29 18:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2010-03-15 02:51 . 2012-07-29 23:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-03-15 02:51 . 2012-07-29 17:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-03-15 02:51 . 2012-07-29 23:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-03-15 02:51 . 2012-07-29 17:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-03-15 02:51 . 2012-07-29 23:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-03-15 02:51 . 2012-07-29 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-03-15 02:51 . 2012-07-29 23:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-03-15 02:51 . 2012-07-29 16:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-03-22 15:35 . 2012-07-29 23:52 9702 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3568411142-4073580314-4145923839-1000_UserData.bin
    + 2011-12-04 01:56 . 2012-07-29 23:49 1853 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    - 2011-12-04 01:56 . 2012-07-29 17:50 1853 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
    + 2012-07-29 23:50 . 2012-07-29 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-07-29 17:51 . 2012-07-29 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-29 23:50 . 2012-07-29 23:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-29 17:51 . 2012-07-29 17:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-07-29 18:55 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-07-29 17:52 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-07-29 18:00 . 2012-06-02 19:19 186752 c:\windows\system32\wuwebv.dll
    + 2009-07-14 02:36 . 2012-07-29 18:23 617222 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:15 617222 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-07-29 16:15 104496 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-29 18:23 104496 c:\windows\system32\perfc009.dat
    - 2010-03-15 05:39 . 2012-07-29 05:47 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-03-15 05:39 . 2012-07-29 18:21 147456 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-07-29 05:47 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-29 18:21 196608 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 05:01 . 2012-06-18 04:15 340220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-29 23:49 340220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-07-29 18:55 5128192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-29 17:41 5128192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-29 17:41 1327104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-29 18:55 1327104 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 02:34 . 2012-07-30 00:04 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2010-03-15 05:39 . 2012-07-29 18:21 2146304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-03-15 05:39 . 2012-07-29 05:47 2146304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:45 . 2012-07-29 18:23 3578361 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2009-07-14 04:45 . 2012-02-25 06:22 3578361 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    - 2012-04-29 23:40 . 2012-06-18 04:15 5644110 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3568411142-4073580314-4145923839-1000-8192.dat
    + 2012-04-29 23:40 . 2012-07-29 23:49 5644110 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3568411142-4073580314-4145923839-1000-8192.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "D-Link RangeBooster G WDA-2320"="c:\program files (x86)\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe" [2007-08-29 1662976]
    "ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-6-4 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 136176]
    R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3ABvx.sys [2007-08-02 924672]
    R3 ALSysIO;ALSysIO;c:\users\TGizz\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 dump_wmimmc;dump_wmimmc;c:\games\Pangya\GameGuard\dump_wmimmc.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-22 834544]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 90648475
    *Deregistered* - 90648475
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 19:55]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 19:55]
    .
    2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000Core.job
    - c:\users\TGizz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 22:35]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568411142-4073580314-4145923839-1000UA.job
    - c:\users\TGizz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 22:35]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\TGizz\AppData\Roaming\Mozilla\Firefox\Profiles\f5eond7y.default\
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3568411142-4073580314-4145923839-1000\Software\SecuROM\License information*]
    "datasecu"=hex:6d,19,ad,42,de,53,e0,ea,2a,3f,58,51,67,78,01,a3,28,9f,a5,1a,ec,
    8c,16,d6,5c,8e,b1,bb,37,75,de,4c,df,e2,e7,7b,85,99,17,b3,77,16,f6,9d,43,46,\
    "rkeysecu"=hex:f0,46,92,75,6a,dc,03,c9,b3,72,2c,cf,68,42,31,a0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-29 21:29:09
    ComboFix-quarantined-files.txt 2012-07-30 01:29
    ComboFix2.txt 2012-07-29 18:04
    .
    Pre-Run: 393,826,926,592 bytes free
    Post-Run: 393,763,381,248 bytes free
    .
    - - End Of File - - 4A07792FCC23A8FC3459650D38EF162B
     
  21. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good :)

    ...and MBAM one more time.
     
  22. Jerevicious

    Jerevicious TS Rookie Topic Starter

    Haven't gotten back to this PC today. Just ran now.


    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    TGizz :: POSEIDON [administrator]

    7/31/2012 2:37:35 AM
    mbam-log-2012-07-31 (02-37-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 193187
    Time elapsed: 1 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Yay!!! Does this mean we're clean? :)
     
  23. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Looks good to me :)

    Couple more scans to make sure....

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.